Reverse proxy and invalid certificate

france · November 5, 2020, 8:56am

Hi everyone, I’m using neth7’s reverse proxy.
I tried to set up an alias with root only eg. / zabbix and connect to the internal server http: //centos7.internal2.lan/zabbix.
It works fine even if neth7 makes a primary connection in ssl. The zabbix server works regularly with the reverse proxy. The problem arises from the fact that if you redirect a path / nagio but to an https server with an invalid certificate, the neth7 server responds with an error (i.e. it cannot connect to the redirect server because the certificate is invalid). The options to ignore target with invalid certificate are active if you create a reverse proxy with a domain name alias but not with a / path.
Thanks

m.traeumner · November 5, 2020, 10:56am

I would try to install the certificate from zabbix server at your nethserver.
Copy it to: /etc/pki/tls/

france · November 5, 2020, 2:15pm

Thanks, I try to execute what you indicated to meTo proceed with the export, do I have to use openssl and its syntax or do I copy .crt .key to the path of the neth server?

m.traeumner · November 6, 2020, 7:43am

Please write in English, much people, inclusive me, don’t speak Italian, so we can’t help you.

france · November 6, 2020, 8:13am

Sorry but I didn’t realize I wrote in Italian.

m.traeumner · November 6, 2020, 8:15am

To copy the file to the path should be enough.

france · November 6, 2020, 8:31am

error

m.traeumner · November 6, 2020, 9:14am

I think proxy isn’t using it, perhaps somebody else can help.

cc @support_team

france · November 6, 2020, 9:23am

At the moment thanks. I tried exporting .crt .pem and certified with full chain. Nothing from

mrmarkuz · November 6, 2020, 9:53am

I recommend to use the virtualhost name reverse proxy instead of the path one. I think you need to configure some url rewriting to make path reverse proxy work.

france · November 6, 2020, 10:29am

Yes markuz, the reason I didn’t want to use the name or alias but indicate the path is because I only have a valid certificate which is the server itself. I was comfortable using the path / as I have already configured for two servers but in http and not in https!

m.traeumner · November 6, 2020, 10:50am

What do you think about using letsencrypt for the url.

france · November 6, 2020, 11:06am

I don’t know what you mean, but as previously written, in the configuration that I activated with only the path of the remote folder / xxx when I connect from the internet I just type the name fqsn with valid certificate myserver.ddns.net/xxx and it responds regularly . I cannot install any other valid certificates as the number of free hosts available to me is exhausted. However I underline that if you configure a virtual host you have the possibility to put a flag on accept invalid certificates, while specifying only the url is not possible. I believe this is a limitation.

mrmarkuz · November 6, 2020, 11:15am

You may add a lot of vhosts to the letsencrypt certificate:

If you have no hosts left, you may use another DDNS provider.

france · November 6, 2020, 11:18am

thanks !

france · November 8, 2020, 7:48am

I noticed that in the apps the reverse proxy is not selected, although I am able to modify the parameters from the cockpit. Is the package related to the changes? Thanks Schermata 2020-11-08 alle 08.45.27

m.traeumner · November 9, 2020, 12:19pm

@mrmarkuz Can you answer this question, I didn’t work with reverse proxy.

mrmarkuz · November 9, 2020, 3:48pm

I cannot reproduce, maybe an autoremove issue. Please install the reverse proxy from Software Center and check if it works.

france · November 9, 2020, 5:56pm

Ok, I try to install the reverse proxy and see if it works. Thanks at least