What’s causing SSL errors behind my reverse proxy?

[Nora.T]

I’ve been trying to set up a reverse proxy for my self-hosted apps, but I keep running into weird SSL certificate errors on the backend services. My proxy itself has a valid cert, but the internal connections keep throwing warnings. I’m not sure if my proxy pass directives are wrong or if I need to configure the backend to trust the proxy’s certificate differently.

[AriaXL]

That happened to me too. The proxy had a legit SSL cert but the backend kept complaining about the handshake when the proxy forwarded to the internal service. We ended up either pointing the internal route to http instead of https, or giving the backend a trust store that included the proxy's CA.

[MadisonUW]

We switched all internal links to http behind the proxy and kept TLS at the edge. The warnings went away, but it felt like we were just hiding the problem and exposing traffic inside the network.

[Violet_S]

Another route was to add the proxy’s CA to the backend’s trust store so the backend would accept the proxy as a trusted front, and in some setups you also have to tweak proxy_ssl_verify or proxy_ssl_name to match.

[AubreyW]

I thought it was the proxy_pass syntax at first, but the backend logs showed the hostname didn’t line up with the cert and we never quite pinned down the root cause. I drifted into chasing DNS quirks for a bit, then came back to the trust story.