Nginx的 - 上游SSL - 同行中SSL握手關閉連接

Question

我收到此錯誤：

Error frontend: 502 Bad gateway

99.110.244:443

2017/09/28 13:03:51 [error] 34080#34080: *1062 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 10.210.0.81, server: webshop.izegem.be, request: "GET/HTTP/1.1", upstream: " https://10.1.10.61:443/ ", host: "webshop.domain.be"

配置：

 # Zone voor connection logging 
     limit_conn_zone $binary_remote_addr zone=izSSL_webshop-api_CZ:10m; 

     # Zone voor rate logging 
     # Hoge rate limit. x r/s is soms wat snel 
     # 10 MB (10m) will give us enough space to store a history of 160k requests. 
     limit_req_zone $binary_remote_addr zone=izSSL_webshop-api_RZ:10m rate=20r/s; 


upstream webshop_domain_be { 
     server webshop.domain.be:443; 
} 


server { 
     listen  443 ssl; 
     server_name webshop.domain.be webshop; 

     client_max_body_size 80M; 

     ssl_session_cache shared:webshopSSL:1m; 
     ssl_session_timeout 10m; 
     ssl_certificate /var/www/certs/webshop.domain.be/webshop.domain.be-chain.pem; 
     ssl_certificate_key /var/www/certs/webshop.domain.be/webshop.domain.be-key.pem; 
     ssl_verify_client off; 
     ssl_protocols  SSLv3 TLSv1 TLSv1.1 TLSv1.2; 

     ssl_ciphers RC4:HIGH:!aNULL:!MD5; 
     ssl_prefer_server_ciphers on; 


     location/{ 

       proxy_ssl_session_reuse off; 
       proxy_pass $scheme://webshop_domain_be; 

     } 
} 

nginx的版本：的nginx/1.10.3（Ubuntu的）

其他服務器（10.1.10.61）是IIS服務器與相同的證書，因爲我使用這個代理（正確嗎？）。這不是一個IIS問題;和代理服務器可以達到10.1.10.61/443端口

配置基於https://serverfault.com/questions/583374/configure-nginx-as-reverse-proxy-with-upstream-ssl

我使用讓我們的加密證書。

Answer 1

更改您的上游使用的IP

upstream webshop_domain_be { 
     server <IP>:443; 
} 

然後你proxy_pass塊變更爲

location/{ 
    proxy_ssl_session_reuse off; 
    proxy_ssl_server_name "webshop.domain.be"; 
    proxy_pass $scheme://webshop_domain_be; 
} 

如果以上不工作，然後添加proxy_ssl_server_name on;也到配置