Ubuntu Question posted in
The official Ubuntu documentation can be found here.

How can I control the dns query of an nginx proxy_pass setup on a ubuntu server?

I’m getting a "502 Bad Gateway" error after configuring a public proxy to a private web app running on localhost.

The nginx error log shows:

2024/08/15 13:56:18 [error] 17674#17674: *3 SSL_do_handshake() failed (SSL: error:0A000438:SSL routines::tlsv1 alert internal error:SSL alert number 80) while SSL handshaking to upstream, client: 192.168.19.113, server: testserver.home.private, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8081/", host: "testserver.home.private"

The problem is the upstream directive from the nginx config is this:
proxy_pass https://app.internal:8081;

The app in question requires access by hostname and not ip address. manually navigating to https://app.internal:8081 from a terminal works fine while using the ip address fails.

The /etc/hosts file on the server maps app.internal to 127.0.0.1 correctly.

I’m concerned that if nginx is doing the resolving itself and getting an ip address that the proxy call will never work. Is there a way to turn off nginx dns queries so that the nginx proxy queries a domain name and not an ip address?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    The app required an additional setting.

    I needed:

    proxy_ssl_server_name on;

    Not sure if it is in addition to the Host header you mentioned.


  2. 0

    You need to pass the Host header so the app knows to respond to the app.internal. Depending on the server you are proxying to, you may need additional headers to make this work.

    Here is a simple nginx server block that shows adding the header:

    server {
    listen       80;
    listen  [::]:80;
    server_name  app.public;

    location / {
        proxy_pass http://app.internal:8081/;
        proxy_set_header Host "app.internal";
    }
}

    For more details:

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search