I’m getting a “502 Bad Gateway” error after configuring a public proxy to a private web app running on localhost.
The nginx error log shows:
2024/08/15 13:56:18 [error] 17674#17674: *3 SSL_do_handshake() failed (SSL: error:0A000438:SSL routines::tlsv1 alert internal error:SSL alert number 80) while SSL handshaking to upstream, client: 192.168.19.113, server: testserver.home.private, request: “GET / HTTP/1.1”, upstream: “https://127.0.0.1:8081/”, host: “testserver.home.private”
The problem is the upstream directive from the nginx config is this:
proxy_pass https://app.internal:8081;
The app in question requires access by hostname and not ip address. manually navigating to https://app.internal:8081 from a terminal works fine while using the ip address fails.
The /etc/hosts file on the server maps app.internal to 127.0.0.1 correctly.
I’m concerned that if nginx is doing the resolving itself and getting an ip address that the proxy call will never work. Is there a way to turn off nginx dns queries so that the nginx proxy queries a domain name and not an ip address?
You need to pass the Host header so the app knows to respond to the app.internal. Depending on the server you are proxying to, you may need additional headers to make this work.
Here is a simple nginx server block that shows adding the header:
server {
listen 80;
listen [::]:80;
server_name app.public;
location / {
proxy_pass http://app.internal:8081/;
proxy_set_header Host "app.internal";
}
}
For more details:
- Nginx: when to use proxy_set_header Host $host vs $proxy_host
- https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header
Soarinferret is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.