Issue
I am developing a web UI frontend in JS, for a backend API that is now using HTTPS. The following nginx config on my development machine was all I needed:
http {
include /etc/nginx/mime.types;
disable_symlinks off;
server {
disable_symlinks off;
listen 8080;
server_name localhost;
location /api/ {
proxy_pass http://www.my-api.com;
}
location /some-path/ {
disable_symlinks off;
root /var/www;
index index.html;
}
}
}
But now www.my-api.com
is an https endpoint.
What adjustments do I need to make to my nginx config, in order to forward my localhost requests to the HTTPS backend?
Solution
Below is the server section that works for me. @Jay Achar got me close, and to be honest there are a few things I should try in order to simplify the config. I added the following lines:-
ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_ssl_server_name on;
I also found that I had the proxied host name incorrect. In my case the www.
on the front was not right. I suspect that the host's certificate doesn't match
with www
in there. Perhaps just using @Jay Achar's answer with the correct
remote host name would be all one would need.
The /etc/ssl/certs/ca-certificates.crt
comes from my openssl. I figured it
would be suitable as client certificate to send to the proxied host.
The only other change I made to @Jay Achar's config was in the lines
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $upstream_addr;
Again, perhaps those changes were not necessary.
server {
disable_symlinks off;
listen 8080;
server_name pb.localhost;
ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
location /api {
proxy_pass https://my-api.com:443;
proxy_ssl_server_name on;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $upstream_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
location /some-path/ {
disable_symlinks off;
root /var/www;
index index.html;
}
}
Answered By - Henry Bone Answer Checked By - Marie Seifert (PHPFixing Admin)
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.