DirectAdmin Knowledge Base and Support

DirectAdmin is a web panel for a simple administration of both virtual and dedicated servers. DirectAdmin is faster, safe and more powerful than any other CP. And we know how to customize and support it.

iPhone does not open HTTPS site in Safari with error NSPOSIXErrorDomain:100

| 22:27:20 28.09.2017

If Safari (and possibly other browsers) fails to load a site over HTTPS served by NGINX sitting as a reverse proxy in front of Apache:

Safari can't open the page. The error is: "The operation couldn't be completed. Protocol error" (NSPOSIXErrorDomain:100)


we have a possible solution for the case.

Why it happens?

NGINX when installed as a reverse proxy with Apache as a back-end fetches resources from Apache using HTTP/1.1, which the back-end server tries to upgrade to HTTP/2 by sending the "Upgrade: h2" header:

Upgrade: h2, h2c

And NGINX is transmitting the header Upgrade from Apache to a client, i.e. browser. And browsers on iOS (on iPhone) and on macOS High Sierra from Apple might fail here and drop a connection to such a site.

It will mostly effect CentOS 7 due to OpenSSL version 1.0.2+ which is now installed by default on this OS since September 2017 And Apache gets built against OpenSSL 1.0.2+:

# apachectl -v
Server version: Apache/2.4.27 (Unix)
Server built:   Sep 24 2017 23:11:03
# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

Older OS with Apache 2.4.x and OpenSSL 1.0.2+ might be affected too.

What to do?

In order to solve the issue on a server with Directadmin we need to add the following instruction into NGINX :

proxy_hide_header Upgrade;

So we run:

echo "proxy_hide_header Upgrade;" >> /etc/nginx/nginx-includes.conf
service nginx restart

The issue should be resolved at this moment.

You don't have directadmin?

If you don't have Directadmin you can also use this solution, but you should add the mentioned directive into /etc/nginx.conf or try a file under /etc/nginx/conf.d/.

Need more details?

More information:

About Us
We are a team of professionals, and specialize in installation, configuring and managing of remote virtual and dedicated servers powered by Linux/Unix-like OS with DirectAdmin. We support various sets of software, including web-servers Apache, Nginx; internet domain name servers Bind, PowerDNS; mail-servers with POP3, IMAP and SMTP, FTP-servers, etc. After years of working through the most complex server challenges our team has gathered valuable experience and universal solutions suitable for everyday tasks. We are here to lend you a helping hand and take care of your servers in order to let you have enough time to do more of what you love.

All of the information and data on this site is for informational purposes only and is provided for the convenience of the user.
Powered by: Amiro.CMS - Free edition