Welcome! Log In Create A New Profile

Advanced

how to setup nginx as reverse proxy + tomcat ssl

March 31, 2010 04:09AM
Hey guys,

I am totally new to Nginx, I need some advice with my reverse proxy setup.

This is what i am trying to set up. Client(commit a client cert)<========>| Nginx (reverse proxy with ssl)|<========>Tomcat (with SSL and clientAuth=true)


Follow is my nginx.conf,but it don't work.The messge from nginx logs:
2010/04/01 15:18:53 [error] 23771#0: *51 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate) while SSL handshaking to upstream, client: 192.168.2.225, server: localhost, request: "GET /prepayms/ HTTP/1.1", upstream: "https://192.168.2.33:18444/prepayms/", host: "192.168.2.48:48443"

nginx.conf:

upstream backssl{
server 192.168.2.33:18444;

}# HTTPS server

server {
listen 48443 default ssl;
server_name localhost;


ssl on;

ssl_client_certificate /home/newprepay/ca/ca-cert.pem;
ssl_certificate /home/newprepay/server/server-cert.pem;
ssl_certificate_key /home/newprepay/server/server.key;
ssl_session_timeout 5m;
ssl_verify_client on;
ssl_verify_depth 12;
ssl_session_cache builtin:1000 shared:SSL:10m;


ssl_protocols TLSv1 SSLv2 SSLv3;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+SSlv3:+EXP;
ssl_prefer_server_ciphers on;

location / {
root html;
index index.html index.htm;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass https://backssl;


My questions are
Can I have an SSL from Client to Nginx and another between Nginx and Tomcat ´╝înginx verify the client certificate,and also transfer the
client certificate to tomcat,tomcat also verify the client certificate.

if nginx can do this,how to setup.Can someboby give me an correct nginx.conf for this?



Thank You,
kaiyuan
Subject Author Posted

how to setup nginx as reverse proxy + tomcat ssl

kaiyuan March 31, 2010 04:09AM

Re: how to setup nginx as reverse proxy + tomcat ssl

Maxim Dounin March 31, 2010 04:52AM

Re: how to setup nginx as reverse proxy + tomcat ssl

kaiyuan March 31, 2010 05:40AM

Re: how to setup nginx as reverse proxy + tomcat ssl

Weibin Yao March 31, 2010 05:50AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 110
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready