I have a Edge 16.05 installation.
The connection between the router and the MP is protected by TLS, as described here.
The cert is issued by an internal CA - not a public CA.
Is there anything special I need to do to get nginx to trust the upstream cert?
Right now when I try to invoke an API proxy deployed to my secure vhost, I get a 502, and nginx says "no live upstreams".
I can actually manually tickle the upstream with curl, but I see a cert issue when I do so.
I am *guessing* that the 502 is resulting from a TLS negotiation failure between nginx and the upstream. Basically it's directly parallel to the TLS failure between curl and the upstream.
I thought that all of the nginx configuration would all be auto-magically generated. But I don't see a statement anywhere in /opt/nginx/conf.d/* like
proxy_ssl_trusted_certificate /some/file/name/here.crt
...at this time, which I thought was necessary in order to tell nginx to trust an upstream TLS cert that is issued by a non-root CA.
Help? @Maudrit @Paul Mibus
Try:
apigee-service edge-router stop rm -f /opt/nginx/conf.d/* apigee-service edge-router start
Depending on your version you could be running into an issue where the Nginx config doesn't properly regenerate when SSL is enabled.
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |