nginx proxy, wget, and lynx all fail but openssl s_client and curl both work

Eric asked:

I’m trying to create a proxy in nginx and I’m having a weird problem. I’m trying to create an NGINX proxy that just works and ignores every cert problem, cert issue, cert thingy imaginable. I just want it to proxy the traffic regardless of how bad the cert is (and I know it’s pretty bad!)

It’s a pretty simply nginx config and if I try it against https://www.google.com I can proxy without any issue. If I try it against my real site I get a time out error. The site also won’t load in lynx or wget no matter what options I feed them to ignore cert errors.

The interesting thing is that the site loads fine in any typical browser and I’ve tested wtih IE, Chrome, and firefox. The site also loads fine in openssl s_client and with curl. But nginx, lynx, and wget all think they’re getting incomplete data and either time or or give errors like “No Data Recieved.”

Since NGINX is what I really want to get working, here’s my config:

server {
        listen 443;
        server_name funkytown;
        ssl_certificate           /etc/nginx/cert.crt;
        ssl_certificate_key       /etc/nginx/cert.key;
        ssl on;
        location / {
                proxy_pass https:// 174.47.225.118/;
                #proxy_pass https:// www.google.com;
        }
        location = /favicon.ico {
                return 204;
                access_log     off;
                log_not_found  off;
}
}

The nginx.conf is just the default for nginx version: nginx/1.4.6 (Ubuntu). This is a brand new install of ubuntu 14 running in AWS. I have no reason to this the server is weird in anyway.

If anybody can help me figure out why this simple proxy isn’t working you’ll be my hero! Bonus points for anybody that can figure out why this site fails in lynx and wget but works in curl and openssl.

Thanks in advance for any help!


I answered:

A quick look at the documentation found proxy_ssl_verify:

Enables or disables verification of the proxied HTTPS server certificate.

proxy_ssl_verify off;

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.