
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<meta name="Generator" content="Microsoft Word 15 (filtered medium)">


<style><!--


/* Font Definitions */


@font-face


        {font-family:"Cordia New";


        panose-1:2 11 3 4 2 2 2 2 2 4;}


@font-face


        {font-family:"Cambria Math";


        panose-1:2 4 5 3 5 4 6 3 2 4;}


@font-face


        {font-family:DengXian;


        panose-1:2 1 6 0 3 1 1 1 1 1;}


@font-face


        {font-family:Calibri;


        panose-1:2 15 5 2 2 2 4 3 2 4;}


@font-face


        {font-family:"\@DengXian";


        panose-1:2 1 6 0 3 1 1 1 1 1;}


/* Style Definitions */


p.MsoNormal, li.MsoNormal, div.MsoNormal


        {margin:0cm;


        margin-bottom:.0001pt;


        font-size:11.0pt;


        font-family:"Calibri",sans-serif;}


a:link, span.MsoHyperlink


        {mso-style-priority:99;


        color:#0563C1;


        text-decoration:underline;}


a:visited, span.MsoHyperlinkFollowed


        {mso-style-priority:99;


        color:#954F72;


        text-decoration:underline;}


p.msonormal0, li.msonormal0, div.msonormal0


        {mso-style-name:msonormal;


        mso-margin-top-alt:auto;


        margin-right:0cm;


        mso-margin-bottom-alt:auto;


        margin-left:0cm;


        font-size:11.0pt;


        font-family:"Calibri",sans-serif;}


span.EmailStyle18


        {mso-style-type:personal-reply;


        font-family:"Calibri",sans-serif;


        color:windowtext;}


.MsoChpDefault


        {mso-style-type:export-only;


        font-size:10.0pt;}


@page WordSection1


        {size:612.0pt 792.0pt;


        margin:3.0cm 2.0cm 3.0cm 2.0cm;}


div.WordSection1


        {page:WordSection1;}


--></style>


</head>


<body lang="DA" link="#0563C1" vlink="#954F72">


<div class="WordSection1">


<p class="MsoNormal"><span lang="EN-GB">> Both did the trick, but which one is better?<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">I personally prefer the $request_uri one because it’s very clear exactly what it does.<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">> I think I read somewhere that nginx would connect unencrypted to the backend, and do the encryption / decryption, is this wrong then?<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">Nginx will connect the way you’ve told it to connect, if you’re connecting to a http backend, it will do plain communication over http – if you’re connecting to a https backend, it will establish a secure connection with


 the backend, and decrypt the response before encrypting it again when going to the client.<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">> It works on some of my other domains, so is this just an exeption?<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">> What I really ask is this: Should I change my other domains also, or should I kepp them as they are as long as they work?<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">I would change it for consistency across your configs, but that’s my opinion – if it works then it’s all OK anyway, I don’t know the specific case when it will and will not work – so I by default set $request_uri because


 it works in 99% of the cases, and I’ll only modify it if another behaviour is required.<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">Best Regards,<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB">Lucas Rolff<o:p></o:p></span></p>


<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>


<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">


<p class="MsoNormal" style="margin-left:36.0pt"><b><span lang="EN-US" style="font-size:12.0pt;color:black">From:


</span></b><span lang="EN-US" style="font-size:12.0pt;color:black">nginx <nginx-bounces@nginx.org> on behalf of "Jungersen, Danjel - Jungersen Grafisk ApS" <danjel@jungersen.dk><br>


<b>Organization: </b>Jungersen Grafisk ApS<br>


<b>Reply-To: </b>"nginx@nginx.org" <nginx@nginx.org><br>


<b>Date: </b>Sunday, 26 August 2018 at 11.29<br>


<b>To: </b>"nginx@nginx.org" <nginx@nginx.org><br>


<b>Subject: </b>Re: reverse proxy https not working<o:p></o:p></span></p>


</div>


<div>


<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"><o:p> </o:p></span></p>


</div>


<p class="MsoNormal" style="margin-left:36.0pt"><a name="_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Thanks !!!</span></a><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> proxy_pass  https://192.168.1.3;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> proxy_pass  https://192.168.1.3$request_uri;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Both did the trick, but which one is better?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">I will now try to re-enable all the "force encryption" settings.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">And closing firewall ports to see what I can avoid having open.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">I'm a bit of novice at proxies, so please be patient :-)</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">I will read the documentation sections you mentioned.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">I think I read somewhere that nginx would connect unencrypted to the backend, and do the encryption /


 decryption, is this wrong then?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">It works on some of my other domains, so is this just an exeption?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">What I really ask is this: Should I change my other domains also, or should I kepp them as they are as


 long as they work?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">It sounds like you recommend removing the "/" on all sites(?)</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">A current typical setup:</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">server {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">  server_name www.printlight.dk;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">  server_name printlight.dk;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">  location / {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">    proxy_pass  http://192.168.20.3/;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">    proxy_set_header Host $host;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">  }</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">    listen 443 ssl; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">    ssl_certificate /etc/letsencrypt/live/printlight.dk/fullchain.pem; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">    ssl_certificate_key /etc/letsencrypt/live/printlight.dk/privkey.pem; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">}</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">server {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">    if ($host = www.printlight.dk) {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">        return 301 https://$host$request_uri;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">    } # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">    if ($host = printlight.dk) {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">        return 301 https://$host$request_uri;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">    } # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">  listen 80;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">  server_name www.printlight.dk;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">  server_name printlight.dk;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">    return 404; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">}</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Best regards</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Danjel</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">From:                         Lucas Rolff <lucas@lucasrolff.com></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">To:                            "nginx@nginx.org" <nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Subject:                     Re: reverse proxy https not working</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Date sent:                  Sun, 26 Aug 2018 08:47:03 +0000</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Send reply to:             nginx@nginx.org</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > The vendor recommended me to use a reverse proxy....</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Ideally the vendor should have a working config in that case, but, I do see a few things


 that can </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> be an issue.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> You’re serving https but proxying to an http backend – depending on how the software works,


 a </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> lot of the reverse URLs that is sent back, might be linking to http:// instead of https://</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> This in itself can break a lot of functionality, you might want to try to proxy to an


 https backend </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> – this might require that you create a self-signed certificate on the backend (can be


 valid for 10 </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> years) – the backend software itself, if it has a way to enable “https”, you’d have to


 set this as </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> well.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I also recommend removing the / (slash) in the end of the proxy_pass, this will pass through


 the </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> request URI from the client, as per documentation:</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > If proxy_pass is specified without a URI, the request URI is passed to the server in


 the same </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> form as sent by a client when the original request is processed, or the full normalized


 request </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> URI is passed when processing the changed URI</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Alternatively do proxy_pass http://192.168.1.3$request_uri; or proxy_pass


</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> https://192.168.1.3$request_uri;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Additionally, if your software uses Location or Refresh headers, then you might want to


 look </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> into proxy_redirect (


</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect )  to rewrite


 this on </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> the “return” to the user.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Best Regards,</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Lucas Rolff</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> From: nginx <nginx-bounces@nginx.org> on behalf of "Jungersen, Danjel -


</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Jungersen Grafisk ApS"<danjel@jungersen.dk></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Organization: Jungersen Grafisk ApS</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Reply-To: "nginx@nginx.org" <nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Date: Sunday, 26 August 2018 at 10.33</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> To: "nginx@nginx.org" <nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Subject: Re: reverse proxy https not working</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> From:                         Lucas Rolff <lucas@lucasrolff.com></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> To:                            "nginx@nginx.org"<nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Subject:                     Re: reverse proxy https not working</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Date sent:                  Sun, 26 Aug 2018 08:19:28 +0000</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Send reply to:             nginx@nginx.org</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Which functions do not work?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Thats a bit hard to say, but I'll try..</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> It's a print production system.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> 1 part is approval of pages in a job.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> When I try to open a page for approval the system should open up the page in large size.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> That does not happen.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> The thumbnails on the side works.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> And as stated, when I do the same thing when connected via http, there are no issues.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> >  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Be aware some software (WordPress being a good example) doesn’t always work with


</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> reverse</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > proxies that easy.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> The vendor recommended me to use a reverse proxy....</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> >  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Could you possibly include your nginx configuration? Especially your proxy parts.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> server {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>   server_name portal.printlight.dk;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>   client_max_body_size 1000m;  # (I tried with and without this line)</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>   error_log /etc/nginx/log warn;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>   location / {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>     proxy_pass  http://192.168.1.3:80/;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>     proxy_set_header Host $host;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>   }</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>     listen 80;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>     listen 443 ssl; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>     ssl_certificate /etc/letsencrypt/live/portal.printlight.dk/fullchain.pem; # managed


 by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>     ssl_certificate_key /etc/letsencrypt/live/portal.printlight.dk/privkey.pem; # managed


 by </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> }</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> >  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > From: nginx <nginx-bounces@nginx.org> on behalf of "Jungersen, Danjel -</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Jungersen Grafisk ApS"<danjel@jungersen.dk></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Organization: Jungersen Grafisk ApS</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Reply-To: "nginx@nginx.org"<nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Date: Sunday, 26 August 2018 at 10.13</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > To: "nginx@nginx.org"<nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Subject: reverse proxy https not working</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> >  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Hi there.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> >  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I have a setup that almost works.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > :-)</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> >  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I have a handful of domains that works as they should.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Traffic as accepted and forwarded to my apache on another server (also in dmz).</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I have setup certificates with certbot.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I have green (encrypted) icon on my browser when I visit my sites.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> >  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > 1 site is running on my green network.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > When I connect to that site all seems to work.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > However, certain functions fail, but only when connected via https.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > If I change the setup so that port 80 is not redirected to 443, everything works as


 long </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> as I</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > stay with http.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > As soon as I chenge the url to https:// some functions fail.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I have tried but cannot understand the debug log.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> >  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I don't see any hits on my firewall.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> >  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Any clues?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I will be happy to send config and logfiles, but I'm not sure exactly what to send.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> >  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Best regards</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Danjel</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> >   </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>  </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">>   </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>


<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody">  <o:p></o:p></span></p>


</div>


</body>


</html>