Hello everyone,
I am trying to use SSL on my upstream connection to my vCenter for my NginX Reverse Proxy, I've altered the config file that I found on Eric Gray's website (https://www.vcritical.com/2017/01/easy-auto-deploy-reverse-proxy-cache-with-an-nginx-container/):
Original:
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
sendfile on;
proxy_buffering on;
proxy_cache_valid 200 1d;
proxy_cache_path /var/www/cache levels=1:2 keys_zone=my-cache:15m max_size=1g inactive=24h;
proxy_temp_path /var/www/cache/tmp;
server {
listen 80;
location / {
proxy_pass https://${AUTO_DEPLOY};
keepalive_timeout 65;
tcp_nodelay on;
proxy_cache my-cache;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
daemon off;
My altered config:
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
sendfile on;
proxy_buffering on;
proxy_cache_valid 200 1d;
proxy_cache_path /var/www/cache levels=1:2 keys_zone=my-cache:15m max_size=1g inactive=24h;
proxy_temp_path /var/www/cache/tmp;
server { listen 80;
location / {
proxy_pass https://${AUTO_DEPLOY};
proxy_ssl_certificate /etc/ssl/certs/cert.crt;
proxy_ssl_certificate_key /etc/ssl/certs/cert.key;
proxy_ssl_trusted_certificate /etc/ssl/certs/chain.crt;
proxy_ssl_verify on;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_verify_depth 3;
proxy_ssl_session_reuse on;
keepalive_timeout 65;
tcp_nodelay on;
proxy_cache my-cache;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
daemon off;
and even thought it works as a reverse proxy, when I do a tcp dump, I see that the data is going as clear text. I can't seem to figure out what I'm doing wrong.
Any help is appreciated.
Thanks
Michael
I am trying to use SSL on my upstream connection to my vCenter for my NginX Reverse Proxy, I've altered the config file that I found on Eric Gray's website (https://www.vcritical.com/2017/01/easy-auto-deploy-reverse-proxy-cache-with-an-nginx-container/):
Original:
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
sendfile on;
proxy_buffering on;
proxy_cache_valid 200 1d;
proxy_cache_path /var/www/cache levels=1:2 keys_zone=my-cache:15m max_size=1g inactive=24h;
proxy_temp_path /var/www/cache/tmp;
server {
listen 80;
location / {
proxy_pass https://${AUTO_DEPLOY};
keepalive_timeout 65;
tcp_nodelay on;
proxy_cache my-cache;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
daemon off;
My altered config:
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
sendfile on;
proxy_buffering on;
proxy_cache_valid 200 1d;
proxy_cache_path /var/www/cache levels=1:2 keys_zone=my-cache:15m max_size=1g inactive=24h;
proxy_temp_path /var/www/cache/tmp;
server { listen 80;
location / {
proxy_pass https://${AUTO_DEPLOY};
proxy_ssl_certificate /etc/ssl/certs/cert.crt;
proxy_ssl_certificate_key /etc/ssl/certs/cert.key;
proxy_ssl_trusted_certificate /etc/ssl/certs/chain.crt;
proxy_ssl_verify on;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_verify_depth 3;
proxy_ssl_session_reuse on;
keepalive_timeout 65;
tcp_nodelay on;
proxy_cache my-cache;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
daemon off;
and even thought it works as a reverse proxy, when I do a tcp dump, I see that the data is going as clear text. I can't seem to figure out what I'm doing wrong.
Any help is appreciated.
Thanks
Michael