Tyk-Gateway-ce https setup fails with Error 502, Bad Gateway

I am trying to access tyk-gateway-ce over https, I have followed instructions and configured it for https in the tyk.conf file. I dont use any database, so I didn’t add the ssl configurations to analytics.conf. The problem I have is that the gateway always responds with error 502, bad gateway. It is deployed as an upstream server behind NGINX. NGINX is well configured, I tested its correctness using a trusted tool that verifies NGINX config correctness.

What do I have to do more than adding the following config block into the tyk.conf file?

"http_server_options": {
     "use_ssl": true,
     "server_name": "mydomain.tech",
     "enable_strict_routes": true,
     "ssl_insecure_skip_verify": true,
     "ssl_certificates": [
           "domain_name": "*.mydomain.tech",
           "cert_file": "/etc/ssl/certs/mydomain_tech_chain.crt",
           "key_file": "/etc/ssl/certs/mydomain_tech.key"
     "min_version": 770

Following the logs in error.log reveals this detail:

SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: x.x.xx.xx, server: www.mydomain.tech, request: "GET /hello HTTP/1.1", upstream: "", host: "www.mydomain.tech"

@rodgers Unsure whether this is related to Tyk. Googling shows a couple of related error with proxy or nginx

Can you git the Tyk hello endpoint directly and share the output? If you get the liveness check then it may confirm an issue from nginx.

Hope this helps

I managed to fix it. There was no need to use https for the communication between NGiNX server and TYK, since they both reside on the same VM instance. To secure TYK gateway from outside access, I have set the value of liststen_address (in tyk.conf file) to so that only NGiNX which is hosted on the same VM can access the gateway directly. https communication is between NGiNX and the outside clients.

1 Like