Welcome! Log In Create A New Profile

Advanced

handling different two way ssl-request via a proxy system

Previous Message Next Message
Forum List Message List New Topic Print View
Abdelouahed Haitoute
April 13, 2015 03:14AM
Hello,

Currently we’ve got the following situation in our production environment:

Clients —HTTP—> Apache —HTTPS TWO-WAY SSL VIA PROXY —> HTTPS SERVERS

Just to be clear, the following services are used during this flow:

http client (firefox, chrome, curl, wget, etc.) —> Apache —> Squid —> HTTPS services of other parties on the internet, supporting two-way ssl

We’ve realized this using the following configuration on the apache service:

LoadModule ssl_module modules/mod_ssl.so

Listen *:3128

<VirtualHost *:3128>

SSLProxyEngine On
SSLProxyVerify require
SSLProxyVerifyDepth 10
SSLProxyMachineCertificateFile /etc/httpd/certs/client.pem
SSLProxyCACertificateFile /etc/httpd/certs/ca.crt

RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [NC,P]


ProxyPreserveHost On
ProxyPass / https://$1/
ProxyPassReverse / https://$1/

ProxyRemote https http://192.168.68.102:3128
</VirtualHost>

We’re trying to replace the apache service by using nginx. I’ve installed nginx 1.7.12 on CentOS 6.6 and have realized in a development environment a two-way ssl:

http client —> Nginx 1.7.12 —> https two-way ssl directly —> https.example.com

server {
listen 3128;
location / {
#this enables client verification
proxy_ssl_verify on;
proxy_ssl_verify_depth 3;

#client certificate for upstream server
proxy_ssl_certificate /etc/nginx/certs/client.crt;

#client key generated from upstream cert
proxy_ssl_certificate_key /etc/nginx/certs/client.key;

proxy_ssl_trusted_certificate /etc/nginx/certs/ca.crt;

proxy_pass https://https.example.com:443/; # Specifying "https" causes NGINX to
# encrypt the traffic
}
}

There are two thing I haven’t realized in the development environment, because I don’t know how:
1. Making the Nginx 1.7.12 to use a proxy system, because that’s our policy to communicate to the outside world.
2. Making the configuration variable as much as possible. So the Nginx 1.7.12 handles all different http client requests to different https servers and send them as a https two-way ssl. Currently it only handles request for https.example.com http://https.example.com/.

Any help is welcome.

Abdelouahed_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

handling different two way ssl-request via a proxy system

Abdelouahed Haitoute April 13, 2015 03:14AM

Re: handling different two way ssl-request via a proxy system

Francis Daly April 13, 2015 03:28PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

fr8ke
Guests: 191
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready