K
Q

Nginx Bad Gateway 502 when accessing istio-envoy deployed on kubernetes

3/7/2020

My web application is running on One Server and two worker nodes

my nginx config file is

server {

listen ip-address:80 ;

      server_name subdomain.domain.com;
    server_name www.subdomain.domain.com;
    server_name ipv4.subdomain.domain.com;

location / {
proxy_pass http://ip-address:32038/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_http_version 1.1;


  fastcgi_read_timeout 3000;
}

}

server {

    listen ip-address:443 ssl http2;  

    server_name subdomain.domain.com;
    server_name www.subdomain.domain.com;
    server_name ipv4.subdomain.domain.com;

    ssl_certificate /opt/psa/var/certificates/scf83NyxP;
    ssl_certificate_key /opt/psa/var/certificates/scf83NyxP;
    ssl_client_certificate /opt/psa/var/certificates/scfrr8L8y;

    proxy_read_timeout 60;

    location / {
      proxy_pass https://ip-address:30588/;
      proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }

}

my website on http://subdomain.mydomain.com is running fine . but when i use https://subdomain.mydomain.com it displays bad gateway error page server by nginx

through ssh when i run following command everything works fine

For http

curl -v -HHost:subdomain.mydomain.com http://ip-address:32038

curl -v subdomain.mydomain.com

For https

curl -v -HHost:subdomain.mydomain.com https://subdomain.mydomain.com:30588

From server node SSH

curl -v -HHost:subdomain.mydomain.com --resolve subdomain.mydomain.com:30588:ip-address --cacert /opt/psa/var/certificates/scf83NyxP https://subdomain.mydomain.com:30588

Any help will be really appreciated.

Thanks

-- Shahid Mushtaq
istio
kubernetes
nginx

Similar Questions

how to persist keycloak in kubernetes custom themes
How to deploy daemonset with different resource limits in kubernetes?
Need clarification on WARN messages for CIS Benchmark results
How to use a token created in a secret in another resource?

1 Answer

3/7/2020

Without knowing anything about the backend service, I would guess that perhaps it is not equiped for HTTPS. You may simply need to change this line...

proxy_pass https://ip-address:30588/;

to...

proxy_pass http://ip-address:30588/;

If the backend service does in-fact need to be called by https (unusual), then we would need to see how that service in configured, as the nginx error suggests that it is not correctly processing the SSL connection.

-- user1751825
Source: StackOverflow