Hi,
I am using nginx 1.13.11 on Windows 10
I am trying to set up a reverse proxy for a HTTPS backend requiring client ssl authentication.
Tried this with the following config
---
worker_processes 1;
error_log logs/error.log debug;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 443 ssl;
server_name localhost;
ssl_certificate C:/data/nginx-1.13.11/conf/crt;
ssl_certificate_key C:/data/nginx-1.13.11/conf/key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /path {
proxy_pass https://backend
proxy_ssl_certificate C:/data/nginx-1.13.11/conf/backend.crt;
proxy_ssl_certificate_key C:/data/nginx-1.13.11/conf/backend.key;
}
}
}
---
This does not work. Debug log of a request can be found in the attached file.
When accessing the backend directly with importing the backend cert+key into Firefox works out of the box.
I do not know what software the backend is using.
Using an own apache with client authentication as a backend for my nginx reverse proxy, this given config works.
I have no clue how to solve this. Maybe its an SSL Problem between the nginx and the backend?
Does anyone has a hint how to get it work or how to analyse the reason of not working?
I am using nginx 1.13.11 on Windows 10
I am trying to set up a reverse proxy for a HTTPS backend requiring client ssl authentication.
Tried this with the following config
---
worker_processes 1;
error_log logs/error.log debug;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 443 ssl;
server_name localhost;
ssl_certificate C:/data/nginx-1.13.11/conf/crt;
ssl_certificate_key C:/data/nginx-1.13.11/conf/key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /path {
proxy_pass https://backend
proxy_ssl_certificate C:/data/nginx-1.13.11/conf/backend.crt;
proxy_ssl_certificate_key C:/data/nginx-1.13.11/conf/backend.key;
}
}
}
---
This does not work. Debug log of a request can be found in the attached file.
When accessing the backend directly with importing the backend cert+key into Firefox works out of the box.
I do not know what software the backend is using.
Using an own apache with client authentication as a backend for my nginx reverse proxy, this given config works.
I have no clue how to solve this. Maybe its an SSL Problem between the nginx and the backend?
Does anyone has a hint how to get it work or how to analyse the reason of not working?