Mr Hyde asked:
I am using proxy_pass directive to upstream https server. The proxy server is meant for LAN clients. The upstream https server uses letsencrypt. How do I configure SSL verification?
proxy_pass https://upstream.backend proxy_verify_ssl on; proxy_ssl_trusted_certificate <which_file_is_supposed_to_be_here>; proxy_ssl_verify_depth <what_number_here>;
The documentation for
filewith trusted CA certificates in the PEM format used to verify the certificate of the proxied HTTPS server.
Since you’re validating public TLS certificates, you can point it at your system’s CA certificate bundle. By default on Red Hat derived systems this is
/etc/pki/tls/certs/ca-bundle.trust.crt. Your location may vary if you for some reason don’t use a Red Hat derived system as your web server.
If you want, you can also download Let’s Encrypt’s CA certificate separately, place that on your filesystem somewhere, and point at it.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.