SSL proxy without certificate
Edmund Lhot
edmund.lhot at gmail.com
Thu Nov 22 03:48:13 UTC 2012
On Thu, Nov 22, 2012 at 1:27 AM, Edho Arief <edho at myconan.net> wrote:
> On Thu, Nov 22, 2012 at 10:21 AM, Edmund Lhot <edmund.lhot at gmail.com>
> wrote:
> > Hello!
> >
> > I want to proxy ssl connections to a backend without a certicate but it
> > isn't working:
> >
> > server {
> > listen x.x.x.x:443;
> > location / {
> > proxy_pass https://y.y.y.y:443;
> > }
> > }
> >
> > I tried to use an approach like this (client auth with self generated
> cert),
> > but it didn't work too:
> >
>
> How is it not working?
>
2012/11/22 01:34:00 [error] 17649#0: *234 no "ssl_certificate" is defined
in server listening on SSL port while SSL handshaking, client: z.z.z.z,
server: x.x.x.x:443
>
> > server {
> >
> > listen x.x.x.x:443 ssl;
> >
> > ssl on;
> > ssl_certificate /etc/nginx/certs/server.crt;
> > ssl_certificate_key /etc/nginx/certs/server.key;
> > ssl_client_certificate /etc/nginx/certs/ca.crt;
> > ssl_verify_client optional;
> >
> > location / {
> > proxy_pass https://y.y.y.y:443;
> >
> > }
> > }
> >
> > Must I have the customer certificate to proxy this kind of request or
> there
> > is another way to do this?
> >
>
>
In this way proxy worked but not using the backend certificate, so I got
these messages in my browser. :(
The identity of this website has not been verified.
• Server's certificate does not match the URL.
• Server's certificate is not trusted.
> I think the one you want is tcp layer proxying/balancing which is not
> what nginx can do. Try using HAProxy instead.
>
I'll try. Tks.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20121122/7132536c/attachment.html>
More information about the nginx
mailing list