r/nginx

•

3 yr. ago

Reverse proxy TLS 1.3 on back end, how to?

Problem; with Nginx configured as a reverse proxy to a TLS 1.3 back end I get a 502 bad gateway error from clients connecting to the proxy and Nginx error log fills with this;

2022/05/11 08:41:34 [error] 28335#28335: *296 SSL_do_handshake() failed (SSL: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:SSL alert number 70) while SSL handshaking to upstream, client: xx.xx.xx.xx, server: something.example.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://xx.xx.xx.xx:443/favicon.ico", host: "something.example.com", referrer: "https://something.example.com/"

I already know if I allow TLS1.2 on the back end web server everything works.

I tried adding this to my reverse proxy configuration in the "server {" statement
proxy_ssl_protocol TLSv1.2 TLSv1.3;
That gets me this;
sudo nginx -t
nginx: [emerg] unknown directive "proxy_ssl_protocol" in /etc/nginx/sites-enabled/example.conf:21
nginx: configuration file /etc/nginx/nginx.conf test failed

I tried adding that to my server.conf in the "http {" section which gets me this error
sudo nginx -t
nginx: [emerg] unknown directive "proxy_ssl_protocol" in /etc/nginx/nginx.conf:36
nginx: configuration file /etc/nginx/nginx.conf test failed

Is that even the right statement? If so where do I put it?

meta

•

Promoted

Talk with Meta AI to get help planning the perfect night with friends.

Learn More

ai.meta.com

Clickable image which will reveal the video player: Talk with Meta AI to get help planning the perfect night with friends.

Sort by:

Best

Open comment sort options

Fireye

•

3y ago

The directive that you're looking for is proxy_ssl_protocols, note the s on the end. The documentation for it states that it is valid in the HTTP, Server and Location contexts.

More replies

Reverse proxy TLS 1.3 on back end, how to?

Comments Section

Reverse Proxy

Proper way of setting up reverse proxy

Me and my Reverse Proxy again...

Nginx reverse proxy and TLS configuration

function of proxy with tls 1.3

Which reverse proxy you will prefer and why ?

Do TLS 1.2 -> 1.3 forward proxies exist?

Nginx upstream proxy sends request in TLS 1.0

How to secure reverse proxy for homelab? What's your go-to resource for learning this?

Exposing services externally with Tailscale + Reverse Proxy, DNS rewrites for local network

nginx Reverse Proxy to forward ssl requests to another server

Your ps5 doesn't support IPv6

Dont understand how to expose a TCP (6379) non http/s port

Question regarding IPv6 Proxies

How do I get ipv6 DNS host names to resolve locally?

When will we get rid of 6:RD and go to a native IPV6 connection.

Fix usenet

Preventing VPN users accessing services on local network

Using .local or .lan for internal services using a proxy manager when i don't have a domain

[Linux] Help with "warning: Performance support disabled, consider sysctl dev.i915.perf_stream_paranoid=0"

Apache Proxypass to pass on only some urls in a domain?

Latest OpenSSL upgrade breaks OpenVPN config

Firewall upgrade

Drawbacks of BTRFS on LVM

Does nginx version 1.20.2 automatically forward client IPs?

Top Posts