How to disable SSL verification for proxied host?

[vggscqq]

Previously I was using simple nginx config for reverse proxy my services, all of them have self-signed SSL cert. Self-signed certs are not trusted by nginx reverse proxy server thus I had to disable cert verification like that

location / {
    proxy_pass https://10.10.0.1:1234/;
    proxy_ssl_verify off;
}

I tried to use following configuration in "Advanced" tab:

location / {
    proxy_ssl_verify off;
}

and

location / {
    proxy_pass https://10.10.0.1:1234/;
    proxy_ssl_verify off;
}

Using first one NPM instead of being reverse proxy tries to open local folder and using second one renders host Offline in GUI.

My idea is to use NPM same way as I used nginx:

Internet <-Let's encrypt cert-> NPM server <-self-signed cert-> service server.

[pwuersch]

Have you found a solution to this use-case yet? I‘m looking for something similar in my setup.

[vggscqq]

Hi, yes I did.
Go to your proxy host custom locations and define / (root) location.
Scheme should be https.
Under advanced settings use this

location / {
    proxy_pass https://self-signed.badssl.com/:443;
    proxy_ssl_verify       off;
    proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
}

[donniewr]

Hi, yes I did. Go to your proxy host custom locations and define / (root) location. Scheme should be https. Under advanced settings use this

location / {
    proxy_pass https://self-signed.badssl.com/:443;
    proxy_ssl_verify       off;
    proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
}

I'm using CloudPanel and I also need to disable TLS verification for a self-signed certificate, but this code doesn't work for me. (bad gateway)

[barbar-binks]

May I ask how you ended up solving this, your issue is the one that resembles mine the most. I am running Ngnix Proxy Manager on my network and I want to redirect my domain to a docker container running Nextcloud on Unraid. I want to ignore the self-signed certificate from the container, in your example https://self-signed.badssl.com/:443 is that a placeholder for your actual domain? you answer also renders my host offline.

[donniewr]

I managed to make it work using this configuration, but your issue might be different.

Add this in advanced tab.

location / {
proxy_pass $forward_scheme://$server:$port;
proxy_set_header Host test.com;
proxy_ssl_name test.com;
proxy_ssl_server_name on;
proxy_redirect $forward_scheme://$server:$port /;
}

[vggscqq]

is that a placeholder for your actual domain?

Yes, actually I'm using ip addresses with self-signed certs and with proxy I can get Let's Encrypt cert.
So it's working like that:

intenet --> [ LE Cert ] --> npm --> [Self-Signed cert] --> my_service

location / {
    proxy_pass https://10.13.0.53:9856;
    proxy_ssl_verify       off;
    proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
}