API tools faq
paste
Advertisement
GeorgeSOFT

SSL routines:ssl3_get_record:decryption failed or bad record mac) while SSL handshaking to upstream

GeorgeSOFT
Jan 19th, 2023 (edited)
345
0
Never
2
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 5.65 KB | Help | 0 0
raw download clone embed print report
  1. user  nginx;
  2. worker_processes  auto;
  3.  
  4. error_log  /var/log/nginx/error.log warn;
  5. pid        /var/run/nginx.pid;
  6.  
  7.  
  8. load_module modules/ndk_http_module.so;
  9. load_module modules/ngx_http_lua_module.so;
  10.  
  11. events {
  12.     worker_connections  1024;
  13. }
  14.  
  15.  
  16. http {
  17.  
  18. proxy_read_timeout 3600;
  19. keepalive_timeout 10m;
  20. proxy_connect_timeout  600s;
  21. fastcgi_send_timeout 600s;
  22. send_timeout 600;
  23. fastcgi_read_timeout 600s;
  24.  
  25. lua_package_path "./lua/?.lua;;";
  26. #    include       /etc/nginx/mime.types;
  27.     default_type  application/octet-stream;
  28.  
  29. #    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  30.  #                     '$status $body_bytes_sent "$http_referer" '
  31.   #                    '"$http_user_agent" "$http_x_forwarded_for"'
  32.  
  33.  
  34. log_format main2 '$remote_addr - $remote_user [$time_local] '
  35.     '\n\n"$request" \n status: $status body_bytes_sent: $body_bytes_sent '
  36.     '\n\n http_referer:  "$http_referer" \n "$http_user_agent" $request_time '
  37.     '\n\n req_headers: \n "$req_headers" \n\n req_body: \n "$req_body" \n\n resp_body: \n "$resp_body"';
  38.  
  39.  
  40.     access_log  /var/log/nginx/access.log  main2;
  41.  
  42.     sendfile        on;
  43.     #tcp_nopush     on;
  44.  
  45. #    keepalive_timeout  65;
  46.  
  47.     #gzip  on;
  48.  
  49. #    include /etc/nginx/conf.d/*.conf;
  50. server {
  51.         server_name XXXXXXX.RU;
  52.         listen 80;
  53.  
  54.  
  55.   lua_need_request_body on;
  56.  
  57.        
  58.         set $resp_body "";
  59.         set $req_body "";
  60.         set $req_headers "";
  61.  
  62.         client_body_buffer_size 16k;
  63.         client_max_body_size 16k;
  64.  
  65.         rewrite_by_lua_block {
  66.             local req_headers = "Headers: ";
  67.             ngx.var.req_body = ngx.req.get_body_data();
  68.             local h, err = ngx.req.get_headers()
  69.             for k, v in pairs(h) do
  70.                 req_headers = req_headers .. k .. ": " .. v .. "\n";
  71.             end
  72.  
  73.             ngx.var.req_headers = req_headers;
  74.         }
  75.  
  76.         body_filter_by_lua '
  77.        local resp_body = string.sub(ngx.arg[1], 1, 1000)
  78.        ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body
  79.        if ngx.arg[2] then
  80.          ngx.var.resp_body = ngx.ctx.buffered
  81.        end
  82.        ';
  83.  
  84.  
  85.         location /  {
  86.                 proxy_pass https://XXXXXXX.RU;
  87.                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  88. #               proxy_set_header Host $http_host;
  89.                 proxy_set_header Cookie $http_cookie;
  90.  
  91.  
  92.                 proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  93.                 proxy_ssl_ciphers GOST2012-GOST8912-GOST8912:HIGH:MEDIUM;
  94.                 proxy_ssl_certificate /etc/nginx/ssl/ivanovIvanIvanovich.pem;
  95.                 proxy_ssl_certificate_key /etc/nginx/ssl/prkeyunitIvanov.key;
  96.                 proxy_ssl_server_name on;
  97. #               proxy_redirect off;
  98.        
  99. #               root   html;
  100. #               index  index.html index.htm;
  101.             }      
  102.     }
  103.  
  104. server {
  105. #       server_name XXXXXXX.RU;
  106.        listen 8080;
  107.  
  108.  
  109.  
  110.  lua_need_request_body on;
  111.        
  112.                 set $resp_body "";
  113.         set $req_body "";
  114.         set $req_headers "";
  115.  
  116.         client_body_buffer_size 16k;
  117.         client_max_body_size 16k;
  118.  
  119.         rewrite_by_lua_block {
  120.             local req_headers = "Headers: ";
  121.             ngx.var.req_body = ngx.req.get_body_data();
  122.             local h, err = ngx.req.get_headers()
  123.             for k, v in pairs(h) do
  124.                 req_headers = req_headers .. k .. ": " .. v .. "\n";
  125.             end
  126.  
  127.             ngx.var.req_headers = req_headers;
  128.         }
  129.  
  130.         body_filter_by_lua '
  131.        local resp_body = string.sub(ngx.arg[1], 1, 1000)
  132.        ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body
  133.        if ngx.arg[2] then
  134.          ngx.var.resp_body = ngx.ctx.buffered
  135.        end
  136.        ';
  137.  
  138.  
  139.  
  140.        location /  {
  141.  
  142.         proxy_pass https://XXXXXXX.RU;
  143.                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  144.                 proxy_set_header Cookie $http_cookie;
  145.                 proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  146.                 proxy_ssl_ciphers GOST2012-GOST8912-GOST8912:HIGH:MEDIUM;
  147.                 proxy_ssl_certificate /etc/nginx/ssl/PetrovIvanSemenovich.pem;
  148.                 proxy_ssl_certificate_key /etc/nginx/ssl/prkeyunitSemenovich.key;
  149.                 proxy_ssl_server_name on;
  150.                 }
  151.  
  152.     }
  153.  
  154. server {
  155. #       server_name XXXXXXX.RU;
  156.        listen 8585;
  157.  
  158.  
  159.  lua_need_request_body on;
  160.  
  161.             set $resp_body "";
  162.         set $req_body "";
  163.         set $req_headers "";
  164.  
  165.         client_body_buffer_size 16k;
  166.         client_max_body_size 16k;
  167.  
  168.         rewrite_by_lua_block {
  169.             local req_headers = "Headers: ";
  170.             ngx.var.req_body = ngx.req.get_body_data();
  171.             local h, err = ngx.req.get_headers()
  172.             for k, v in pairs(h) do
  173.                 req_headers = req_headers .. k .. ": " .. v .. "\n";
  174.             end
  175.  
  176.             ngx.var.req_headers = req_headers;
  177.         }
  178.  
  179.         body_filter_by_lua '
  180.        local resp_body = string.sub(ngx.arg[1], 1, 1000)
  181.        ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body
  182.        if ngx.arg[2] then
  183.          ngx.var.resp_body = ngx.ctx.buffered
  184.        end
  185.        ';
  186.  
  187.  
  188.  
  189.        location /  {
  190.  
  191.                 proxy_pass https://XXXXXXX.RU;
  192.                 proxy_ssl_server_name on;
  193.                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  194.                 proxy_set_header Cookie $http_cookie;
  195.                 proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  196.                 proxy_ssl_ciphers GOST2012-GOST8912-GOST8912:HIGH:MEDIUM;
  197.                 proxy_ssl_certificate /etc/nginx/ssl/Petrovich.pem;
  198.                 proxy_ssl_certificate_key /etc/nginx/ssl/prkeyunitPetrovich.key;
  199.  
  200.  
  201.  
  202.                 }
  203.  
  204.     }
  205.  
  206. }
  207.  
  208.  
  209.  
  210.  
  211.  
Tags: nginx Gmeter
Advertisement
Comments
  • GeorgeSOFT
    GeorgeSOFT
    1 year
    # Nginx 0.57 KB | 0 0
    view report reply
    1. Лог в nginx выглядит следующим образом.
    2.  
    3. 2023/01/19 11:49:50 [error] 3218459#3218459: *255 SSL_do_handshake() failed (SSL: error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac) while SSL handshaking to upstream, client: XX.XXX.XXX.89, server: , request: "GET /INC/libraries-js.dsp;jsessionid=f1p4v6rzb4l2pmjswte5ng2q HTTP/1.1", upstream: "https://XX.XXX.X.XX:443/INC/libraries-js.dsp;jsessionid=f1p4v6rzb4l2pmjswte5ng2q", host: "XX.XXX.XX.XXX:8585", referrer: "http://XX.XXX.XX.XXX/INC/INC/scroller.zul?navigationId=D04_Client"
  • GeorgeSOFT
    GeorgeSOFT
    1 year
    # HTML 0.63 KB | 0 0
    view report reply
    1. У себя же в Jmeter вижу, что возвращается так.
    2.  
    3. <html>
    4. <head><title>502 Bad Gateway</title></head>
    5. <body>
    6. <center><h1>502 Bad Gateway</h1></center>
    7. <hr><center>nginx/1.18.0 (Ubuntu)</center>
    8. </body>
    9. </html>
    10. <!-- a padding to disable MSIE and Chrome friendly error page -->
    11. <!-- a padding to disable MSIE and Chrome friendly error page -->
    12. <!-- a padding to disable MSIE and Chrome friendly error page -->
    13. <!-- a padding to disable MSIE and Chrome friendly error page -->
    14. <!-- a padding to disable MSIE and Chrome friendly error page -->
    15. <!-- a padding to disable MSIE and Chrome friendly error page -->
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!