Hi All
I am very new to nginx and am currently doing a lot of reading but would
just love to have a nudge in the right direction
I want to set up nginx as a reverse proxy for about three IIS servers
behind a firewall.
One of them is a public web server that handles secure logins. It is
configured with a certificate signed by a CA. Do I need to import the
web
server’s private key on to the nginx box or is this something I don’t
need
to worry about?
Regards.
If you’re using nginx as a reverse proxy you’ll want a cert set up on
that node. Without it, worst case is your link between the proxy and the
IIS server is secure but your link between the remote client and the
proxy
will be insecure defeating the whole purpose. Best case is an error will
be
thrown to the remote client either for a protocol mismatch or being
unable
to connect to 443 after a forced reconnection. At least in the latter
case
you wouldn’t be leaking data over the wire.
If you’re using SSL between the proxy and IIS you don’t need the
IIS
server certificate’s private key. nginx just needs to be able to verify
the
certificate chain as legitimate.
__________________Scott LarsonSystems AdministratorWiredrive/LA310 823
8238 ext. 1106310 943 2078 faxwww.wiredrive.com
http://www.wiredrive.com/www.twitter.com/wiredrive
http://www.twitter.com/wiredriveWiredrive
http://www.wiredrive.com/facebook
On Mon, Dec 29, 2014 at 11:36 AM, Peter F. [email protected]
nginx will act as an endpoint for ssl so any cert needs to be at nginx’s
end.
Posted at Nginx Forum:
On 12/29/2014 11:36 AM, Peter F. wrote:
Hi All
I am very new to nginx and am currently doing a lot of reading but would
just love to have a nudge in the right directionI want to set up nginx as a reverse proxy for about three IIS servers
behind a firewall.
One of them is a public web server that handles secure logins. It is
configured with a certificate signed by a CA. Do I need to import the
web server’s private key on to the nginx box or is this something I
don’t need to worry about?
If you want nginx to proxy HTTPS connections, it needs to be the SSL
endpoint. In that case, nginx needs the certificate and key so it
presents the correct credentials to the client. Without it, the most
you could do is port-forward 443 on the nginx box to the secure server
behind it (i.e., no proxying at all).
On Mon, Dec 29, 2014 at 8:49 PM, itpp2012 [email protected] wrote:
nginx will act as an endpoint for ssl so any cert needs to be at nginx’s
end.
That assumption was not part of the initial statement, which was
however
saying that the backend server acted as the endpoint. You could then
guess
that nginx acted as a SSL proxy.
B. R.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs