Hey Guys -
I've been wanting to set up a Reverse Proxy for my hosted apps for a while now and after reading an article about Nginx yesterday; decided to give it a shot. The only part I have questions about & am getting errors with is adding my own purchased SSL cert.
I purchased my SSL from GoDaddy based on a key I generated on the host computer and it has the same domain name as what I'd use with Nginx. I have even added a record in my router to forward local requests for my domain name to the server's local IP. I know the SSL crt / key combination works as I'm currently using it for many hosted services on the system.
I added the SSL cert by copying the two files (crt & key) to the nginx folder, then adding 3 lines below the "listen" line in the conf file. Below are the added lines plus the lines that come before & after them:
-----------------------------------------------------------------
listen 443;
ssl on;
ssl_certificate C:\nginx-1.6.2\kelnet.crt;
ssl_certificate_key C:\nginx-1.6.2\myserver.key;
server_name mydomain.com, 192.168.0.25;
-----------------------------------------------------------------
After saving the conf file, I started Nginx, but it didn't work. i checked the logs and the error.log lists these 3 lines:
-----------------------------------------------------------------
2014/12/29 14:57:00 [emerg] 53236#50624: BIO_new_file("C:
ginx-1.6.2\kelnet.crt") failed (SSL: error:0200107B:system library:fopen:Unknown error:fopen('C:
ginx-1.6.2\kelnet.crt','r') error:2006D002:BIO routines:BIO_new_file:system lib)
-----------------------------------------------------------------
After getting the error, I installed OpenSSL (Win32 OpenSSL v1.0.1j Light specifially) but still got the same error. I'm running everything on Windows 8.1 x64 (Fully Patched.)
[b]Questions[/b]
1. What am I doing incorrectly / what's causing the error?
2. Since the sites I'm redirecting to use SSL and require a logon, does that change the way I configure their redirection in the conf file? I'm currently using the below code:
-----------------------------------------------------------------
location /myapp {
proxy_pass https://mynetwork.com:9898;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-----------------------------------------------------------------
3. If I wanted to use a port other than 443 when using SSL, would it be as easy as changing it on the listening line or is further config required?
Any help would be greatly appreciated - Thanks!!
I've been wanting to set up a Reverse Proxy for my hosted apps for a while now and after reading an article about Nginx yesterday; decided to give it a shot. The only part I have questions about & am getting errors with is adding my own purchased SSL cert.
I purchased my SSL from GoDaddy based on a key I generated on the host computer and it has the same domain name as what I'd use with Nginx. I have even added a record in my router to forward local requests for my domain name to the server's local IP. I know the SSL crt / key combination works as I'm currently using it for many hosted services on the system.
I added the SSL cert by copying the two files (crt & key) to the nginx folder, then adding 3 lines below the "listen" line in the conf file. Below are the added lines plus the lines that come before & after them:
-----------------------------------------------------------------
listen 443;
ssl on;
ssl_certificate C:\nginx-1.6.2\kelnet.crt;
ssl_certificate_key C:\nginx-1.6.2\myserver.key;
server_name mydomain.com, 192.168.0.25;
-----------------------------------------------------------------
After saving the conf file, I started Nginx, but it didn't work. i checked the logs and the error.log lists these 3 lines:
-----------------------------------------------------------------
2014/12/29 14:57:00 [emerg] 53236#50624: BIO_new_file("C:
ginx-1.6.2\kelnet.crt") failed (SSL: error:0200107B:system library:fopen:Unknown error:fopen('C:
ginx-1.6.2\kelnet.crt','r') error:2006D002:BIO routines:BIO_new_file:system lib)
-----------------------------------------------------------------
After getting the error, I installed OpenSSL (Win32 OpenSSL v1.0.1j Light specifially) but still got the same error. I'm running everything on Windows 8.1 x64 (Fully Patched.)
[b]Questions[/b]
1. What am I doing incorrectly / what's causing the error?
2. Since the sites I'm redirecting to use SSL and require a logon, does that change the way I configure their redirection in the conf file? I'm currently using the below code:
-----------------------------------------------------------------
location /myapp {
proxy_pass https://mynetwork.com:9898;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-----------------------------------------------------------------
3. If I wanted to use a port other than 443 when using SSL, would it be as easy as changing it on the listening line or is further config required?
Any help would be greatly appreciated - Thanks!!