I tried to use an approach like this (client auth with self generated
cert),
but it didn’t work too:
How is it not working?
2012/11/22 01:34:00 [error] 17649#0: *234 no “ssl_certificate” is
defined
in server listening on SSL port while SSL handshaking, client: z.z.z.z,
server: x.x.x.x:443
In this way proxy worked but not using the backend certificate, so I got
these messages in my browser.
The identity of this website has not been verified.
Server’s certificate does not match the URL.
Server’s certificate is not trusted.
I think the one you want is tcp layer proxying/balancing which is not
what nginx can do. Try using HAProxy instead.
In this way proxy worked but not using the backend certificate, so I got
these messages in my browser.
The identity of this website has not been verified.
Server’s certificate does not match the URL.
Server’s certificate is not trusted.
You need to use/configure the same SSL certificates on nginx as on the
backend eg just proxy_pass’ing to backend won’t work.
But is there a reason for “talking” to backend via https?
The common approach (also better performance) is offloading the SSL to
nginx
and proxying via plain http.
I think the one you want is tcp layer proxying/balancing which is not what
nginx can do.