I hope I can at least get help diagnosing this.
I have an ASP.Net Core application in a Ubuntu headless VM (DigitalOcean
Droplet) using a page TLD (therefore I must use SSL) using Cloudflare.
When I execute it using:
dotnet domain.page.dll --launch-profile https
Then use:
curl -k https://127.0.0.1:5443
(the address that Kestrel is listening to) I get a page that I am
expecting. Therefore Kestrel and the application seem to be working.
Cloudflare is managing the domain name and I have a Cloudflare
certificate in the appsettings.json file. I hope that since Kestrel is
working it has accepted the certificate.
When I browse to the domain from another system (over the internet)
Cloudflare is saying 502 Bad Gateway and that the problem is in the
server. Is there a log somewhere showing the incoming request and more
details of the error?
The following is my server block.
server {
listen 443 ssl;
listen [::]:443 ssl;
#ssl_client_certificate /etc/ssl/cloudflare.crt;
ssl_certificate /etc/ssl/domain.crt;
ssl_certificate_key /etc/ssl/domain.pem;
server_name domain.page *.domain.page;
location / {
proxy_passhttp://127.0.0.1:5443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I get the same results if I uncomment the ssl_client_certificate.
Is there a way to determine with relative certainty that the 502 is
caused by something in nginx and not Cloudflare or Kestrel or the
application? Is there a way to get more details? If someone knows how to
fix the problem regardless of where and why it is happening then that
would be great help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230903/861ae917/attachment.htm>
On Sun, Sep 03, 2023 at 09:57:54PM -0700, Sam Hobbs wrote:
Hi there,
> curl -k https://127.0.0.1:5443
>
> (the address that Kestrel is listening to) I get a page that I am expecting.
> proxy_passhttp://127.0.0.1:5443;
You probably have a space after proxy_pass in your actual config; but
you probably should also have "https://" not "http://" there as well,
since your upstream service is listening for https connections.
> Is there a way to determine with relative certainty that the 502 is caused
> by something in nginx and not Cloudflare or Kestrel or the application? Is
> there a way to get more details? If someone knows how to fix the problem
> regardless of where and why it is happening then that would be great help.
The nginx error log should show its description of what it thinks is
happening; you can change the logging level to have more details written,
if that will help diagnose things.
And the port-5443 service should log something like "I got a http request
to a https port" wherever it writes its information.
Cheers,
f
--
Francis Daly francis at daoine.org
Francis Daly wrote on 9/4/2023 1:05 AM:
>> proxy_passhttp://127.0.0.1:5443;
> You probably have a space after proxy_pass in your actual config; but
> you probably should also have "https://" not "http://" there as well,
> since your upstream service is listening for https connections.
>
Thank you! It works.
Yes, there is a space in there. The formatting must have gotten messed
up in the message you received.