<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cordia New";
panose-1:2 11 3 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:3.0cm 2.0cm 3.0cm 2.0cm;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="DA" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-GB">> Both did the trick, but which one is better?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">I personally prefer the $request_uri one because it’s very clear exactly what it does.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">> I think I read somewhere that nginx would connect unencrypted to the backend, and do the encryption / decryption, is this wrong then?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Nginx will connect the way you’ve told it to connect, if you’re connecting to a http backend, it will do plain communication over http – if you’re connecting to a https backend, it will establish a secure connection with
the backend, and decrypt the response before encrypting it again when going to the client.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">> It works on some of my other domains, so is this just an exeption?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">> What I really ask is this: Should I change my other domains also, or should I kepp them as they are as long as they work?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">I would change it for consistency across your configs, but that’s my opinion – if it works then it’s all OK anyway, I don’t know the specific case when it will and will not work – so I by default set $request_uri because
it works in 99% of the cases, and I’ll only modify it if another behaviour is required.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Best Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Lucas Rolff<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-left:36.0pt"><b><span lang="EN-US" style="font-size:12.0pt;color:black">From:
</span></b><span lang="EN-US" style="font-size:12.0pt;color:black">nginx <nginx-bounces@nginx.org> on behalf of "Jungersen, Danjel - Jungersen Grafisk ApS" <danjel@jungersen.dk><br>
<b>Organization: </b>Jungersen Grafisk ApS<br>
<b>Reply-To: </b>"nginx@nginx.org" <nginx@nginx.org><br>
<b>Date: </b>Sunday, 26 August 2018 at 11.29<br>
<b>To: </b>"nginx@nginx.org" <nginx@nginx.org><br>
<b>Subject: </b>Re: reverse proxy https not working<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal" style="margin-left:36.0pt"><a name="_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Thanks !!!</span></a><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> proxy_pass https://192.168.1.3;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> proxy_pass https://192.168.1.3$request_uri;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Both did the trick, but which one is better?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">I will now try to re-enable all the "force encryption" settings.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">And closing firewall ports to see what I can avoid having open.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">I'm a bit of novice at proxies, so please be patient :-)</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">I will read the documentation sections you mentioned.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">I think I read somewhere that nginx would connect unencrypted to the backend, and do the encryption /
decryption, is this wrong then?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">It works on some of my other domains, so is this just an exeption?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">What I really ask is this: Should I change my other domains also, or should I kepp them as they are as
long as they work?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">It sounds like you recommend removing the "/" on all sites(?)</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">A current typical setup:</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">server {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> server_name www.printlight.dk;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> server_name printlight.dk;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> location / {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> proxy_pass http://192.168.20.3/;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> proxy_set_header Host $host;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> }</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> listen 443 ssl; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> ssl_certificate /etc/letsencrypt/live/printlight.dk/fullchain.pem; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> ssl_certificate_key /etc/letsencrypt/live/printlight.dk/privkey.pem; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">}</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">server {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> if ($host = www.printlight.dk) {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> return 301 https://$host$request_uri;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> } # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> if ($host = printlight.dk) {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> return 301 https://$host$request_uri;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> } # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> listen 80;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> server_name www.printlight.dk;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> server_name printlight.dk;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"> return 404; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">}</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Best regards</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Danjel</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">From: Lucas Rolff <lucas@lucasrolff.com></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">To: "nginx@nginx.org" <nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Subject: Re: reverse proxy https not working</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Date sent: Sun, 26 Aug 2018 08:47:03 +0000</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Send reply to: nginx@nginx.org</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > The vendor recommended me to use a reverse proxy....</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Ideally the vendor should have a working config in that case, but, I do see a few things
that can </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> be an issue.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> You’re serving https but proxying to an http backend – depending on how the software works,
a </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> lot of the reverse URLs that is sent back, might be linking to http:// instead of https://</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> This in itself can break a lot of functionality, you might want to try to proxy to an
https backend </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> – this might require that you create a self-signed certificate on the backend (can be
valid for 10 </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> years) – the backend software itself, if it has a way to enable “https”, you’d have to
set this as </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> well.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> I also recommend removing the / (slash) in the end of the proxy_pass, this will pass through
the </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> request URI from the client, as per documentation:</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > If proxy_pass is specified without a URI, the request URI is passed to the server in
the same </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> form as sent by a client when the original request is processed, or the full normalized
request </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> URI is passed when processing the changed URI</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Alternatively do proxy_pass http://192.168.1.3$request_uri; or proxy_pass
</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> https://192.168.1.3$request_uri;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Additionally, if your software uses Location or Refresh headers, then you might want to
look </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> into proxy_redirect (
</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect ) to rewrite
this on </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> the “return” to the user.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Best Regards,</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Lucas Rolff</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> From: nginx <nginx-bounces@nginx.org> on behalf of "Jungersen, Danjel -
</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Jungersen Grafisk ApS"<danjel@jungersen.dk></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Organization: Jungersen Grafisk ApS</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Reply-To: "nginx@nginx.org" <nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Date: Sunday, 26 August 2018 at 10.33</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> To: "nginx@nginx.org" <nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Subject: Re: reverse proxy https not working</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> From: Lucas Rolff <lucas@lucasrolff.com></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> To: "nginx@nginx.org"<nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Subject: Re: reverse proxy https not working</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Date sent: Sun, 26 Aug 2018 08:19:28 +0000</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Send reply to: nginx@nginx.org</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Which functions do not work?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Thats a bit hard to say, but I'll try..</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> It's a print production system.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> 1 part is approval of pages in a job.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> When I try to open a page for approval the system should open up the page in large size.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> That does not happen.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> The thumbnails on the side works.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> And as stated, when I do the same thing when connected via http, there are no issues.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Be aware some software (WordPress being a good example) doesn’t always work with
</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> reverse</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > proxies that easy.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> The vendor recommended me to use a reverse proxy....</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Could you possibly include your nginx configuration? Especially your proxy parts.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> server {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> server_name portal.printlight.dk;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> client_max_body_size 1000m; # (I tried with and without this line)</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> error_log /etc/nginx/log warn;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> location / {</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> proxy_pass http://192.168.1.3:80/;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> proxy_set_header Host $host;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> }</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> listen 80;</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> listen 443 ssl; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> ssl_certificate /etc/letsencrypt/live/portal.printlight.dk/fullchain.pem; # managed
by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> ssl_certificate_key /etc/letsencrypt/live/portal.printlight.dk/privkey.pem; # managed
by </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> }</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > From: nginx <nginx-bounces@nginx.org> on behalf of "Jungersen, Danjel -</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Jungersen Grafisk ApS"<danjel@jungersen.dk></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Organization: Jungersen Grafisk ApS</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Reply-To: "nginx@nginx.org"<nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Date: Sunday, 26 August 2018 at 10.13</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > To: "nginx@nginx.org"<nginx@nginx.org></span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Subject: reverse proxy https not working</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Hi there.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I have a setup that almost works.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > :-)</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I have a handful of domains that works as they should.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Traffic as accepted and forwarded to my apache on another server (also in dmz).</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I have setup certificates with certbot.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I have green (encrypted) icon on my browser when I visit my sites.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > 1 site is running on my green network.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > When I connect to that site all seems to work.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > However, certain functions fail, but only when connected via https.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > If I change the setup so that port 80 is not redirected to 443, everything works as
long </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> as I</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > stay with http.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > As soon as I chenge the url to https:// some functions fail.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I have tried but cannot understand the debug log.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I don't see any hits on my firewall.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Any clues?</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > I will be happy to send config and logfiles, but I'm not sure exactly what to send.</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Best regards</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > Danjel</span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> > </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#7F0000">> </span></span><span style="mso-bookmark:_MailOriginalBody"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="mso-bookmark:_MailOriginalBody"> <o:p></o:p></span></p>
</div>
</body>
</html>