Proxy pass and SSL certificates
Joncheski
nginx-forum at forum.nginx.org
Tue May 8 07:34:04 UTC 2018
Hello Meph,
In configuration file "cloud.diakont.it.conf":
- "ssl_certificate" please set path of only public certificate of server
(cloud.diakont.it), and in "ssl_certificate_key" please set path of only
private key of server (cloud.diakont.it).
In configuration file "ssl-params.conff":
- The certificates that you use for the server and for the client, from whom
are they issued and signed? If you are from your publisher and signer, these
parameters will be removed: ssl_ecdh_curve, ssl_stapling, add_header
X-Frame-Options DENY; add_header X-Content-Type-Options nosniff;
Change parameter: resolver_timeout 10s.
In nginx config:
- Add this argument:
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_trusted_certificate <PATH-OF-ROOT-CA-CERTIFICATE>;
- And in location / like this:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_pass https://cloud_ssl/;
}
And check the configuration file (nginx -t).
After this, please send me more access and error log for this.
Best regards,
Goce Joncheski
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,279665,279710#msg-279710
More information about the nginx
mailing list