I'm trying to establish SSL connection, and I'm getting 400 No required SSL certificate was sent response from the server.
I used this tutorial for it
I tried everything to solve this issue, but it seems that there is something wrong with the Cloudflare certificate because when I disable ssl_verify_client it is working (with security alert).
Here is my nginx configuration:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_client_certificate /etc/ssl/cloudflare.crt;
ssl_verify_client on;
server_name example.com www.example.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/username/www/exampleproject;
}
location /media/ {
root /home/username/www/exampleproject;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/username/www/exampleproject/exampleproject.sock;
}
}
Related
http {
server {
listen 4443 ssl;
server_name {{hostname}};
port_in_redirect off;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
# https://stackoverflow.com/questions/32845674/setup-nginx-not-to-crash-if-host-in-upstream-is-not-found/32846603#32846603
resolver 127.0.0.1 valid=30s;
proxy_pass http://app1:8080;
}
}
server {
listen 4444 ssl;
server_name X.{{hostname}};
port_in_redirect off;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
resolver 127.0.0.1 valid=30s;
proxy_pass http://app1:8080/my/path/;
}
}
}
# http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html
# https://stackoverflow.com/questions/34741571/nginx-tcp-forwarding-based-on-hostname/40135151#40135151
stream {
upstream app1 {
server 127.0.0.1:4443;
}
server {
listen 0.0.0.0:443;
proxy_connect_timeout 10s;
proxy_timeout 5m;
proxy_pass $target;
ssl_preread on;
}
access_log /var/log/nginx/access.log basic;
error_log /var/log/nginx/error.log error;
}
This is my nginx configuration.
This is part of a docker-compose setup. I proxy requests sent to https://hostname to the app1 container successfully.
Now my goal is to send requests sent to https://X.hostname to the app1 container, however to a different path.
For example:
Client sends request to https://A.hostname
Nginx forwards it to https://app1/my/path/
However the path is not being preserved, it's just forwarding it to https://app1
Tried many different solutions available online, and none worked.
I am configuring Nginx to serve two different locations. Idea is to serve the localhost:3000 as default and if the page not found in that location then try to use the other location as a fallback. But is not working. Any help will be appreciated. Thanks
server {
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name server.in;
ssl_certificate /junk/server.crt;
ssl_certificate_key /junk/server.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
index index.html;
recursive_error_pages on;
proxy_intercept_errors on;
location / {
proxy_pass http://localhost:3000;
error_page 404 = #fallback;
}
location #fallback {
proxy_pass http://localhost:9000;
}
}
I want to allow traffic only from 10.10.10.94.
If I browse:
http://IP/api:5006 (from any machine other than allow), I'm getting access denied and it works as it should.
http://IP:5007 I get web page (although no data shown in WEB page - page should some graphs from allowed host only).
PROBLEM:
For /api location access works fine, it's allowed only from allowed IP, but for / no restrictions, can access from any IP.
server {
listen 80;
listen [::]:80;
server_name example.com;
client_max_body_size 16M;
return 301 https://$host$request_uri;
}
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name example.com;
client_max_body_size 16M;
ssl_certificate /etc/ssl/certs/star.pem;
ssl_certificate_key /etc/ssl/private/star.key;
location / {
allow 10.10.10.94;
deny 10.10.0.0/16;
proxy_pass http://127.0.0.1:5007/;
}
location /api/ {
allow 10.10.10.94;
deny 10.10.0.0/16;
proxy_pass http://127.0.0.1:5006/;
}
}
Try this location:
location / {
allow 10.10.10.94/32;
deny all;
proxy_pass http://127.0.0.1:5007/;
}
location /api/ {
allow 10.10.10.94/32;
deny all;
proxy_pass http://127.0.0.1:5006/;
}
I am trying to create my private webdav server using nginx.
I set up the server to require a client certificate.
When visiting the site with the browser, the client certificate is requested.
However when I added a windows network location pointing to my server, it worked out of the box. It did not forward me to do anything, it just connected.
Obviously I do not want unverified access to my webdav.
What went wrong and how do I set this up correctly?
My config:
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
server_name XXX;
ssl_certificate /etc/letsencrypt/live/XXX/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/XXX/privkey.pem;
ssl_client_certificate /etc/nginx/ca/ca.crt;
ssl_verify_client on;
ssl_verify_depth 2;
access_log /var/log/nginx/XXX.access;
error_log /var/log/nginx/XXX.error;
location /data {
#Webdav
alias /media/webdav;
autoindex on;
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
dav_access user:rw group:r all:r;
client_body_temp_path /tmp/nginx/client-bodies;
client_max_body_size 0;
create_full_put_path on;
}
location / {
return 404;
}
}
There is lots of material about using ngix as a reverse proxy and it is working well for me as a basic proxy for a strange web server app I need to use. I even have redirect on so http gets redirected to https.
server {
listen 80;
server_name <my server>;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name <my server>;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000";
ssl on;
ssl_certificate cert1.crt.pem;
ssl_certificate_key cert1.key.pem;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://localhost:81; # my existing apache instance
proxy_set_header Host $host;
}
Now I have one new wrinkle. I'd like to pick off one particular path and NOT have it get forwarded to the main server app. I need to do this to add in some Let's Encrypt challenge responses. Whenever the incoming url is http:///.well-known/acme-challenge/ then I want to use a static nginx path and NOT fwd to the main server.
Any ideas? I tried adding in a location directory but that wasn't working.
server {
listen 80;
server_name video.maritimeopscorp.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name video.maritimeopscorp.com;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000";
ssl on;
ssl_certificate cert1.crt.pem;
ssl_certificate_key cert1.key.pem;
ssl_session_cache shared:SSL:10m;
location ~ /.well-known {
<I've tried lots of combinations here.>
}
location / {
proxy_pass http://localhost:81; # my existing apache instance
proxy_set_header Host $host;
}
I'd also prefer to get this up into the 80 block rather than the 443 block but little steps first.
Any ideas?
You will need to use a root directive, to inform nginx where the .well-known directory can be found:
server {
listen 80;
server_name video.maritimeopscorp.com;
location / {
return 301 https://$server_name$request_uri;
}
location /.well-known {
root /path/to/enclosing/directory;
}
}
Enclose the return statement inside the default location block, otherwise it will always take precedence.