Why doesn't handshake work on some proxy pass sites on https?

B

bro-dev2020-11-27 06:57:46

Nginx

bro-dev, 2020-11-27 06:57:46

I start the server like this

spoiler

version: '3'
services:
  webserver:
    image: nginx:alpine
    restart: unless-stopped
    ports:
      - "80:80"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./logs.log:/var/log/nginx.log
    command: [nginx-debug, '-g', 'daemon off;']

nginx config

spoiler

events {}

error_log /var/log/nginx.log debug;

http {
    server {
        listen 80;
        location = /api/v1 {
            proxy_pass https://m.habr.com/kek/v2/articles/?sort=rating&fl=ru&hl=ru&page=2;
        }
        location = /api/v2 {
            proxy_pass https://dog.ceo/api/breeds/image/random;
        }
    }
}

then we check with a curl

spoiler

curl -v http://192.168.1.64/api/v1
curl -v http://192.168.1.64/api/v2

as a result, in the first case everything is fine, and in the second 502 and in the extended logs it writes

spoiler

2020/11/27 03:46:28 [error] 30#30: *3 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 192.168.1.44, server: , request: "GET /api/v2 HTTP/1.1", upstream: "https://104.26.4.148:443/api/breeds/image/random", host: "192.168.1.64"

With what it can be connected?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

ky0, 2020-11-27
@ky0

Try to include the correct Host header. Well, in general - where you are knocking, everything is fine with SSL?

D

dodo512, 2020-11-28
@dodo512

Allow name transfer via SNI.
nginx.org/ru/docs/http/ngx_http_proxy_module.html#...

location = /api/v2 {
    proxy_ssl_server_name on;
    proxy_pass https://dog.ceo/api/breeds/image/random;
}