Dear nginx-users,

I´ve read on several articles, it´s not recommend to redirect https to http concerning "man in the middle attacks" etc.
So I didn´t dig to find a solution to do this anyway.
But there´s a way to avoid certificate warnings?
I´d like to configure nginx with an active wildcard-certificate, but using an old or selfsigned certificate on all endpoints (upstream servers). This would avoid renewing a certificate on endpoints, but to have anyway a crypted communication between nginx and upstream servers. Or I didn´t consider other arguments?
Any comments on this are welcome!

Thanks and best regards
Tom

Below you will find my config:

#user nobody;
#worker_processes 5;
worker_processes auto;

pid /usr/local/nginx/sbin/demo.pid;

events {
#worker_connections 1024;
worker_connections 16384;
}


http {
include mime.types;
default_type application/octet-stream;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Queue-Start "t=${msec}000";

#logging
log_format main '[$time_local] Client: $remote_addr - Server: $server_name to Webserver: $upstream_addr - Request: $request - UpstreamResponse: $upstream_response_time msec';

access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log info;

client_max_body_size 20M;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 75;

#gzip on;

upstream webserver {

sticky name=login-demo;
#sticky name=login-demo expires=30m;

server test1.local:80;
server test2.local:80;
}

upstream swebserver {

name=slogin-demo;
#sticky name=slogin-demo expires=30m;

server test1.local:443;
server test1.local:443;
}
geo $maintenance {
default 0; #0 = using upstream webserver; 1 = using maintenance mode
}

server {
#listen localhost:80;
listen 10.x.x.x:80;
#server_name localhost;
server_name test.de *.test.de;
root /usr/local/nginx/html/;

location / {
if ($maintenance) {
return 503;
}
proxy_pass http://webserver;
}

error_page 503 @maintenance;

if (-f $document_root/wartung) {
return 503;
}

location @maintenance {
#rewrite ^(.*)$ /50x.html break;
rewrite (favicon\.ico|logo\.png|styles\.css)$ /$1 break;
rewrite ^(.*)$ /index.html break;
}


}

server {
#listen localhost:443 ssl;
listen 10.x.x.x:443 ssl;
#server_name localhost;
server_name test.de *.test.de;
root /usr/local/nginx/html/;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_protocols SSLv3 TLSv1;

ssl_certificate /usr/local/nginx/keys/test.crt;
ssl_certificate_key /usr/local/nginx/keys/test.key;

location / {
if ($maintenance) {
return 503;
}
proxy_pass https://swebserver;
}
error_page 503 @maintenance;

if (-f $document_root/wartung) {
return 503;
}


location @maintenance {
#rewrite ^(.*)$ /50x.html break;
rewrite (favicon\.ico|logo\.png|styles\.css)$ /$1 break;
rewrite ^(.*)$ /index.html break;
}
}
}

I added the cache configuration in my windows envir, but i can't login my app ,the error log is below:

2014/05/07 10:06:27 [error] 2160#14172: *3 CreateFile() "D:\myapp\nginx1.5/cache/myapp/static/msgengine/msgengine.js" failed (3: The system cannot find the path specified), client: 192.168.3.112, server: 0.0.0.0, request: "GET /myapp/static/msgengine/msgengine.js HTTP/1.1", host: "10.1.1.7", referrer: "http://10.1.1.7/myapp/index.action"

my cache config is below:
location ~ .*\.(js|css|ico|jpg|jpeg|png|gif)$
{
cache
expires 1h;
proxy_set_header Host $host;
}

Hello sam.gu,

how´s your reply related to my question!?

Concerning your problem your log-entry should help to solve your problem:
"The system cannot find the path specified"

So check your path!

Regards
Tom



Edited 2 time(s). Last edit at 05/07/2014 05:16PM by tmade.