Welcome! Log In Create A New Profile

Advanced

Reverse Proxy configuration

Reverse Proxy configuration
February 23, 2024 08:44AM
hello Dears,
I work for a company that has a legacy app that's using old ciphers on an old OS and one of the modules inside this app is a translation API that connects to api.cognitive.microsofttranslator.com. I've been trying to create a reverse proxy to act as a middleman/reverse proxy between my web server 1 "10.10.10.11" and web server 2 "10.10.10.12" and the Microsoft site as they removed old legacy unsupported ciphers. we are doing our best to update/fix the issue but we need the module to be functional until we fix it. can someone help me with the configuration file?
what I did is:

server {
listen 443 ssl;
server_name api.cognitive.microsofttranslator.com;
ssl_certificate /etc/nginx/sites-available/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/sites-available/ssl/private_key_decrypted.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:>

location / {
proxy_pass https://api.cognitive.microsofttranslator.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
proxy_ssl_ciphers 'HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
proxy_ssl_trusted_certificate /etc/nginx/sites-available/ssl/rootCA.crt;
proxy_ssl_verify on;
}
}

those certificates are created using OpenSSL on Ubuntu, and I changed the local host file in the webserver to point to nginx server.
I appreciate any help you can provide.

the supported ciphers are:
Protocols
TLS 1.3 Yes
TLS 1.2 Yes

# TLS 1.3 (suites in server-preferred order)
TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS 128

# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA) FS 256
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 125
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready