On Thu, Nov 22, 2012 at 1:27 AM, Edho Arief <edho@myconan.net> wrote:

> On Thu, Nov 22, 2012 at 10:21 AM, Edmund Lhot <edmund.lhot@gmail.com>
> wrote:
> > Hello!
> >
> > I want to proxy ssl connections to a backend without a certicate but it
> > isn't working:
> >
> > server {
> > listen x.x.x.x:443;
> > location / {
> > proxy_pass https://y.y.y.y:443;
> > }
> > }
> >
> > I tried to use an approach like this (client auth with self generated
> cert),
> > but it didn't work too:
> >
>
> How is it not working?
>

2012/11/22 01:34:00 [error] 17649#0: *234 no "ssl_certificate" is defined
in server listening on SSL port while SSL handshaking, client: z.z.z.z,
server: x.x.x.x:443


>
> > server {
> >
> > listen x.x.x.x:443 ssl;
> >
> > ssl on;
> > ssl_certificate /etc/nginx/certs/server.crt;
> > ssl_certificate_key /etc/nginx/certs/server.key;
> > ssl_client_certificate /etc/nginx/certs/ca.crt;
> > ssl_verify_client optional;
> >
> > location / {
> > proxy_pass https://y.y.y.y:443;
> >
> > }
> > }
> >
> > Must I have the customer certificate to proxy this kind of request or
> there
> > is another way to do this?
> >
>
>
In this way proxy worked but not using the backend certificate, so I got
these messages in my browser. :(

The identity of this website has not been verified.
• Server's certificate does not match the URL.
• Server's certificate is not trusted.



> I think the one you want is tcp layer proxying/balancing which is not
> what nginx can do. Try using HAProxy instead.
>

I'll try. Tks.

>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx