All,
I am trying to use NGINX as reverse proxy for https backend servers
Client <-------> NGINX <-------> backend
NGINX proxy accepts only ssl connections on 443
Proxy's NGINX conf:
http {
server {
listen 443;
ssl on;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
# client certificate
ssl_client_certificate /etc/nginx/client_certs/ca.crt;
ssl_verify_client optional;
location / {
if ($ssl_client_verify != SUCCESS) {
return 403;
}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Host $http_host;
add_header Front-End-Https on;
if ($host = 'secure_backend' ) {
proxy_pass https://https_backend:443;
}
if ($host = 'backend' ) {
proxy_pass http://http_backend;
}
proxy_redirect off;
proxy_ssl_verify off;
add_header Front-End-Https on;
proxy_cache off;
proxy_http_version 1.1;
proxy_read_timeout 90;
} # /location /
}
I can succefully:
http://backend (client authenticated with proxy and passed using http to backend)
http://secure_backend (client authenticated with proxy and passed using https to https_backend)
However I am unable to:
https://secure_backend
access log:
CONNECThttps_backend:443 HTTP/1.1" 400 182 "-" "-"
error log:
2018/06/03 18:32:22 [warn] 754#754: "ssl_stapling" ignored, issuer certificate not found
2018/06/03 18:32:27 [warn] 920#920: "ssl_stapling" ignored, issuer certificate not found
2018/06/03 18:32:27 [debug] 923#923: epoll add event: fd:8 op:1 ev:00002001
2018/06/03 18:32:27 [debug] 923#923: epoll add event: fd:10 op:1 ev:00002001
Any Ideads are appreciated.
BR
Itamar
I am trying to use NGINX as reverse proxy for https backend servers
Client <-------> NGINX <-------> backend
NGINX proxy accepts only ssl connections on 443
Proxy's NGINX conf:
http {
server {
listen 443;
ssl on;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
# client certificate
ssl_client_certificate /etc/nginx/client_certs/ca.crt;
ssl_verify_client optional;
location / {
if ($ssl_client_verify != SUCCESS) {
return 403;
}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Host $http_host;
add_header Front-End-Https on;
if ($host = 'secure_backend' ) {
proxy_pass https://https_backend:443;
}
if ($host = 'backend' ) {
proxy_pass http://http_backend;
}
proxy_redirect off;
proxy_ssl_verify off;
add_header Front-End-Https on;
proxy_cache off;
proxy_http_version 1.1;
proxy_read_timeout 90;
} # /location /
}
I can succefully:
http://backend (client authenticated with proxy and passed using http to backend)
http://secure_backend (client authenticated with proxy and passed using https to https_backend)
However I am unable to:
https://secure_backend
access log:
CONNECThttps_backend:443 HTTP/1.1" 400 182 "-" "-"
error log:
2018/06/03 18:32:22 [warn] 754#754: "ssl_stapling" ignored, issuer certificate not found
2018/06/03 18:32:27 [warn] 920#920: "ssl_stapling" ignored, issuer certificate not found
2018/06/03 18:32:27 [debug] 923#923: epoll add event: fd:8 op:1 ev:00002001
2018/06/03 18:32:27 [debug] 923#923: epoll add event: fd:10 op:1 ev:00002001
Any Ideads are appreciated.
BR
Itamar