Problem with certificate and Nginx as Reverse SSL proxy.
michaelvv
nginx-forum at nginx.us
Tue Oct 13 15:01:41 MSD 2009
Hi Nginx.
I have tried to setup at Reverse SSL proxy with nginx....
I need to have login.blabla.com to fetch data from a http
server behind it...
I go a certificate Error in both mozilla/IE even if they say
that the certificate is okay...
NB! note login.blabla.com is just an example...
Here is my conf files...
____ mysite.conf ______
server {
listen 443;
server_name login.blabla.com;
#access_log off;
#error_log off;
ssl on;
ssl_certificate /usr/local/nginx/conf/login.blabla.com.crt;
ssl_certificate_key /usr/local/nginx/conf/login.blabla.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
# proxy to Apache 2 and mod_python
location / {
access_log accesslog main buffer=32k;
error_log errorlog notice; # warn , debug , info , notice
proxy_pass http://xxx.xxx.xxx.xxx:80;
proxy_redirect default; # off , default
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
___________________________________________
_______ nginx.conf __________
#user nobody;
worker_processes 2;
error_log /usr/local/nginx/logs/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
# allow long server names
server_names_hash_bucket_size 64;
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $status - $msec - $request_time - $connection - $pipe - "$http_referer" $remote_user [$time_local] '
'"$request" $body_bytes_sent '
'"$http_user_agent" "$http_x_forwarded_for"';
#log_format info '$remote_addr';
limit_zone ourserver $binary_remote_addr 1m;
access_log /usr/local/nginx/logs/access.log;
# spool uploads to disk instead of clobbering downstream servers
client_body_temp_path /var/spool/nginx-client-body 1 2;
client_max_body_size 32m;
client_body_buffer_size 128k;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
keepalive_timeout 5;
## Compression
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_types text/plain text/html text/css application/x-javascript \
text/xml application/xml application/xml+rss text/javascript \
image/gif image/jpeg image/png;
# Some version of IE 6 don't handle compression well on some mime-types,
# so just disable for them
gzip_disable "MSIE [1-6].(?!.*SV1)";
# Set a vary header so downstream proxies don't send cached gzip
# content to IE
gzip_vary on;
include /usr/local/nginx/sites_normal/*.conf;
}
________________________________________________
Thanks
/MIchael
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,13352,13352#msg-13352
More information about the nginx
mailing list