Proxy pass and SSL certificates

Joncheski nginx-forum at forum.nginx.org
Tue May 8 07:34:04 UTC 2018


Hello Meph,

In configuration file "cloud.diakont.it.conf": 
- "ssl_certificate" please set path of only public certificate of server
(cloud.diakont.it), and in "ssl_certificate_key" please set path of only
private key of server (cloud.diakont.it).

In configuration file "ssl-params.conff":
- The certificates that you use for the server and for the client, from whom
are they issued and signed? If you are from your publisher and signer, these
parameters will be removed: ssl_ecdh_curve, ssl_stapling, add_header
X-Frame-Options DENY; add_header X-Content-Type-Options nosniff;

Change parameter: resolver_timeout 10s.

In nginx config:
- Add this argument: 
proxy_ssl_verify        on;
proxy_ssl_verify_depth  2;
proxy_ssl_session_reuse on;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_trusted_certificate <PATH-OF-ROOT-CA-CERTIFICATE>;
- And in location / like this:
location / {
					proxy_set_header X-Real-IP $remote_addr;
					proxy_set_header X-Forwarded-Proto $scheme;
					proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_set_header Upgrade $http_upgrade;
					proxy_set_header Connection 'upgrade';
					proxy_set_header Host $host;
					proxy_pass https://cloud_ssl/;
		}

And check the configuration file (nginx -t).
After this, please send me more access and error log for this.


Best regards,
Goce Joncheski

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,279665,279710#msg-279710



More information about the nginx mailing list