Nginx+Docker cache reverse proxy - "SSL alert number 40"

julien.azouz.9 · April 1, 2023, 10:59pm

I want to setup a local reverse proxy server.

Local client ==> Local proxy == upstream ==> openai api

I’m using Nginx inside docker.

Here is the nginx.conf

events {
    worker_connections 10;
}

http {
    proxy_ssl_trusted_certificate /sni-cloudflaressl-com.pem;

    proxy_cache_path /server_cache levels=1:2 keys_zone=my_cache:10m max_size=1g inactive=60m use_temp_path=off;

    server {
        listen 80;

        location /v1/chat/completions {
            proxy_pass <apiserveraddresshere>;
            proxy_set_header Host <apiserverhosthere>;
            proxy_set_header Connection '';
            proxy_http_version 1.1;
            proxy_cache my_cache;
            proxy_cache_methods POST;
            proxy_cache_key "$request_method$request_uri$request_body";
            proxy_cache_valid 200 4d;
            proxy_cache_valid 404 1m;
            proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
            proxy_cache_background_update on;
            proxy_cache_lock on;
            proxy_set_header Host $host;
        }

        location /v1 {
            proxy_pass <apiserveraddresshere>;
            proxy_set_header Host $host;
        }
    }
}

But everytime the proxy forwards a request to the api, I get the following error:

[error] 29#29: *4 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream

I tried :

Explicity specifying the TLS protocols versions and the cyphers
Download and add the certificate of api.openai.com

None of this works so far.
Note that:

When forwarding requests to google.com with that config, it will just work (no ssl errors).
Direct requests from my app the api works

The purpose of this is to save time and money on repetitive requests made by my app.

Help would be much appreciated !

im.tohaw · April 2, 2023, 11:34am

I had the same problem and I have resolved it now. You can add a line to your nginx.conf file and then reload it to test if it works properly.

location /v1 {
…
proxy_ssl_server_name on;
…
}

julien.azouz.9 · April 2, 2023, 12:22pm

Correct answer ! Thank you.
This is probably because they use cloudflare and cloudflare needs to know to what end-host you want to talk to during SSL handshake.

julien.azouz.9 · April 2, 2023, 12:26pm

Next issue I’m having is to solve the fact that the cache is not applied… $upstream_cache_status in log always returns “MISS” for some reasons…
Working on it.

julien.azouz.9 · April 2, 2023, 12:42pm

Turned out the solution was to add
proxy_ignore_headers Cache-Control;
the api returns Cache-Control no-cache

EricGT · April 2, 2023, 12:48pm

You should click on the heart at the end of the reply to let him know this and also let others know that this is a valuable answer.

Topic		Replies	Views
OpenAI API doesn't work for about 40% of my users API	9	3975	March 19, 2023
Step 0 - Reverse Proxy - returns 404 page not found API	2	437	December 5, 2023
The Inconvenient Truth about Error 524 and PHP API Connections API	15	2757	May 24, 2023
How can I deploy my "public assistant" to my own server and domain name? Community gpt-4 , chatgpt , api	1	585	November 11, 2023
SSL: certificate_verify_failed API	78	88662	December 2, 2023

Nginx+Docker cache reverse proxy - "SSL alert number 40"

Related Topics