Nginx ssl reverse proxy

OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules
Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
Post Reply
mfreem2
Fresh Boarder
Fresh Boarder
Posts: 7
Joined: Thu Mar 07, 2019 7:49 pm

Nginx ssl reverse proxy

Post by mfreem2 » Wed Mar 13, 2019 9:49 pm

I setup a nginx ssl reverse proxy for my 6.3.6 community, ubuntu 18.04. The ca-root certs were added to the browsers and os. The installation works perfectly using a web browsers going through TLS1.2 with nginx to 8080 on openkm. I am however having issues testing out the microsoft-addins and hotfolder external applications. I cannot connect with TLS through nginx, but I can connect using 8080.

Nginx log read:

Code: Select all

2019/03/13 16:27:19 [crit] 3718#3718: *4 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.168.200.50, server: 0.0.0.0:443
2019/03/13 16:27:31 [crit] 3718#3718: *5 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.168.200.50, server: 0.0.0.0:443
2019/03/13 16:27:36 [crit] 3718#3718: *6 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.168.200.50, server: 0.0.0.0:443
2019/03/13 16:38:00 [crit] 3718#3718: *28 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 192.168.200.50, server: 0.0.0.0:443
The error I believe is stating that the application doesn't use TLS1.2. I noticed that there was not a write up for ssl nginx. What are the limitations on ssl for the external applications? Is there another aspect that needs to be setup to activate this?

jllort
Moderator
Moderator
Posts: 10907
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Nginx ssl reverse proxy

Post by jllort » Sat Mar 16, 2019 8:47 am

You can navigate in the browser with SSL or not?
Are you using a valid SSL certificate or self-signed created in the server by hand?

mfreem2
Fresh Boarder
Fresh Boarder
Posts: 7
Joined: Thu Mar 07, 2019 7:49 pm

Re: Nginx ssl reverse proxy

Post by mfreem2 » Mon Mar 18, 2019 2:00 pm

Yes, Everything works as expected through a browser. Green padlock and all. The certificate is signed by a local CA.

If I remove:

ssl_protocols TLSv1.2;

The hot folders connects using the test button in the configuration window, but with it, it will not connect.

jllort
Moderator
Moderator
Posts: 10907
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Nginx ssl reverse proxy

Post by jllort » Thu Mar 21, 2019 7:40 pm

I suggest asking to some Nginx forum because this really is not an OpenKM issue and there you will find more experts for this configuration. You are welcome to share with us the feedback, if there's something to change in the current documentation, please tell us.

Post Reply