Nginx error while SSL handshaking to upstream resolved with ease.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team recently helped a customer with the commonly seen error while SSL handshaking to upstream.

How to resolve Nginx error while SSL handshaking to upstream

Every SSL connection needs a full SSL handshake between the server and the client. Additionally, this is a CPU-intensive process.

Unfortunately, sometimes we come across an error while using Nginx as the Apache reverse proxy. For instance, the error log file will look like this in this scenario:

[error] SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 0.0.0.0, server: www.domain.tld, request: “GET / HTTP/1.1”, upstream: “https://127.0.0.1:4343/”, host: “www.domain.tld”

According to our Support Team, we need to have a dedicated IP address per host if we are using SSL. In fact, the above example shows how the request is being sent to the localhost IP, thereby resulting in the error.

Furthermore, these steps will help us avoid the Nginx error:

1. First, ensure the Apache vHost or site responds on the non-standard port. We can browse to https://www.domain.tld:4343 to verify this.
2. Then, if the loading occurs accurately, we have to note the IP address within the <VirtualHost 0.0.0.0:4343> of the SSL vHost. We can also opt to double-check the Apache configuration instead.
3. After that, we have to ensure that the IP address we noted in the previous step is present in the “proxy_pass https://0.0.0.0:4343;“ statement under the Nginx SSL vHost configuration.

[Stuck with another query? We are available 24/7.]

Conclusion

To sum up, the skilled Support Engineers at Bobcares demonstrated how to resolve the Nginx error while SSL handshaking to upstream without any additional trouble.