admin管理员组文章数量:1355581
I have multiple NextJs app and some Java backend API services that I deployed on a windows server e.g gigmobilitytest.accionmfb, octopustest.accionmfb etc. The application are naturally only reachable from my anisation network but they can also be expose to public network as the need arises.
The applications were running on http and the need to run them on https warant us to proxy the applications via nginx, all the app that were proxied with nginx are also expose to public network and they are all working fine except gigmobilitytest.accionmfb.
When I am on the anisation network and I access it works fine but when I am on a public network the browser keep showing not secure and if I click and advance and proceed to site it shows this
I have tried accessing it with :3002 from public network to confirm if it is reachable and it worked.
Here is my nginx config
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server_names_hash_bucket_size 64;
server {
listen 80;
server_name pmstest.accionmfb;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name octopustest.accionmfb;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name gigmobilitytest.accionmfb;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name mobilebanking.accionmfb;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name mobilebankingv2.accionmfb;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name pmstest.accionmfb;
ssl_certificate C:/nginx-1.26.2/conf/star_accionmfb_com.pem;
ssl_certificate_key C:/nginx-1.26.2/conf/wildcard_accionmfb_com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 20M;
location / {
proxy_pass http://127.0.0.1:3001; # Proxy to PM
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
}
location /_next/webpack-hmr {
proxy_pass http://127.0.0.1:3001;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 443 ssl;
server_name octopustest.accionmfb;
ssl_certificate C:/nginx-1.26.2/conf/star_accionmfb_com.pem;
ssl_certificate_key C:/nginx-1.26.2/conf/wildcard_accionmfb_com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:3000; # Proxy to PM
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
}
location /_next/webpack-hmr {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 443 ssl;
server_name gigmobilitytest.accionmfb;
ssl_certificate C:/nginx-1.26.2/conf/star_accionmfb_com.pem;
ssl_certificate_key C:/nginx-1.26.2/conf/wildcard_accionmfb_com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:3002; # Proxy to PM
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
}
location /_next/webpack-hmr {
proxy_pass http://127.0.0.1:3002;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 443 ssl;
server_name mobilebanking.accionmfb;
ssl_certificate C:/nginx-1.26.2/conf/star_accionmfb_com.pem;
ssl_certificate_key C:/nginx-1.26.2/conf/wildcard_accionmfb_com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:1018; # Proxy to PM
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
}
}
server {
listen 443 ssl;
server_name mobilebankingv2.accionmfb;
ssl_certificate C:/nginx-1.26.2/conf/star_accionmfb_com.pem;
ssl_certificate_key C:/nginx-1.26.2/conf/wildcard_accionmfb_com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:1019; # Proxy to PM
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
}
}
}
When I ran ssl test for the domains gigmobilitytest.accionmfb is showing that it is using an expired certificate but I am using the same certificate for all the domains so I don't get how it is showing expired
Other domains ssl test
What could be the possible issue why this domain is behaving like this
I have multiple NextJs app and some Java backend API services that I deployed on a windows server e.g gigmobilitytest.accionmfb, octopustest.accionmfb etc. The application are naturally only reachable from my anisation network but they can also be expose to public network as the need arises.
The applications were running on http and the need to run them on https warant us to proxy the applications via nginx, all the app that were proxied with nginx are also expose to public network and they are all working fine except gigmobilitytest.accionmfb.
When I am on the anisation network and I access https://gigmobilitytest.accionmfb it works fine but when I am on a public network the browser keep showing not secure and if I click and advance and proceed to site it shows this
I have tried accessing it with http://gigmobiltiytest.accionmfb:3002 from public network to confirm if it is reachable and it worked.
Here is my nginx config
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server_names_hash_bucket_size 64;
server {
listen 80;
server_name pmstest.accionmfb;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name octopustest.accionmfb;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name gigmobilitytest.accionmfb;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name mobilebanking.accionmfb;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name mobilebankingv2.accionmfb;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name pmstest.accionmfb;
ssl_certificate C:/nginx-1.26.2/conf/star_accionmfb_com.pem;
ssl_certificate_key C:/nginx-1.26.2/conf/wildcard_accionmfb_com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 20M;
location / {
proxy_pass http://127.0.0.1:3001; # Proxy to PM
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
}
location /_next/webpack-hmr {
proxy_pass http://127.0.0.1:3001;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 443 ssl;
server_name octopustest.accionmfb;
ssl_certificate C:/nginx-1.26.2/conf/star_accionmfb_com.pem;
ssl_certificate_key C:/nginx-1.26.2/conf/wildcard_accionmfb_com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:3000; # Proxy to PM
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
}
location /_next/webpack-hmr {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 443 ssl;
server_name gigmobilitytest.accionmfb;
ssl_certificate C:/nginx-1.26.2/conf/star_accionmfb_com.pem;
ssl_certificate_key C:/nginx-1.26.2/conf/wildcard_accionmfb_com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:3002; # Proxy to PM
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
}
location /_next/webpack-hmr {
proxy_pass http://127.0.0.1:3002;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 443 ssl;
server_name mobilebanking.accionmfb;
ssl_certificate C:/nginx-1.26.2/conf/star_accionmfb_com.pem;
ssl_certificate_key C:/nginx-1.26.2/conf/wildcard_accionmfb_com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:1018; # Proxy to PM
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
}
}
server {
listen 443 ssl;
server_name mobilebankingv2.accionmfb;
ssl_certificate C:/nginx-1.26.2/conf/star_accionmfb_com.pem;
ssl_certificate_key C:/nginx-1.26.2/conf/wildcard_accionmfb_com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:1019; # Proxy to PM
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
}
}
}
When I ran ssl test for the domains gigmobilitytest.accionmfb is showing that it is using an expired certificate but I am using the same certificate for all the domains so I don't get how it is showing expired
Other domains ssl test
What could be the possible issue why this domain is behaving like this
Share Improve this question asked Mar 28 at 9:53 Abdulbasit YusufAbdulbasit Yusuf 475 bronze badges1 Answer
Reset to default 0These sites use different IP addresses - which can also be seen from the SSLLabs reports included in your question. So it is very likely that these are not on the same server. Probably the non-working domain is still pointing to some old setup where only an old and expired certificate is configured.
本文标签: nginxSSL certificate for a sub domain showing not secure on a public networkStack Overflow
版权声明:本文标题:nginx - SSL certificate for a sub domain showing not secure on a public network - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744044992a2581359.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论