How to proxy request through https


#1

Hi, I’m trying to proxy requests to an nginx reverse proxy configured with https.

When I create a service and set the protocol to https:

curl -XPATCH localhost:8001/services/${servicename/ -d "protocol=https"
curl -XPOST localhost:8001/services/${servicename}/routes -d "paths[]=/test-route"

And the test:

curl -XGET http://my.kong.example:8000/test-route

produces this log at nginx being a bad request.

nginx logs
nginx-proxy       | nginx.1    | _ - - - [03/Sep/2018:19:42:45 +0000] "\x16\x03\x01\x01_\x01\x00\x01[\x03\x03i\xAA\xADd1\x0C\x9B_\x1E\x82\x9AD\xD9f\xD9\xF4\xE3\x16\xDCbgX{\xC7Ri\xCA\x91\x9DQ_>\x00\x00\xB0\xC00\xC0,\xC0(\xC0$\xC0\x14\xC0" 400 173 "-" "-"
nginx-proxy       | nginx.1    | _ - - - [03/Sep/2018:19:42:45 +0000] "\x16\x03\x01\x01_\x01\x00\x01[\x03\x03(\xABP\xAEn\xED\xD5\xA5\x0B\xEE\xF5\xEBC\xC6\x8F\x9AR\x88\xEF" 400 173 "-" "-"
nginx-proxy       | nginx.1    | _ - - - [03/Sep/2018:19:42:45 +0000] "\x16\x03\x01\x01_\x01\x00\x01[\x03\x03\xF5\xDF\xD0\xC8\x9E\x1CK\xE3m\xB8/\xA3\x04\xAC*\x7F\xFE\x89u;jo\x8D\xFDH\x19\xDB\x87;/\x9E>\x00\x00\xB0\xC00\xC0,\xC0(\xC0$\xC0\x14\xC0" 400 173 "-" "-"
nginx-proxy       | nginx.1    | _ - - - [03/Sep/2018:19:42:45 +0000] "\x16\x03\x01\x01_\x01\x00\x01[\x03\x034uei/\xBC\x15\x83jK_l\xA4\x1Da\x87\xFF\xCF\xD5\xEE\xC4q\xC6\x99\xC4+wI`Uo\x00\x00\x00\xB0\xC00\xC0,\xC0(\xC0$\xC0\x14\xC0" 400 173 "-" "-"
nginx-proxy       | nginx.1    | _ - - - [03/Sep/2018:19:42:45 +0000] "\x16\x03\x01\x01_\x01\x00\x01[\x03\x03\x1A\xB8\x82\xD4\xEF\x9B@T\x0F\xB4D\xA1G\x885\xD0B&O\x80\xFEO\x1E\x93Ia]+H\x94v\x1F\x00\x00\xB0\xC00\xC0,\xC0(\xC0$\xC0\x14\xC0" 400 173 "-" "-"

Any clue or advise? Seems that the request is being encrypted… Not sure where to begin to look for…


#2

Any hint? Not sure what is going on…


#3

Hi @gentunian
Could you share the complete service and the corresponding route object definitions you’ve in your local Kong instance?


#4

sure, here it goes:

/ # curl localhost:8001/services/my-service | jq
{
  "host": "my.example-host.com",
  "created_at": 1535857674,
  "connect_timeout": 60000,
  "id": "8f1dfcec-abe1-4c51-8f97-8b375435cdf2",
  "protocol": "https",
  "name": "my-service",
  "read_timeout": 60000,
  "port": 80,
  "path": null,
  "updated_at": 1536003805,
  "retries": 5,
  "write_timeout": 60000
}
/ # curl localhost:8001/services/my-service/routes | jq
{
  "next": null,
  "data": [
    {
      "created_at": 1536031416,
      "strip_path": true,
      "hosts": null,
      "preserve_host": false,
      "regex_priority": 0,
      "updated_at": 1536031416,
      "paths": [
        "/foo/bar"
      ],
      "service": {
        "id": "8f1dfcec-abe1-4c51-8f97-8b375435cdf2"
      },
      "methods": null,
      "protocols": [
        "http",
        "https"
      ],
      "id": "212ab736-897e-4714-a3f5-b91e6bd90579"
    }]
}

#5

Hi @gentunian,

Your Kong configuration looks correct except you posted a route with /foo/bar instead of /test-route. Please make sure that’s correct.

Are you sure you’ve setup your upstream correctly?
Is there anything like Proxy Protocol enabled (although, you should get 400 with that)?

Have you tried another upstream? Does that result in the same issue?
Does sending an HTTPS request directly to the upstream (without Kong in the request path) result in the same behavior?


#6

@hbagdi I’m sure it’s correct because as soon as I change the service protocol to “http” starts working.