I have a problem setting up reverse proxy in nginx for HTTPS.
I have set up Tomcat HTTPS connector on 127.0.0.1:443. It works:
% openssl s_client -showcerts -connect 127.0.0.1:443
CONNECTED(00000005)
depth=2 C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
verify return:1
depth=1 C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Domain Validation CA SHA2
verify return:1
depth=0 CN = *.example.com
verify return:1
---
Certificate chain
0 s:CN = *.example.com
i:C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Domain Validation CA SHA2
-----BEGIN CERTIFICATE-----
However, when I try to connect from the outside on the domain (where nginx should serve proxypassed page) there's an error:
% openssl s_client -showcerts -connect example.com:443 -servername example.com
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 309 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Nginx configuration:
server {
listen 1.2.3.4:80 default_server;
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen 1.2.3.4:443 default_server ssl;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com;
location ~ ^.*$ {
proxy_pass https://127.0.0.1;
}
}
Please help me make nginx pass HTTPS certificate.
