Symptoms
When navigating to the reverse proxied web application, it shows 502 Bad Gateway.
In the log files ( nginx.service.log ), a similar message is shown:
2023-07-06 14:42:08.005401+00:00 node01nginx.service[<unknown>:30164]: node01 nginx: 2023/07/06 14:42:08 [error] 30164#30164: *7716 upstream SSL certificate verify error: (18:self signed certificate) while SSL handshaking to upstream, client: 158.148.196.137, server: some.example.org, request: "GET /favicon.ico HTTP/1.1", upstream: "https://192.168.0.21:443/favicon.ico", host: "some.example.org:9999", referrer: "https://some.example.org:9999/www"
Cause
If the log files contain the message above, it means that the reverse proxied web application is not trusted because it doesn't have a trusted SSL certificate.
Otherwise, the 502 Bad Gateway message has a different cause and the solution below will not help.
Resolution
Option 1
- Navigate to System Settings > Global > Domains and select the Workspace domain in which the reverse proxied web application was published.
- Scroll to the bottom and find Allow untrusted servers. For the Reverse Proxied Web Applications setting, make sure it's set to Allow untrusted.
Option 2
It's also possible to import the necessary certificates, although this is a bit more complex as it involves creating or updating the trusted certificates file.
Consult the admin manual for instructions on preparing the trusted certificate authorities file.
This can be uploaded either in:
- System Settings > Global > Connectivity > Trusted Certificate Authorities.
If uploaded here, it will work for all reverse proxied web applications in each Workspace domain. - System Settings > Global > Domains: select the domain. Then, upload the file under Trusted Certificate Authorities.
Was this article helpful?
Tell us how we can improve it.