2017-05-01 14:05 GMT+05:00 Dothris <nginx-fo...@forum.nginx.org>: > Добрый день! Подскажите пожалуйста, как сделать Nginx как SSL клиент? > nginx version: nginx/1.8.1 > Ниже конфиги nginx. > > server { > listen 80; > server_name roga-and-kopyta; > access_log /var/log/nginx/access.log main; > error_log /var/log/nginx/error.log warn; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Host $host; > proxy_set_header X-Forwarded-Server $host; > proxy_set_header X-Forwarded-Proto $scheme; > proxy_set_header Host $host; > > location = / { > proxy_buffering off; > proxy_set_header X-Forwarded-For $remote_addr; > proxy_ssl_certificate ssl_subscription/client-cert.pem; > proxy_ssl_certificate_key ssl_subscription/privkey.key; > proxy_pass https://server-in-inet:443; > } > } > > Запрос > > curl -v --header "Content-Type:application/xml" -d "Запрос" > http://server-in-inet:443/ > > В логах Nginx > > 2017/05/01 08:32:06 [error] 27245#0: *7 SSL_do_handshake() failed (SSL: > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL > alert > number 48) while SSL handshaking to upstream, client: ip-backend-server, > server: server-in-inet, request: «POST / HTTP/1.1», upstream: > "https://IP-adres-server-in-inet:443", host: «server-in-inet» > > Почему то upstream: "https://IP-adres-server-in-inet:443" в виде IP > сервера, > а должен быть в виде Hostname. >
"proxy_ssl_server_name on;" включено? > > Что может быть не так? > > Posted at Nginx Forum: https://forum.nginx.org/read. > php?21,274002,274002#msg-274002 > > _______________________________________________ > nginx-ru mailing list > nginx-ru@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-ru
_______________________________________________ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru