Reverse proxied web application: allowing websites with untrusted certificates

0 users found this article helpful

Symptoms

When navigating to the reverse proxied web application, it shows 502 Bad Gateway.

In the log files ( nginx.service.log ), a similar message is shown:

2023-07-06 14:42:08.005401+00:00 node01nginx.service[<unknown>:30164]: node01 nginx: 2023/07/06 14:42:08 [error] 30164#30164: *7716 upstream SSL certificate verify error: (18:self signed certificate) while SSL handshaking to upstream, client: 158.148.196.137, server: some.example.org, request: "GET /favicon.ico HTTP/1.1", upstream: "https://192.168.0.21:443/favicon.ico", host: "some.example.org:9999", referrer: "https://some.example.org:9999/www"

Cause

If the log files contain the message above, it means that the reverse proxied web application is not trusted because it doesn't have a trusted SSL certificate.

Otherwise, the 502 Bad Gateway message has a different cause and the solution below will not help.

Resolution

Option 1

  1. Navigate to System Settings > Global > Domains and select the Workspace domain in which the reverse proxied web application was published.
  2. Scroll to the bottom and find Allow untrusted servers. For the Reverse Proxied Web Applications setting, make sure it's set to Allow untrusted.

Option 2

It's also possible to import the necessary certificates, although this is a bit more complex as it involves creating or updating the trusted certificates file.

Consult the admin manual for instructions on preparing the trusted certificate authorities file.

This can be uploaded either in:

 

Was this article helpful?

Tell us how we can improve it.