ssl problems - unknown certification path when serving from private IP's

[juergenp <ju...@core.at>]

Hello,

my ats frontends are configured as reverse proxies.
they have all official ip's assigned via NAt and are using private IPs.

all of my webservers are using private ip's like 10.x 
the webservers (nginx) serve for the official names like www.example.com
bound onto an internal address with nat and in additon they have a secondary
alias like w40.example.com also bound to that internal address.

in the following config nginx server the official domain  example.com for
wordpress, because as soon i change to an internal domain name only,the urls
and links are built with the internal domain and the page doesnt work from
the outside.

so i defined some hosts like w40,w41 pointing to a private ip - which isnt
good.


i have mappings on ats like:

redirect     http://example.com/        https://w40.example.com/
map http://example.com/ http://example.com/
reverse_map http://w40.example.com/ http://example.com/
map https://example.com/ https://example.com/
reverse_map https://w40.example.com/ https://example.com/

in that configuration for https the certificate is checked for a private ip
then - which is not correct and ats says "invalid certification path for
self-signed certificate" because of the internal ip. the problem is that i
am not allowed to expose the internal server to the internet and ats
strictly has to use the local lan connection..

so how do i configure ats that i can serve wordpress from internal ip's in
first place and how do i set up the namings for internal servers or ip's
when using ssl to get rid of those errors ?

what is the common practice for such a scenario?

kr

Juergen



please advice.

when defining reverse proxies using ssl



--
Sent from: http://apache-traffic-server.24303.n7.nabble.com/