Thanks Sergey for your quick reply. I have checked the debug logs for the SNI (upstream SSL server name), and it seems to be correct.I also used the "proxy_ssl_name" directive that set to the proxied_server_name. Below is the debug output when I hit the endpoint:
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http cleanup add: 000F8E3FFB8 2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream resolve: "/abc" 2020/11/06 09:14:36 [debug] 30370#30370: *113140 name was resolved to 1.2.3.4 2020/11/06 09:14:36 [debug] 30370#30370: *113140 get rr peer, try: 1 2020/11/06 09:14:36 [debug] 30370#30370: *113140 stream socket 13 2020/11/06 09:14:36 [debug] 30370#30370: *113140 epoll add connection: fd:13 ev:8002005 2020/11/06 09:14:36 [debug] 30370#30370: *113140 connect to 1.2.3.4:443, fd:13 #11343 2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream connect: -2 2020/11/06 09:14:36 [debug] 30370#30370: *113140 posix_memalign: 003FFB8:128 @16 2020/11/06 09:14:36 [debug] 30370#30370: *113140 event timer add: 13: 60000:1604656507 2020/11/06 09:14:36 [debug] 30370#30370: *113140 http finalize request: -4, "/abc" a:1, c:2 2020/11/06 09:14:36 [debug] 30370#30370: *113140 http request count:2 blk:0 2020/11/06 09:14:36 [debug] 30370#30370: *113140 http run request: "/abc" 2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream check client, write event:1, "/abc" 2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream request: "/abc" 2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream send request handler 2020/11/06 09:14:36 [debug] 30370#30370: *113140 malloc: 00007F8EF805E0:72 2020/11/06 09:14:36 [debug] 30370#30370: *113140 upstream SSL server name: "targetapp.com" 2020/11/06 09:14:36 [debug] 30370#30370: *113140 tcp_nodelay 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL handshake handler: 0 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL handshake handler: 1 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL handshake handler: 0 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL handshake handler: 1 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1 2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2 2020/11/06 09:14:37 [debug] 30370#30370: *113140 SSL handshake handler: 0 2020/11/06 09:14:37 [debug] 30370#30370: *113140 SSL_do_handshake: 0 2020/11/06 09:14:37 [debug] 30370#30370: *113140 SSL_get_error: 1 2020/11/06 09:14:37 [error] 30370#30370: *113140 SSL_do_handshake() failed (SSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert$ 2020/11/06 09:14:37 [debug] 30370#30370: *113140 http next upstream, 2 2020/11/06 09:14:37 [debug] 30370#30370: *113140 free rr peer 1 4 2020/11/06 09:14:37 [debug] 30370#30370: *113140 finalize http upstream request: 502 2020/11/06 09:14:37 [debug] 30370#30370: *113140 finalize http proxy request 2020/11/06 09:14:37 [debug] 30370#30370: *113140 close http upstream connection: 13 2020/11/06 09:14:37 [debug] 30370#30370: *113140 free: 0007F8EF0E0 2020/11/06 09:14:37 [debug] 30370#30370: *113140 free: 0007F8EFA2A0, unused: 32 2020/11/06 09:14:37 [debug] 30370#30370: *113140 event timer del: 13: 104613507 2020/11/06 09:14:37 [debug] 30370#30370: *113140 reusable connection: 0 2020/11/06 09:14:37 [debug] 30370#30370: *113140 http finalize request: 502, "/abc" a:1, c:1 2020/11/06 09:14:37 [debug] 30370#30370: *113140 http special response: 502, "/abc" 2020/11/06 09:14:37 [debug] 30370#30370: *113140 xslt filter header 2020/11/06 09:14:37 [debug] 30370#30370: *113140 HTTP/1.1 502 Bad Gateway Server: nginx/1.12.2 Server: nginx/1.12.2 Date: Fri, 06 Nov 2020 09:14:37 GMT Content-Type: text/html Content-Length: 173 Connection: keep-alive Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289880,289884#msg-289884 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx