Using below config, According to this,

https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/#

server {
listen 80;
server_name nginx_server_name;
#...

upstream dev {
zone dev 64k;
server backend.example.com:443;
}

location /upstream {
proxy_pass https://$upstream$request_uri;
proxy_ssl_certificate /etc/nginx/client.pem;
proxy_ssl_certificate_key /etc/nginx/client.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;

proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
}
}
What is below client.pem & client.key?

is this the nginx client files which needs to be created and signed with CA?
or is that a backend.example.com ssl certs?

What is trusted_ca_cert.crt;?

Is this related to backend.example.com? how can i obtain this?

Steps i did:

Created csr & key using openssl with CN as nginx_server_name
signed & Got the cert (client.crt) -> client.pem configured both client.pem
& .key in config
But getting below exception when i hit the API.

upstream SSL certificate verify error: (19:self signed certificate in
certificate chain) while SSL handshaking to upstream, client: <user_ip>,
server: <nginx_server_ip>, request: "POST /getsomething HTTP/1.1", upstream:
"https://backend.example.com:443/getsomething", host: "nginx_server_ip"



--
Sent from: http://nginx.2469901.n2.nabble.com/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx