Welcome! Log In Create A New Profile

Advanced

Upstream SSL for vmware autodeploy reverse proxy

Posted by greevous 
Upstream SSL for vmware autodeploy reverse proxy
September 04, 2018 12:01PM
Hello everyone,

I am trying to use SSL on my upstream connection to my vCenter for my NginX Reverse Proxy, I've altered the config file that I found on Eric Gray's website (https://www.vcritical.com/2017/01/easy-auto-deploy-reverse-proxy-cache-with-an-nginx-container/):

Original:

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
sendfile on;
proxy_buffering on;
proxy_cache_valid 200 1d;
proxy_cache_path /var/www/cache levels=1:2 keys_zone=my-cache:15m max_size=1g inactive=24h;
proxy_temp_path /var/www/cache/tmp;

server {
listen 80;

location / {
proxy_pass https://${AUTO_DEPLOY};
keepalive_timeout 65;
tcp_nodelay on;
proxy_cache my-cache;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
daemon off;


My altered config:

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
sendfile on;
proxy_buffering on;
proxy_cache_valid 200 1d;
proxy_cache_path /var/www/cache levels=1:2 keys_zone=my-cache:15m max_size=1g inactive=24h;
proxy_temp_path /var/www/cache/tmp;

server { listen 80;

location / {
proxy_pass https://${AUTO_DEPLOY};
proxy_ssl_certificate /etc/ssl/certs/cert.crt;
proxy_ssl_certificate_key /etc/ssl/certs/cert.key;
proxy_ssl_trusted_certificate /etc/ssl/certs/chain.crt;
proxy_ssl_verify on;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_verify_depth 3;
proxy_ssl_session_reuse on;
keepalive_timeout 65;
tcp_nodelay on;
proxy_cache my-cache;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
daemon off;

and even thought it works as a reverse proxy, when I do a tcp dump, I see that the data is going as clear text. I can't seem to figure out what I'm doing wrong.

Any help is appreciated.

Thanks

Michael
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 106
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready