
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<meta name="Generator" content="Microsoft Word 15 (filtered medium)">


<style><!--


/* Font Definitions */


@font-face


        {font-family:"Cordia New";


        panose-1:2 11 3 4 2 2 2 2 2 4;}


@font-face


        {font-family:"Cambria Math";


        panose-1:2 4 5 3 5 4 6 3 2 4;}


@font-face


        {font-family:DengXian;


        panose-1:2 1 6 0 3 1 1 1 1 1;}


@font-face


        {font-family:Calibri;


        panose-1:2 15 5 2 2 2 4 3 2 4;}


@font-face


        {font-family:"\@DengXian";


        panose-1:2 1 6 0 3 1 1 1 1 1;}


/* Style Definitions */


p.MsoNormal, li.MsoNormal, div.MsoNormal


        {margin:0cm;


        margin-bottom:.0001pt;


        font-size:11.0pt;


        font-family:"Calibri",sans-serif;}


a:link, span.MsoHyperlink


        {mso-style-priority:99;


        color:#0563C1;


        text-decoration:underline;}


a:visited, span.MsoHyperlinkFollowed


        {mso-style-priority:99;


        color:#954F72;


        text-decoration:underline;}


p.msonormal0, li.msonormal0, div.msonormal0


        {mso-style-name:msonormal;


        mso-margin-top-alt:auto;


        margin-right:0cm;


        mso-margin-bottom-alt:auto;


        margin-left:0cm;


        font-size:11.0pt;


        font-family:"Calibri",sans-serif;}


span.EmailStyle18


        {mso-style-type:personal-reply;


        font-family:"Calibri",sans-serif;


        color:windowtext;}


.MsoChpDefault


        {mso-style-type:export-only;


        font-size:10.0pt;}


@page WordSection1


        {size:612.0pt 792.0pt;


        margin:3.0cm 2.0cm 3.0cm 2.0cm;}


div.WordSection1


        {page:WordSection1;}


--></style>


</head>


<body lang="DA" link="#0563C1" vlink="#954F72">


<div class="WordSection1">


<p class="MsoNormal"><span lang="EN-GB">> The vendor recommended me to use a reverse proxy....<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">Ideally the vendor should have a working config in that case, but, I do see a few things that can be an issue.<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">You’re serving https but proxying to an http backend – depending on how the software works, a lot of the reverse URLs that is sent back, might be linking to http:// instead of https://<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">This in itself can break a lot of functionality, you might want to try to proxy to an https backend – this might require that you create a self-signed certificate on the backend (can be valid for 10 years) – the backend


 software itself, if it has a way to enable “https”, you’d have to set this as well.<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">I also recommend removing the / (slash) in the end of the proxy_pass, this will pass through the request URI from the client, as per documentation:<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">> If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing


 the changed URI<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">Alternatively do proxy_pass <a href="http://192.168.1.3$request_uri">


http://192.168.1.3$request_uri</a>; or proxy_pass <a href="https://192.168.1.3$request_uri">


https://192.168.1.3$request_uri</a>;<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">Additionally, if your software uses Location or Refresh headers, then you might want to look into proxy_redirect (


<a href="http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect">


http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect</a> )  to rewrite this on the “return” to the user.<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">Best Regards,<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">Lucas Rolff<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">


<p class="MsoNormal" style="margin-left:36.0pt"><b><span lang="EN-US" style="font-size:12.0pt;color:black">From:


</span></b><span lang="EN-US" style="font-size:12.0pt;color:black">nginx <nginx-bounces@nginx.org> on behalf of "Jungersen, Danjel - Jungersen Grafisk ApS" <danjel@jungersen.dk><br>


<b>Organization: </b>Jungersen Grafisk ApS<br>


<b>Reply-To: </b>"nginx@nginx.org" <nginx@nginx.org><br>


<b>Date: </b>Sunday, 26 August 2018 at 10.33<br>


<b>To: </b>"nginx@nginx.org" <nginx@nginx.org><br>


<b>Subject: </b>Re: reverse proxy https not working<o:p></o:p></span></p>


</div>


<div>


<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"><o:p> </o:p></span></p>


</div>


<p class="MsoNormal" style="margin-left:36.0pt"><a name="_MailOriginalBody"><span lang="EN-US"><o:p> </o:p></span></a></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-US"><o:p> </o:p></span></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">From:                         Lucas Rolff <lucas@lucasrolff.com></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">To:                            "nginx@nginx.org" <nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Subject:                     Re: reverse proxy https not working</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Date sent:                  Sun, 26 Aug 2018 08:19:28 +0000</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Send reply to:             nginx@nginx.org</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Which functions do not work?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Thats a bit hard to say, but I'll try..</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">It's a print production system.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">1 part is approval of pages in a job.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">When I try to open a page for approval the system should open up the page in large size.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">That does not happen.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">The thumbnails on the side works.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">And as stated, when I do the same thing when connected via http, there are no issues.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Be aware some software (WordPress being a good example) doesn’t always work with reverse


</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> proxies that easy.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">The vendor recommended me to use a reverse proxy....</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Could you possibly include your nginx configuration? Especially your proxy parts.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">server {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">  server_name portal.printlight.dk;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">  client_max_body_size 1000m;  # (I tried with and without this line)</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">  error_log /etc/nginx/log warn;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">  location / {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    proxy_pass  http://192.168.1.3:80/;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    proxy_set_header Host $host;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">  }</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    listen 80;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    listen 443 ssl; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    ssl_certificate /etc/letsencrypt/live/portal.printlight.dk/fullchain.pem; # managed


 by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    ssl_certificate_key /etc/letsencrypt/live/portal.printlight.dk/privkey.pem; # managed


 by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">}</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> From: nginx <nginx-bounces@nginx.org> on behalf of "Jungersen, Danjel -


</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Jungersen Grafisk ApS"<danjel@jungersen.dk></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Organization: Jungersen Grafisk ApS</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Reply-To: "nginx@nginx.org" <nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Date: Sunday, 26 August 2018 at 10.13</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> To: "nginx@nginx.org" <nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Subject: reverse proxy https not working</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Hi there.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I have a setup that almost works.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> :-)</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I have a handful of domains that works as they should.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Traffic as accepted and forwarded to my apache on another server (also in dmz).</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I have setup certificates with certbot.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I have green (encrypted) icon on my browser when I visit my sites.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> 1 site is running on my green network.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> When I connect to that site all seems to work.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> However, certain functions fail, but only when connected via https.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> If I change the setup so that port 80 is not redirected to 443, everything works as long


 as I </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> stay with http.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> As soon as I chenge the url to https:// some functions fail.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I have tried but cannot understand the debug log.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I don't see any hits on my firewall.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Any clues?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I will be happy to send config and logfiles, but I'm not sure exactly what to send.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Best regards</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Danjel</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>   </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody">  <o:p></o:p></span></p>


</div>


</body>


</html>