Amazon API gateway is an excellent service clubbed with the power of AWS lambda you can run your code without the hassles of server
AWS API Gateway gives you weird url names along with the deployment environment names
ex: https://my-random-domain.execute-api.us-east-1.amazonaws.com/stage , if you have a custom domain name you can hook up the SSL Certtificates have the endpoints under your domain
if you need to put an AWS api gateway behind a Nginx proxy , You might encounter an nginx error unable to connect to the AWS gateway endpoint
This error occurs due to that fact that AWS api-gateway is behind a CloudFront distribution and Expects a Server name and Cloudfront expects the SNI ,
With the nginx 1.7.0 , proxy_ssl_server_name was introduced to solve these kind of upstream ssl errors refer bug 292
Turn on the proxy_ssl_server_name directive by default its set to off;
Here is the sample code for reference
AWS API Gateway gives you weird url names along with the deployment environment names
ex: https://my-random-domain.execute-api.us-east-1.amazonaws.com/stage , if you have a custom domain name you can hook up the SSL Certtificates have the endpoints under your domain
if you need to put an AWS api gateway behind a Nginx proxy , You might encounter an nginx error unable to connect to the AWS gateway endpoint
This error occurs due to that fact that AWS api-gateway is behind a CloudFront distribution and Expects a Server name and Cloudfront expects the SNI ,
With the nginx 1.7.0 , proxy_ssl_server_name was introduced to solve these kind of upstream ssl errors refer bug 292
Turn on the proxy_ssl_server_name directive by default its set to off;
Here is the sample code for reference
Hi, only worked for me with this line at "location" directive level :
ReplyDeleteproxy_set_header X-Forwarded-Proto $scheme;
Hi Ajay - Im trying to get the same working with self signed certificates but with no luck. I get the 400 Bad Request error
ReplyDeletelisten 443 ssl;
listen [::]:443 ssl;
server_name local.co;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
# ssl session caching
ssl_session_cache shared:SSL:15m;
ssl_session_timeout 10m;
#client certificate generated from API Gateway
ssl_trusted_certificate /etc/nginx/ssl/client.crt;
ssl_client_certificate /etc/nginx/ssl/client.crt;
ssl_verify_client on;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
location /api {
proxy_ssl_server_name on;
set $proxy_pass_1 'https://k0cgv3.execute-api.us-east-2.amazonaws.com/test';
proxy_pass $proxy_pass_1$request_uri;
proxy_set_header X-Forwarded-Proto $scheme;
}