Welcome! Log In Create A New Profile

Advanced

Reverse Proxy configuration

Posted by info@info-protect.com 
Forum List Message List New Topic
info@info-protect.com
Reverse Proxy configuration
February 23, 2024 08:44AM
hello Dears,
I work for a company that has a legacy app that's using old ciphers on an old OS and one of the modules inside this app is a translation API that connects to api.cognitive.microsofttranslator.com. I've been trying to create a reverse proxy to act as a middleman/reverse proxy between my web server 1 "10.10.10.11" and web server 2 "10.10.10.12" and the Microsoft site as they removed old legacy unsupported ciphers. we are doing our best to update/fix the issue but we need the module to be functional until we fix it. can someone help me with the configuration file?
what I did is:

server {
listen 443 ssl;
server_name api.cognitive.microsofttranslator.com;
ssl_certificate /etc/nginx/sites-available/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/sites-available/ssl/private_key_decrypted.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:>

location / {
proxy_pass https://api.cognitive.microsofttranslator.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
proxy_ssl_ciphers 'HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
proxy_ssl_trusted_certificate /etc/nginx/sites-available/ssl/rootCA.crt;
proxy_ssl_verify on;
}
}

those certificates are created using OpenSSL on Ubuntu, and I changed the local host file in the webserver to point to nginx server.
I appreciate any help you can provide.

the supported ciphers are:
Protocols
TLS 1.3 Yes
TLS 1.2 Yes

# TLS 1.3 (suites in server-preferred order)
TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS 128

# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA) FS 256
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 172
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready