Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

Nginx ssl reverse proxy

https://forum.openkm.com/viewtopic.php?t=22283

Page 1 of 1

Nginx ssl reverse proxy

PostPosted:Wed Mar 13, 2019 9:49 pm
by mfreem2
I setup a nginx ssl reverse proxy for my 6.3.6 community, ubuntu 18.04. The ca-root certs were added to the browsers and os. The installation works perfectly using a web browsers going through TLS1.2 with nginx to 8080 on openkm. I am however having issues testing out the microsoft-addins and hotfolder external applications. I cannot connect with TLS through nginx, but I can connect using 8080.

Nginx log read:
Code: Select all
2019/03/13 16:27:19 [crit] 3718#3718: *4 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.168.200.50, server: 0.0.0.0:443
2019/03/13 16:27:31 [crit] 3718#3718: *5 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.168.200.50, server: 0.0.0.0:443
2019/03/13 16:27:36 [crit] 3718#3718: *6 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.168.200.50, server: 0.0.0.0:443
2019/03/13 16:38:00 [crit] 3718#3718: *28 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.168.200.50, server: 0.0.0.0:443
The error I believe is stating that the application doesn't use TLS1.2. I noticed that there was not a write up for ssl nginx. What are the limitations on ssl for the external applications? Is there another aspect that needs to be setup to activate this?

Re: Nginx ssl reverse proxy

PostPosted:Sat Mar 16, 2019 8:47 am
by jllort
You can navigate in the browser with SSL or not?
Are you using a valid SSL certificate or self-signed created in the server by hand?

Re: Nginx ssl reverse proxy

PostPosted:Mon Mar 18, 2019 2:00 pm
by mfreem2
Yes, Everything works as expected through a browser. Green padlock and all. The certificate is signed by a local CA.

If I remove:

ssl_protocols TLSv1.2;

The hot folders connects using the test button in the configuration window, but with it, it will not connect.

Re: Nginx ssl reverse proxy

PostPosted:Thu Mar 21, 2019 7:40 pm
by jllort
I suggest asking to some Nginx forum because this really is not an OpenKM issue and there you will find more experts for this configuration. You are welcome to share with us the feedback, if there's something to change in the current documentation, please tell us.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited