Proxy pass and SSL certificates
Mephysto On Hell
mephystoonhell at gmail.com
Wed May 9 09:50:21 UTC 2018
Hello Goce,
but with this configuration, can I disable SSL in target Nginx?
Thanks in advance.
Meph
On 8 May 2018 at 09:34, Joncheski <nginx-forum at forum.nginx.org> wrote:
> Hello Meph,
>
> In configuration file "cloud.diakont.it.conf":
> - "ssl_certificate" please set path of only public certificate of server
> (cloud.diakont.it), and in "ssl_certificate_key" please set path of only
> private key of server (cloud.diakont.it).
>
> In configuration file "ssl-params.conff":
> - The certificates that you use for the server and for the client, from
> whom
> are they issued and signed? If you are from your publisher and signer,
> these
> parameters will be removed: ssl_ecdh_curve, ssl_stapling, add_header
> X-Frame-Options DENY; add_header X-Content-Type-Options nosniff;
>
> Change parameter: resolver_timeout 10s.
>
> In nginx config:
> - Add this argument:
> proxy_ssl_verify on;
> proxy_ssl_verify_depth 2;
> proxy_ssl_session_reuse on;
> proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> proxy_ssl_trusted_certificate <PATH-OF-ROOT-CA-CERTIFICATE>;
> - And in location / like this:
> location / {
> proxy_set_header X-Real-IP
> $remote_addr;
> proxy_set_header X-Forwarded-Proto
> $scheme;
> proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
> proxy_set_header Upgrade
> $http_upgrade;
> proxy_set_header Connection
> 'upgrade';
> proxy_set_header Host $host;
> proxy_pass https://cloud_ssl/;
> }
>
> And check the configuration file (nginx -t).
> After this, please send me more access and error log for this.
>
>
> Best regards,
> Goce Joncheski
>
> Posted at Nginx Forum: https://forum.nginx.org/read.
> php?2,279665,279710#msg-279710
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180509/ccdadbc3/attachment.html>
More information about the nginx
mailing list