Hello, I hope I’m knocking on the good door 🙂
Since a few year, I’ve set up, thanks to the static URL (DynDNS) offered with my subscription (myUrl.internet-box.ch), a few services that I access on the web, and that I’ve secured thanks to a certificat signed by the simple cheap certbot, provided by reverse proxies that encapsulate my internal http communication.
However, since a few months ago (but I noticed only the reason today😃), I see that my certificat (signed for myUrl.internet-box.ch) given by my reverse proxies is being overriden by the internetbox.swisscom.ch certificat inside my home network, making all my services not happy at all when I use them within my home.
To note - this is only an issue inside my home network. I guess there is some DNS/network rule here or there that is redirecting any 192.168.1.X stuff to an internal internetbox.swisscom.ch with an internal internetbox.swisscom.ch certificat.
It could be that’s it’s my reverse proxies configurations that really aren’t top notch.
Here would be an example of one of my configuration:
server {
listen 446;
server_name myUrl.internet-box.ch;
ssl_certificate /etc/letsencrypt/live/...;
ssl_certificate_key /etc/letsencrypt/live/...;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8096;
proxy_redirect http://localhost:8096 https://myUrl.internet-box.ch;
}
}
I stay but a simple amateur in networking, so if you see anything wrong with this, don’t hesitate.
May someone has any idea? Maybe I could find what is doing this redirection/certificate pushing inside my network?
