<div dir="ltr"><div><div><div>Hello Goce,<br></div>but with this configuration, can I disable SSL in target Nginx?<br><br></div>Thanks in advance.<br><br></div>Meph<br></div><div class="gmail_extra"><br><div class="gmail_quote">On 8 May 2018 at 09:34, Joncheski <span dir="ltr"><<a href="mailto:nginx-forum@forum.nginx.org" target="_blank">nginx-forum@forum.nginx.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Meph,<br>
<br>
In configuration file "cloud.diakont.it.conf": <br>
- "ssl_certificate" please set path of only public certificate of server<br>
(<a href="http://cloud.diakont.it" rel="noreferrer" target="_blank">cloud.diakont.it</a>), and in "ssl_certificate_key" please set path of only<br>
private key of server (<a href="http://cloud.diakont.it" rel="noreferrer" target="_blank">cloud.diakont.it</a>).<br>
<br>
In configuration file "ssl-params.conff":<br>
- The certificates that you use for the server and for the client, from whom<br>
are they issued and signed? If you are from your publisher and signer, these<br>
parameters will be removed: ssl_ecdh_curve, ssl_stapling, add_header<br>
X-Frame-Options DENY; add_header X-Content-Type-Options nosniff;<br>
<br>
Change parameter: resolver_timeout 10s.<br>
<br>
In nginx config:<br>
- Add this argument: <br>
proxy_ssl_verify        on;<br>
proxy_ssl_verify_depth  2;<br>
proxy_ssl_session_reuse on;<br>
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br>
proxy_ssl_trusted_certificate <PATH-OF-ROOT-CA-CERTIFICATE>;<br>
- And in location / like this:<br>
location / {<br>
                                        proxy_set_header X-Real-IP $remote_addr;<br>
                                        proxy_set_header X-Forwarded-Proto $scheme;<br>
                                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
                                        proxy_set_header Upgrade $http_upgrade;<br>
                                        proxy_set_header Connection 'upgrade';<br>
                                        proxy_set_header Host $host;<br>
                                        proxy_pass <a href="https://cloud_ssl/" rel="noreferrer" target="_blank">https://cloud_ssl/</a>;<br>
                }<br>
<br>
And check the configuration file (nginx -t).<br>
After this, please send me more access and error log for this.<br>
<br>
<br>
Best regards,<br>
Goce Joncheski<br>
<br>
Posted at Nginx Forum: <a href="https://forum.nginx.org/read.php?2,279665,279710#msg-279710" rel="noreferrer" target="_blank">https://forum.nginx.org/read.<wbr>php?2,279665,279710#msg-279710</a><br>
<div class="HOEnZb"><div class="h5"><br>
______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br>
</div></div></blockquote></div><br></div>