Welcome! Log In Create A New Profile

Advanced

Running ssl on custom port and its not working

November 16, 2022 01:04PM
Hi Team,

I have current URL as https://xxx.xxx.xxx:8081/neutrino-sso-web/ which is directly natted on firewall on pot 8081
However I now would like to put this URL behind nginx reverse proxy. Since the above URL is given to lot many customers it would not be possible to change the URL. we are planning to change it graudally.

However mean time I installed the nginx and trying to relay the same setup; so that from internet if some accessed https://xx.xxxx.xxx:8081/neutrino-sso-web/ it would proxy_pass to orignial server

My stanza is as below; however this is not working and I am getting

##########
This site can’t provide a secure connection
xxx.xxxx..xxx sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
##############


server {
listen 443;
listen 8081 ssl;
server_name xx.xxxx.xxxx;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/nginx/certs/xx.xx/216560a7cbdc5937.crt;
ssl_certificate_key /etc/nginx/certs/xx.xx/xxxx.key;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA
-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256
-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3
-SHA:!DSS';
ssl_dhparam /etc/nginx/certs/dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
keepalive_timeout 70;
if ( $request_method !~ ^(GET|POST|HEAD)$ ) {
return 403;
break;
}
access_log /var/log/nginx/xxx.xxxx/access.log;
error_log /var/log/nginx/xxx.xxx/error.log;
{
location / {
client_max_body_size 700m;
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_http_version 1.1;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;
proxy_pass https://xxx.xxx.xxx:8081/neutrino-sso-web/login;
proxy_ssl_server_name on;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header X-Frame-Options "SAMEORIGIN" always;
}
}

Am I doing anything wroing?

TIA
Blason R
Subject Author Posted

Running ssl on custom port and its not working

blason November 16, 2022 01:04PM

Re: Running ssl on custom port and its not working

Sergey A. Osokin November 16, 2022 01:26PM

Re: Running ssl on custom port and its not working

blason November 17, 2022 12:58PM

Re: Running ssl on custom port and its not working

Francis Daly November 17, 2022 01:12PM

Re: Running ssl on custom port and its not working

Sergey A. Osokin November 17, 2022 05:32PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 114
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready