How to fix PR_END_OF_FILE_ERROR when using nginx with ssl?

Question

I'm trying to reverse-proxy an http server via nginx. The service is listening on port 8123 and I want to proxy it on 443. I created a self-signed certificate like this:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Here is the complete nginx configuration:

events {
        worker_connections 768;
}

http {
        server {
                listen 443 ssl http2;
                listen [::]:443 ssl http2;

                ssl_certificate         /home/mcmsadm/cert.pem;
                ssl_certificate_key     /home/mcmsadm/key.pem;

                location / {
                        proxy_pass http://localhost:8123;
                }
        }
}

When I try to connect to the server using Firefox, it says PR_END_OF_FILE_ERROR.

What am I doing wrong? Thanks!

EDIT: I found the nginx error message in the logs (Didn't think about it):

SSL_CTX_use_PrivateKey_file("/home/mcmsadm/key.pem") failed 
(SSL: error:2807106B:UI routines:UI_process:processing error:while reading strings
error:0906406D:PEM routines:PEM_def_callback:problems getting password 
error:0907B068:PEM routines:PEM_read_bio_PrivateKey:bad password read 
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)

I did create the certificate with a password, but nginx is asking for it when I restart it via nginx -s reload. To temporarily solve this I wrote the password in a file and added this line to my nginx.conf:

ssl_password_file       /etc/nginx/pass;

Is there any way that I can avoid writing the password in a file?

Answer 1

For anyone else with this issue.. it can also happen if you have forgotten to add ssl to the listen directives. Chrome shows ERR_SSL_PROTOCOL_ERROR whilst Firefox shows PR_END_OF_FILE_ERROR.

server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
     ...
}