<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cordia New";
        panose-1:2 11 3 4 2 2 2 2 2 4;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:DengXian;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"\@DengXian";
        panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
        {mso-style-name:msonormal;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:3.0cm 2.0cm 3.0cm 2.0cm;}
div.WordSection1
        {page:WordSection1;}
--></style>
</head>
<body lang="DA" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-GB">> The vendor recommended me to use a reverse proxy....<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Ideally the vendor should have a working config in that case, but, I do see a few things that can be an issue.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">You’re serving https but proxying to an http backend – depending on how the software works, a lot of the reverse URLs that is sent back, might be linking to http:// instead of https://<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">This in itself can break a lot of functionality, you might want to try to proxy to an https backend – this might require that you create a self-signed certificate on the backend (can be valid for 10 years) – the backend
 software itself, if it has a way to enable “https”, you’d have to set this as well.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">I also recommend removing the / (slash) in the end of the proxy_pass, this will pass through the request URI from the client, as per documentation:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">> If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing
 the changed URI<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Alternatively do proxy_pass <a href="http://192.168.1.3$request_uri">
http://192.168.1.3$request_uri</a>; or proxy_pass <a href="https://192.168.1.3$request_uri">
https://192.168.1.3$request_uri</a>;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Additionally, if your software uses Location or Refresh headers, then you might want to look into proxy_redirect (
<a href="http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect">
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect</a> )  to rewrite this on the “return” to the user.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Best Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Lucas Rolff<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-left:36.0pt"><b><span lang="EN-US" style="font-size:12.0pt;color:black">From:
</span></b><span lang="EN-US" style="font-size:12.0pt;color:black">nginx <nginx-bounces@nginx.org> on behalf of "Jungersen, Danjel - Jungersen Grafisk ApS" <danjel@jungersen.dk><br>
<b>Organization: </b>Jungersen Grafisk ApS<br>
<b>Reply-To: </b>"nginx@nginx.org" <nginx@nginx.org><br>
<b>Date: </b>Sunday, 26 August 2018 at 10.33<br>
<b>To: </b>"nginx@nginx.org" <nginx@nginx.org><br>
<b>Subject: </b>Re: reverse proxy https not working<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal" style="margin-left:36.0pt"><a name="_MailOriginalBody"><span lang="EN-US"><o:p> </o:p></span></a></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US"><o:p> </o:p></span></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">From:                         Lucas Rolff <lucas@lucasrolff.com></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">To:                            "nginx@nginx.org" <nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Subject:                     Re: reverse proxy https not working</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Date sent:                  Sun, 26 Aug 2018 08:19:28 +0000</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Send reply to:             nginx@nginx.org</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Which functions do not work?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Thats a bit hard to say, but I'll try..</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">It's a print production system.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">1 part is approval of pages in a job.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">When I try to open a page for approval the system should open up the page in large size.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">That does not happen.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">The thumbnails on the side works.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">And as stated, when I do the same thing when connected via http, there are no issues.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Be aware some software (WordPress being a good example) doesn’t always work with reverse
</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> proxies that easy.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">The vendor recommended me to use a reverse proxy....</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Could you possibly include your nginx configuration? Especially your proxy parts.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">server {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">  server_name portal.printlight.dk;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">  client_max_body_size 1000m;  # (I tried with and without this line)</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">  error_log /etc/nginx/log warn;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">  location / {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    proxy_pass  http://192.168.1.3:80/;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    proxy_set_header Host $host;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">  }</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    listen 80;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    listen 443 ssl; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    ssl_certificate /etc/letsencrypt/live/portal.printlight.dk/fullchain.pem; # managed
 by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    ssl_certificate_key /etc/letsencrypt/live/portal.printlight.dk/privkey.pem; # managed
 by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">}</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> From: nginx <nginx-bounces@nginx.org> on behalf of "Jungersen, Danjel -
</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Jungersen Grafisk ApS"<danjel@jungersen.dk></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Organization: Jungersen Grafisk ApS</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Reply-To: "nginx@nginx.org" <nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Date: Sunday, 26 August 2018 at 10.13</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> To: "nginx@nginx.org" <nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Subject: reverse proxy https not working</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Hi there.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I have a setup that almost works.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> :-)</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I have a handful of domains that works as they should.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Traffic as accepted and forwarded to my apache on another server (also in dmz).</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I have setup certificates with certbot.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I have green (encrypted) icon on my browser when I visit my sites.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> 1 site is running on my green network.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> When I connect to that site all seems to work.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> However, certain functions fail, but only when connected via https.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> If I change the setup so that port 80 is not redirected to 443, everything works as long
 as I </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> stay with http.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> As soon as I chenge the url to https:// some functions fail.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I have tried but cannot understand the debug log.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I don't see any hits on my firewall.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Any clues?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I will be happy to send config and logfiles, but I'm not sure exactly what to send.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Best regards</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Danjel</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>   </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody">  <o:p></o:p></span></p>
</div>
</body>
</html>