1

I have trying to setup a smart dns proxy service using nginx reverse proxy mode. its ok with http sites but i have issues with https sites. when i want to open https sites via my proxy i got following error message in my web browser:

An error occurred during a connection to example.com.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

also i have created a self signed certificate on my server it resolved above error but introduced new error such as follow

www.example.com uses an invalid security certificate.
 
The certificate is not trusted because it is self-signed.
 
Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

here is my simplified nginx.conf:

server {
   listen 80;
   listen 443 ssl;
   
   server_name www.example.com example.com;
   ssl_certificate /etc/nginx/certs/example.com.crt;
   ssl_certificate_key /etc/nginx/certs/example.com.key;
   ssl_verify_client off;

   location / {
      proxy_pass https://www.example.com;
 }
}

edit: I forgot to say i have setup a nameserver which resolve considered site addresses to my nginx reverse proxy server address.

thanks

Improve this question
8
  • Why you want to proxy_pass https? why not just http? Commented Oct 4, 2021 at 6:50
  • Because most sites these days use https, also sites which i want to proxy use https too Commented Oct 4, 2021 at 7:28
  • Your proxied site is a public site? Commented Oct 4, 2021 at 7:38
  • Yes it is a public site Commented Oct 4, 2021 at 7:51
  • okay then, did you try my answer? Does it solve your problem? Commented Oct 4, 2021 at 7:54

1 Answer 1

Reset to default
1

You need to ignore the SSL verification by turning off proxy_ssl_verify.

Here is an example

location / {
     proxy_pass https://www.example.com;
     proxy_ssl_verify              off;
}

You can check other option in the documentation, an example you can also use proxy_ssl_trusted_certificate to define trusted proxied ssl.

But I think if the target proxy server can be accessed by nginx server only, l it's better using http instead https. From my experience it's faster.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.