• 11
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

I am currently in the process of setting up an internet facing IIS reverse proxy that will forward HTTP requests to an internal API server. I was able to get the server to work with the connection between the world and the reverse proxy over SSL, and the connection between the reverse proxy and API server running over plain HTTP. I attempted to set the API server to run on HTTPS with a self signed certificate, however I get a 502 Bad Gateway Error when attempted to access it through the proxy as before. I have a guess that the issue is with the self signed certificate because: The reverse proxy server is accessing the API via its Internal IP Address and not the name on the self signed certificate?

Also - Would I want SSL Offloading enabled or disabled? If it is disabled, would the proxy try to pass the certificate of the API to the client, or its own certificate? Would there be two separate SSL connections or one all the way through?

Any and all help is appreciated!

Thanks!

When a reverse proxy has to use HTTPS to forward a request to a backend server, it isn't that much different than it itself being a client to the backend. If you open a browser on your reverse proxy server and send a web request to the backend in the same manner the reverse proxy is doing it, you will see a certificate warning from the browser as well. Once the certificate warning is corrected (make sure the host matches the certificate's CN or one of its Subject Altername Name, the valid from and to are correct and the certificate is trusted), you will most likely stop seeing those 502 errors, provided they are being caused by the SSL handshake.

The proxy server cannot forward the API server's certificate as it doesn't have its private key to successfully perform an SSL handshake.

  • 0
Reply Report

Trending Tags