Answer the question
In order to leave comments, you need to log in
Nginx+Proxypass+SSL on red machines?
Good afternoon colleagues.
The question is the following. There is a hypervisor, ProxMox. Raised 2 machines
Machine 1: Webserver (ispmanager) as a hosting platform for clients, everything works well, no questions. Apache+Nginx
Machine 2: Use Azuracast to broadcast a bunch of radio stations on the internet. Front - nginx
Essence:
A web domain is created on machine 1, in the Nginx settings there is a proxy pass on Machine 2, it looks like this:
server {
server_name stream.saltmedia.online ;
location / {
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @fallback;
}
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
try_files $uri $uri/ @fallback;
}
location / {
try_files /does_not_exists @fallback;
}
}
listen 10.10.0.100:80;
location @fallback {
proxy_pass http://10.10.0.5:80;
proxy_redirect http://10.10.0.5:80 /;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
access_log off;
}
listen 10.10.0.100:443;
location @fallback {
proxy_pass http://10.10.0.5:443;
proxy_redirect http://10.10.0.5:443 /;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
access_log off;
}
}
curl -vvI https://stream.saltmedia.online
* Rebuilt URL to: https://stream.saltmedia.online/
* Trying 5.189.239.168...
* TCP_NODELAY set
* Connected to stream.saltmedia.online (5.189.239.168) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
<b>* subject: CN=cloud.saltmedia.online</b>
* start date: Nov 30 22:08:13 2019 GMT
* expire date: Feb 28 22:08:13 2020 GMT
* subjectAltName does not match stream.saltmedia.online
* SSL: no alternative certificate subject name matches target host name 'stream.saltmedia.online'
* stopped the pause stream!
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'stream.saltmedia.online'
Answer the question
In order to leave comments, you need to log in
An SSL certificate is a pair of public and private encryption keys. The public key is also usually complemented by a "chain" of certificates confirming the certification authority. If the certificate was received only on the second server, it will not automatically appear on the first one. You can copy the key files manually. The ISPmanager panel provides the ability to upload certificates via a graphical web interface. You can also use the cron job scheduler to set up periodic renewal of the certificate files on the first server from the certificate files on the second server, while updating these files via certbot will only be configured on the second server.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question