Need help with Nginx Reverse Proxy

[Guest]

Im trying to Run Dual Webservers (both Apache2 port 444)  WITH SSL and a Nginx RP (port 443) but when i go to my site (https://something.wa) It fully breaks and i get the error message :  (something about the SSL certificate not valid) but when i hookup  the site to port (On the router to Open internet) 443 (still internal port 444), Everything works fine but also if i use port 80 (non HTTPS) the site loads... like normal

 

Nginx conf

 

server {

        listen 443 ssl;
        server_name mydomain.net;

        location /{
        proxy_pass "https://192.168.0.146:444";
        proxy_set_header Host $host;
         }

}

 

Apache2 conf

 

listen 444
<IfModule mod_ssl.c>
<VirtualHost *:444>
    ServerAdmin (my email)
    ServerName mydomain.net
    ServerAlias www.mydomain.net
    DocumentRoot /var/www/(my domain)/public_html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/(my domain)/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/(my domain)/privkey.pem
</VirtualHost>
</IfModule>

 

 

If any more info is needed, Let me know asap

[colonel_mortis]

The nginx reverse proxy needs to decrypt the traffic, but you haven't configured TLS in your nginx snippet. At a minimum you need to set up nginx with the same certificates that you're currently using for apache.

 

Another problem that you might be running into, if the TLS error is coming from Nginx rather than your browser, is that nginx is proxying from 192.168.0.146 rather than mydomain.net, so the certificate that it's presenting isn't valid (or it may even be hitting a different virtual host - passing the Host header only applies after TLS has been negotiated, which means Apache has already chosen the virtual host). Often the solution is just to use plain HTTP between nginx and apache, because it's within your trusted network, but if that's not something that you want to do then I think it's possible to tell nginx to use a different hostname for SNI so it requests it as mydomain.net.

[Guest]

6 minutes ago, colonel_mortis said:

The nginx reverse proxy needs to decrypt the traffic, but you haven't configured TLS in your nginx snippet. At a minimum you need to set up nginx with the same certificates that you're currently using for apache.

 

Another problem that you might be running into, if the TLS error is coming from Nginx rather than your browser, is that nginx is proxying from 192.168.0.146 rather than mydomain.net, so the certificate that it's presenting isn't valid (or it may even be hitting a different virtual host - passing the Host header only applies after TLS has been negotiated, which means Apache has already chosen the virtual host). Often the solution is just to use plain HTTP between nginx and apache, because it's within your trusted network, but if that's not something that you want to do then I think it's possible to tell nginx to use a different hostname for SNI so it requests it as mydomain.net.

By chance do you know how to use the Same TLS cert with nginx? (like where do i put it)

[colonel_mortis]

Just now, Nolanrulesroblox said:

By chance do you know how to use the Same TLS cert with nginx? (like where do i put it)

Inside the server block, add

ssl_certificate /etc/letsencrypt/live/(my domain)/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/(my domain)/privkey.pem

then reload nginx

[Guest]

39 minutes ago, colonel_mortis said:

Inside the server block, add

ssl_certificate /etc/letsencrypt/live/(my domain)/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/(my domain)/privkey.pem

then reload nginx

Holy crap! it worked!