Ssl on different servers

alcina · October 2, 2013, 3:19am

Hi,
My domain.com is on ip: x.x.x.x
where I have a configuration like:

server {
server_name sub.domain.com;
location / {

  proxy_pass http://y.y.y.y;

  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

On ip y.y.y.y my configuration is:

server {
server_name sub.domain.com;
location / {

  proxy_pass http://localhost:8080;

  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

That’s fine!

But…

I’m trying to add ssl support, I bought a wildcard certificate but
unfortunately I’m struggling with the configuration.

I changed the config on x.x.x.x:

server {
server_name sub.domain.com;
location / {
proxy_pass http://y.y.y.y;

  proxy_set_header X-Forwarded-Proto https;

  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

listen 443;
ssl_certificate ssl.crt;
ssl_certificate_key my.key;
}

and I changed the config on y.y.y.y:

server {
server_name sub.domain.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

   listen 443 ssl;
   ssl_certificate      ssl.crt;
   ssl_certificate_key  my.key;

}

I also tried other configuration, but I cannot make it working.

Can you help me, please?

Thanks

Dossi

Posted at Nginx Forum:

dossi · October 2, 2013, 6:26am

what is your problem then?

Posted at Nginx Forum:

dossi · October 2, 2013, 9:07am

The problem is that if I point a browser to https://sub.domain.com it
doesn’t work.

Cheers
Dossi

Posted at Nginx Forum:

dossi · October 2, 2013, 9:11am

did you tried to turn it off and on again?

sorry, but from your description no one would be able to help you.

regards,

mex

Posted at Nginx Forum:

dossi · October 2, 2013, 9:32am

What’s not working, I suppose, is that the client browser go to
https://sub.domain.com (on IP x.x.x.x) that it is forwarded to IP
y.y.y.y

Is there any link that explains how to configure that two nginxes (one
on
x.x.x.x and one on y.y.y.y) so that the https traffic “routes” from
x.x.x.x
to y.y.y.y?

I found these two posts:

http://danconnor.com/post/4f65ea41daac4ed031000004/https_ssl_proxying_nginx_to_nginx

but the first does not show how the configuration and the second is
similar
to my issue, but it involves a load balancer that is not my case.
My problem is: https://sub.domain.com → x.x.x.x → y.y.y.y

Dossi

Posted at Nginx Forum:

dossi · October 2, 2013, 10:05am

Hi,

it sounds as if you want to proxy your ssl request to another server and
terminate it there?! You cannot do this.

You need to establish a ssl connection first before you can use http/s.

regards,
Axel

Am 02.10.2013 03:18, schrieb dossi:

dossi · October 2, 2013, 8:44pm

On Wednesday 02 October 2013 05:18:22 you wrote:

  proxy_set_header X-Real-IP $remote_addr;
  proxy_pass http://localhost:8080;
I’m trying to add ssl support, I bought a wildcard certificate but
unfortunately I’m struggling with the configuration.

I changed the config on x.x.x.x:

server {
server_name sub.domain.com;
location / {
proxy_pass http://y.y.y.y;
[…]

You have changed y.y.y.y to use HTTPS, but still trying to pass HTTP.

wbr, Valentin V. Bartenev