Welcome! Log In Create A New Profile

Advanced

nginx reverse to ssl backend

Posted by walid 
Forum List Message List New Topic
walid
nginx reverse to ssl backend
May 02, 2021 07:42AM
i get crt file from a partner, i want to let nginx do ssl connection so i follow this note : https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/ i don't have client pem file and client key file. Can i generate this files with crt to fille this directives:

location /upstream { proxy_pass https://backend.example.com; proxy_ssl_certificate /etc/nginx/client.pem; proxy_ssl_certificate_key /etc/nginx/client.key; }

actually my location :

location /api {

access_log /var/log/nginx/api.log upstream_logging ;

proxy_ssl_trusted_certificate /etc/nginx/partner.crt;

# proxy_ssl_certificate_key /etc/nginx/client.key;
# proxy_ssl_certificate /etc/nginx/client.pem;
proxy_ssl_verify off;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
proxy_ssl_server_name on;
#proxy_ssl_protocols TLSv1 ;



proxy_pass https://api$uri$is_args$args;

}

with this setting i get this error: SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream

how to get client.key? is this generated from crt file?
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 282
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready