Welcome! Log In Create A New Profile

Advanced

Nginx как SSL клиент

May 01, 2017 05:05AM
Добрый день! Подскажите пожалуйста, как сделать Nginx как SSL клиент?
nginx version: nginx/1.8.1
Ниже конфиги nginx.

server {
listen 80;
server_name roga-and-kopyta;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;

location = / {
proxy_buffering off;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_ssl_certificate ssl_subscription/client-cert.pem;
proxy_ssl_certificate_key ssl_subscription/privkey.key;
proxy_pass https://server-in-inet:443;
}
}

Запрос

curl -v --header "Content-Type:application/xml" -d "Запрос" http://server-in-inet:443/

В логах Nginx

2017/05/01 08:32:06 [error] 27245#0: *7 SSL_do_handshake() failed (SSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert number 48) while SSL handshaking to upstream, client: ip-backend-server, server: server-in-inet, request: «POST / HTTP/1.1», upstream: "https://IP-adres-server-in-inet:443", host: «server-in-inet»

Почему то upstream: "https://IP-adres-server-in-inet:443" в виде IP сервера, а должен быть в виде Hostname.

Что может быть не так?
Subject Author Posted

Nginx как SSL клиент

Dothris May 01, 2017 05:05AM

Re: Nginx как SSL клиент

Andrey Kopeyko May 01, 2017 06:52AM

Re: Nginx как SSL клиент

Илья Шипицин May 01, 2017 07:26AM

Re: Nginx как SSL клиент

Dothris May 01, 2017 10:49AM

Re: Nginx как SSL клиент

Dothris May 01, 2017 10:56AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 182
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready