• Nginx ssl reverse proxy

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #47637  by mfreem2
 
I setup a nginx ssl reverse proxy for my 6.3.6 community, ubuntu 18.04. The ca-root certs were added to the browsers and os. The installation works perfectly using a web browsers going through TLS1.2 with nginx to 8080 on openkm. I am however having issues testing out the microsoft-addins and hotfolder external applications. I cannot connect with TLS through nginx, but I can connect using 8080.

Nginx log read:
Code: Select all
2019/03/13 16:27:19 [crit] 3718#3718: *4 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.168.200.50, server: 0.0.0.0:443
2019/03/13 16:27:31 [crit] 3718#3718: *5 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.168.200.50, server: 0.0.0.0:443
2019/03/13 16:27:36 [crit] 3718#3718: *6 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.168.200.50, server: 0.0.0.0:443
2019/03/13 16:38:00 [crit] 3718#3718: *28 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.168.200.50, server: 0.0.0.0:443
The error I believe is stating that the application doesn't use TLS1.2. I noticed that there was not a write up for ssl nginx. What are the limitations on ssl for the external applications? Is there another aspect that needs to be setup to activate this?
 #47649  by jllort
 
You can navigate in the browser with SSL or not?
Are you using a valid SSL certificate or self-signed created in the server by hand?
 #47658  by mfreem2
 
Yes, Everything works as expected through a browser. Green padlock and all. The certificate is signed by a local CA.

If I remove:

ssl_protocols TLSv1.2;

The hot folders connects using the test button in the configuration window, but with it, it will not connect.
 #47671  by jllort
 
I suggest asking to some Nginx forum because this really is not an OpenKM issue and there you will find more experts for this configuration. You are welcome to share with us the feedback, if there's something to change in the current documentation, please tell us.

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.