Created
January 15, 2018 22:54
-
-
Save StevenJL/18bdcc917d33a6a7f32a03ccdf1d610d to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| location @proxy { | |
| # if an upstream server supports SSL, simply change the protocol | |
| # to https. | |
| proxy_pass https://192.168.0.1; | |
| # If the authenticity of the upstream server needs to be verified | |
| # then enable it using the `proxy_ssl_verify` directive. This will | |
| # check the upstream server's certificate against certificate authorities | |
| # which are stored in /etc/ssl/certs | |
| proxy_ssl_verify on; | |
| } | |
| # In the case of self-signed SSL certificates that can't be verified | |
| # against certificate authorities, we use the `proxy_ssl_trusted_certificate` | |
| # directive to authenticate against a specified certificate in pem format, | |
| # instead of the ones stored in /etc/ssl/certs. | |
| location @proxy { | |
| proxy_pass https://192.168.0.1; | |
| proxy_ssl_verify on; | |
| proxy_ssl_trusted_certificate /etc/nginx/upstream.pem; | |
| } | |
| # Sometimes this server needs to authenticate itself to the upstream server | |
| # We use the `proxy_ssl_certifcate` and `proxy_ssl_certificate_key`. | |
| location @proxy { | |
| proxy_pass https://192.168.0.1; | |
| # This will present the certificate (in pem format) to the upstream server | |
| # for authentication. | |
| proxy_ssl_certificate /etc/nginx/client.pem | |
| # This is the private key that corresponds to the certificate. | |
| proxy_ssl_certificate_key /etc/nginx/client.key | |
| } | |
| # vi: ft=nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment