Join Log in
Score:0
Kirill Gonchar avatar Server

Nginx with SSL behind another Nginx (with nginx-proxy)

us flag
Kirill Gonchar

I have two VMS. The first is VM1 and the second is VM2. The first is a VPN server and the second is a client. On VM1 the Nginx is installed as a reverse proxy from the official Docker repository. On VM2 the Nginx is installed as a reverse proxy from the nginx-proxy Docker repository. I'm trying to set up an SSL connection from VM1 to VM2 but receiving an error

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

VM1's Nginx config (redirect all queries from 80 and 443 to the VM2)

server {
    listen       80;
    listen  [::]:80;
    server_name  _;

    location / {
        proxy_pass http://vm2-client-ip:80;
    }
}

server {
    listen       443;
    listen  [::]:443;
    server_name  _;

    location / {
        proxy_pass http://vm2-client-ip:443;
    }
}

On the VM2 nginx-proxy generates the next config:

# whoami.my-domain.com
upstream whoami.my-domain.com {
    ## Can be connected with "home-network" network
    # who-am-i
    server 10.0.0.2:80;
}
server {
    server_name whoami.my-domain.com;
    listen 80 ;
    access_log /var/log/nginx/access.log vhost;
    # Do not HTTPS redirect Let'sEncrypt ACME challenge
    location ^~ /.well-known/acme-challenge/ {
        auth_basic off;
        auth_request off;
        allow all;
        root /usr/share/nginx/html;
        try_files $uri =404;
        break;
    }
    location / {
        return 301 https://$host$request_uri;
    }
}
server {
    server_name whoami.my-domain.com;
    listen 443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/whoami.my-domain.com.crt;
    ssl_certificate_key /etc/nginx/certs/whoami.my-domain.com.key;
    ssl_dhparam /etc/nginx/certs/whoami.my-domain.com.dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/certs/whoami.my-domain.com.chain.pem;
    add_header Strict-Transport-Security "max-age=31536000" always;
    include /etc/nginx/vhost.d/default;
    location / {
        proxy_pass http://whoami.my-domain.com;
    }
}

SSL certificates are generated with this repository. Based on logs from this container certificates generates successfully.

An HTTP connection works well. P.S. If it's a matter both Nginxes works from containers.

73
0 + 0
ssl
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.