Nginx Sample Config of HTTP and LDAPS Reverse Proxy


Nginx is a great tool for load balance, reverse proxy and more if you know Lua scripts (check out OpenResty if you are interested). Besides HTTP, Nginx can do TCP and UDP proxy as well. Here is a sample config for https > http, ldaps > ldap proxy. https://gist.github.com/jc1518/35cb055bf779f1a70a5fc6e72637407a

LDAP: error code 11 – This search operation has checked the maximum of 5000 entries for matches]


We have a Jenkins box that use OpenDJ as the LDAP authenticator. And recently we migrated the ldif data from the old OpenDJ to a new OpenDJ server, and reconfigured the Jenkins to use the new box. After that, the Jenkins authentication stops working. I noticed this message in the Jenkins log. It looks like … Continue reading LDAP: error code 11 – This search operation has checked the maximum of 5000 entries for matches]

Error response from daemon: error unmarshalling content: unexpected end of JSON input


It happened the other day that one user reported that he was unable to pull a docker image from an internal registry. So I tried from my laptop, it looked fine at the first beginning. There were a few downloading processed going on, but it threw the error unknown blob at the end. So I tried … Continue reading Error response from daemon: error unmarshalling content: unexpected end of JSON input

Openssl error: SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol


If you see similar errors as below when using openssl to test a https site, it is most likely caused by the SNI that is configured in the reverse proxy or server, like Nginx. openssl s_client -connect bla.bla.com:443 CONNECTED(00000003) 51089:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_clnt.c:618: To make it work, you need to specify the hostname in the command, … Continue reading Openssl error: SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol