<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2017-05-01 14:05 GMT+05:00 Dothris <span dir="ltr"><<a target="_blank" href="mailto:nginx-forum@forum.nginx.org">nginx-forum@forum.nginx.org</a>></span>:<br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">Добрый день! Подскажите пожалуйста, как сделать Nginx как SSL клиент?<br>
nginx version: nginx/1.8.1<br>
Ниже конфиги nginx.<br>
<br>
server {<br>
    listen 80;<br>
    server_name             roga-and-kopyta;<br>
    access_log              /var/log/nginx/access.log main;<br>
    error_log               /var/log/nginx/error.log warn;<br>
    proxy_set_header            X-Real-IP $remote_addr;<br>
    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;<br>
    proxy_set_header            X-Forwarded-Host $host;<br>
    proxy_set_header            X-Forwarded-Server $host;<br>
    proxy_set_header            X-Forwarded-Proto $scheme;<br>
    proxy_set_header            Host $host;<br>
<br>
    location = / {<br>
        proxy_buffering              off;<br>
        proxy_set_header             X-Forwarded-For $remote_addr;<br>
        proxy_ssl_certificate        ssl_subscription/client-cert.<wbr>pem;<br>
        proxy_ssl_certificate_key    ssl_subscription/privkey.key;<br>
        proxy_pass                   <a target="_blank" rel="noreferrer" href="https://server-in-inet:443">https://server-in-inet:443</a>;<br>
    }<br>
}<br>
<br>
Запрос<br>
<br>
curl -v --header "Content-Type:application/xml" -d "Запрос"<br>
<a target="_blank" rel="noreferrer" href="http://server-in-inet:443/">http://server-in-inet:443/</a><br>
<br>
В логах Nginx<br>
<br>
2017/05/01 08:32:06 [error] 27245#0: *7 SSL_do_handshake() failed (SSL:<br>
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert<br>
number 48) while SSL handshaking to upstream, client: ip-backend-server,<br>
server: server-in-inet, request: «POST / HTTP/1.1», upstream:<br>
"<a target="_blank" rel="noreferrer" href="https://IP-adres-server-in-inet:443">https://IP-adres-server-in-<wbr>inet:443</a>", host: «server-in-inet»<br>
<br>
Почему то upstream: "<a target="_blank" rel="noreferrer" href="https://IP-adres-server-in-inet:443">https://IP-adres-server-in-<wbr>inet:443</a>" в виде IP сервера,<br>
а должен быть в виде Hostname.<br></blockquote><div><br><br>"proxy_ssl_server_name on;" включено?<br> </div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">
<br>
Что может быть не так?<br>
<br>
Posted at Nginx Forum: <a target="_blank" rel="noreferrer" href="https://forum.nginx.org/read.php?21,274002,274002#msg-274002">https://forum.nginx.org/read.<wbr>php?21,274002,274002#msg-<wbr>274002</a><br>
<br>
______________________________<wbr>_________________<br>
nginx-ru mailing list<br>
<a href="mailto:nginx-ru@nginx.org">nginx-ru@nginx.org</a><br>
<a target="_blank" rel="noreferrer" href="http://mailman.nginx.org/mailman/listinfo/nginx-ru">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx-ru</a></blockquote></div><br></div></div>