Advertisement
GeorgeSOFT

SSL routines:ssl3_get_record:decryption failed or bad record mac) while SSL handshaking to upstream

Jan 19th, 2023 (edited)
845
0
Never
2
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 5.65 KB | Help | 0 0
  1. user  nginx;
  2. worker_processes  auto;
  3.  
  4. error_log  /var/log/nginx/error.log warn;
  5. pid        /var/run/nginx.pid;
  6.  
  7.  
  8. load_module modules/ndk_http_module.so;
  9. load_module modules/ngx_http_lua_module.so;
  10.  
  11. events {
  12.     worker_connections  1024;
  13. }
  14.  
  15.  
  16. http {
  17.  
  18. proxy_read_timeout 3600;
  19. keepalive_timeout 10m;
  20. proxy_connect_timeout  600s;
  21. fastcgi_send_timeout 600s;
  22. send_timeout 600;
  23. fastcgi_read_timeout 600s;
  24.  
  25. lua_package_path "./lua/?.lua;;";
  26. #    include       /etc/nginx/mime.types;
  27.     default_type  application/octet-stream;
  28.  
  29. #    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  30.  #                     '$status $body_bytes_sent "$http_referer" '
  31.   #                    '"$http_user_agent" "$http_x_forwarded_for"'
  32.  
  33.  
  34. log_format main2 '$remote_addr - $remote_user [$time_local] '
  35.     '\n\n"$request" \n status: $status body_bytes_sent: $body_bytes_sent '
  36.     '\n\n http_referer:  "$http_referer" \n "$http_user_agent" $request_time '
  37.     '\n\n req_headers: \n "$req_headers" \n\n req_body: \n "$req_body" \n\n resp_body: \n "$resp_body"';
  38.  
  39.  
  40.     access_log  /var/log/nginx/access.log  main2;
  41.  
  42.     sendfile        on;
  43.     #tcp_nopush     on;
  44.  
  45. #    keepalive_timeout  65;
  46.  
  47.     #gzip  on;
  48.  
  49. #    include /etc/nginx/conf.d/*.conf;
  50. server {
  51.         server_name XXXXXXX.RU;
  52.         listen 80;
  53.  
  54.  
  55.   lua_need_request_body on;
  56.  
  57.        
  58.         set $resp_body "";
  59.         set $req_body "";
  60.         set $req_headers "";
  61.  
  62.         client_body_buffer_size 16k;
  63.         client_max_body_size 16k;
  64.  
  65.         rewrite_by_lua_block {
  66.             local req_headers = "Headers: ";
  67.             ngx.var.req_body = ngx.req.get_body_data();
  68.             local h, err = ngx.req.get_headers()
  69.             for k, v in pairs(h) do
  70.                 req_headers = req_headers .. k .. ": " .. v .. "\n";
  71.             end
  72.  
  73.             ngx.var.req_headers = req_headers;
  74.         }
  75.  
  76.         body_filter_by_lua '
  77.        local resp_body = string.sub(ngx.arg[1], 1, 1000)
  78.        ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body
  79.        if ngx.arg[2] then
  80.          ngx.var.resp_body = ngx.ctx.buffered
  81.        end
  82.        ';
  83.  
  84.  
  85.         location /  {
  86.                 proxy_pass https://XXXXXXX.RU;
  87.                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  88. #               proxy_set_header Host $http_host;
  89.                 proxy_set_header Cookie $http_cookie;
  90.  
  91.  
  92.                 proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  93.                 proxy_ssl_ciphers GOST2012-GOST8912-GOST8912:HIGH:MEDIUM;
  94.                 proxy_ssl_certificate /etc/nginx/ssl/ivanovIvanIvanovich.pem;
  95.                 proxy_ssl_certificate_key /etc/nginx/ssl/prkeyunitIvanov.key;
  96.                 proxy_ssl_server_name on;
  97. #               proxy_redirect off;
  98.        
  99. #               root   html;
  100. #               index  index.html index.htm;
  101.             }      
  102.     }
  103.  
  104. server {
  105. #       server_name XXXXXXX.RU;
  106.        listen 8080;
  107.  
  108.  
  109.  
  110.  lua_need_request_body on;
  111.        
  112.                 set $resp_body "";
  113.         set $req_body "";
  114.         set $req_headers "";
  115.  
  116.         client_body_buffer_size 16k;
  117.         client_max_body_size 16k;
  118.  
  119.         rewrite_by_lua_block {
  120.             local req_headers = "Headers: ";
  121.             ngx.var.req_body = ngx.req.get_body_data();
  122.             local h, err = ngx.req.get_headers()
  123.             for k, v in pairs(h) do
  124.                 req_headers = req_headers .. k .. ": " .. v .. "\n";
  125.             end
  126.  
  127.             ngx.var.req_headers = req_headers;
  128.         }
  129.  
  130.         body_filter_by_lua '
  131.        local resp_body = string.sub(ngx.arg[1], 1, 1000)
  132.        ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body
  133.        if ngx.arg[2] then
  134.          ngx.var.resp_body = ngx.ctx.buffered
  135.        end
  136.        ';
  137.  
  138.  
  139.  
  140.        location /  {
  141.  
  142.         proxy_pass https://XXXXXXX.RU;
  143.                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  144.                 proxy_set_header Cookie $http_cookie;
  145.                 proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  146.                 proxy_ssl_ciphers GOST2012-GOST8912-GOST8912:HIGH:MEDIUM;
  147.                 proxy_ssl_certificate /etc/nginx/ssl/PetrovIvanSemenovich.pem;
  148.                 proxy_ssl_certificate_key /etc/nginx/ssl/prkeyunitSemenovich.key;
  149.                 proxy_ssl_server_name on;
  150.                 }
  151.  
  152.     }
  153.  
  154. server {
  155. #       server_name XXXXXXX.RU;
  156.        listen 8585;
  157.  
  158.  
  159.  lua_need_request_body on;
  160.  
  161.             set $resp_body "";
  162.         set $req_body "";
  163.         set $req_headers "";
  164.  
  165.         client_body_buffer_size 16k;
  166.         client_max_body_size 16k;
  167.  
  168.         rewrite_by_lua_block {
  169.             local req_headers = "Headers: ";
  170.             ngx.var.req_body = ngx.req.get_body_data();
  171.             local h, err = ngx.req.get_headers()
  172.             for k, v in pairs(h) do
  173.                 req_headers = req_headers .. k .. ": " .. v .. "\n";
  174.             end
  175.  
  176.             ngx.var.req_headers = req_headers;
  177.         }
  178.  
  179.         body_filter_by_lua '
  180.        local resp_body = string.sub(ngx.arg[1], 1, 1000)
  181.        ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body
  182.        if ngx.arg[2] then
  183.          ngx.var.resp_body = ngx.ctx.buffered
  184.        end
  185.        ';
  186.  
  187.  
  188.  
  189.        location /  {
  190.  
  191.                 proxy_pass https://XXXXXXX.RU;
  192.                 proxy_ssl_server_name on;
  193.                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  194.                 proxy_set_header Cookie $http_cookie;
  195.                 proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  196.                 proxy_ssl_ciphers GOST2012-GOST8912-GOST8912:HIGH:MEDIUM;
  197.                 proxy_ssl_certificate /etc/nginx/ssl/Petrovich.pem;
  198.                 proxy_ssl_certificate_key /etc/nginx/ssl/prkeyunitPetrovich.key;
  199.  
  200.  
  201.  
  202.                 }
  203.  
  204.     }
  205.  
  206. }
  207.  
  208.  
  209.  
  210.  
  211.  
Tags: nginx Gmeter
Advertisement
Comments
  • GeorgeSOFT
    1 year
    # Nginx 0.57 KB | 0 0
    1. Лог в nginx выглядит следующим образом.
    2.  
    3. 2023/01/19 11:49:50 [error] 3218459#3218459: *255 SSL_do_handshake() failed (SSL: error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac) while SSL handshaking to upstream, client: XX.XXX.XXX.89, server: , request: "GET /INC/libraries-js.dsp;jsessionid=f1p4v6rzb4l2pmjswte5ng2q HTTP/1.1", upstream: "https://XX.XXX.X.XX:443/INC/libraries-js.dsp;jsessionid=f1p4v6rzb4l2pmjswte5ng2q", host: "XX.XXX.XX.XXX:8585", referrer: "http://XX.XXX.XX.XXX/INC/INC/scroller.zul?navigationId=D04_Client"
  • GeorgeSOFT
    1 year
    # HTML 0.63 KB | 0 0
    1. У себя же в Jmeter вижу, что возвращается так.
    2.  
    3. <html>
    4. <head><title>502 Bad Gateway</title></head>
    5. <body>
    6. <center><h1>502 Bad Gateway</h1></center>
    7. <hr><center>nginx/1.18.0 (Ubuntu)</center>
    8. </body>
    9. </html>
    10. <!-- a padding to disable MSIE and Chrome friendly error page -->
    11. <!-- a padding to disable MSIE and Chrome friendly error page -->
    12. <!-- a padding to disable MSIE and Chrome friendly error page -->
    13. <!-- a padding to disable MSIE and Chrome friendly error page -->
    14. <!-- a padding to disable MSIE and Chrome friendly error page -->
    15. <!-- a padding to disable MSIE and Chrome friendly error page -->
Add Comment
Please, Sign In to add comment
Advertisement