I have one site somewhere that's accessible on the internet as "https://site.example1.com".
I also have one another site accessible on the internet as "https://www.example2.com".
I have full control over both sites and they both have valid Certificates.
Now I want to have the first site to be accessible as a location on the second; this means that "https://www.example2.com/site" should display the contents of "https://site.example1.com".
I tried a plain:
server {
listen 443 ssl;
resolver 127.0.0.1 8.8.8.8;
server_name updates.okcash.com;
ssl_certificate /etc/letsencrypt/live/www.example2.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example2.com/privkey.pem;
ssl_verify_client optional_no_ca;
location /site {
proxy_pass "https://site.example1.com";
rewrite /site/(.*) /$1 break;
proxy_redirect off;
proxy_set_header Host $host;
}
location / {
proxy_pass "http://localhost:5001";
proxy_connect_timeout 60;
proxy_read_timeout 86400; # 24h
proxy_send_timeout 60;
proxy_intercept_errors off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
but this does not work well because browser (accessing "https://www.example2.com/site") is presented server certificates from backend ("https://site.example1.com") which are invalid for the request.
How can I force nginx front-end to send out its own certificates and verify backend identity on its own?
0 Answers