how to setup nginx as reverse proxy + tomcat ssl
kaiyuan
nginx-forum at nginx.us
Wed Mar 31 12:09:42 MSD 2010
Hey guys,
I am totally new to Nginx, I need some advice with my reverse proxy setup.
This is what i am trying to set up. Client(commit a client cert)<========>| Nginx (reverse proxy with ssl)|<========>Tomcat (with SSL and clientAuth=true)
Follow is my nginx.conf,but it don't work.The messge from nginx logs:
2010/04/01 15:18:53 23771#0: *51 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate) while SSL handshaking to upstream, client: 192.168.2.225, server: localhost, request: "GET /prepayms/ HTTP/1.1", upstream: "https://192.168.2.33:18444/prepayms/", host: "192.168.2.48:48443"
nginx.conf:
upstream backssl{
server 192.168.2.33:18444;
}# HTTPS server
server {
listen 48443 default ssl;
server_name localhost;
ssl on;
ssl_client_certificate /home/newprepay/ca/ca-cert.pem;
ssl_certificate /home/newprepay/server/server-cert.pem;
ssl_certificate_key /home/newprepay/server/server.key;
ssl_session_timeout 5m;
ssl_verify_client on;
ssl_verify_depth 12;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 SSLv2 SSLv3;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+SSlv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass https://backssl;
My questions are
Can I have an SSL from Client to Nginx and another between Nginx and Tomcat ,nginx verify the client certificate,and also transfer the
client certificate to tomcat,tomcat also verify the client certificate.
if nginx can do this,how to setup.Can someboby give me an correct nginx.conf for this?
Thank You,
kaiyuan
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,69690,69690#msg-69690
More information about the nginx
mailing list