SSL Web nginx behind Mikrotik

abelovn · December 3, 2017, 8:11pm

Hello, All

board-name: RB951G-2HnD
version: 6.35.4 (stable)
white IP
forward to the local IP on which Nginx (on nginx released ssl letsencrypt)

The goal is to establish an SSL connection with the Web server.

When requesting a resource in the browser, the error is:
` An error occurred during a connection to mydomain.com. SSL received a record that exceeds the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG `
If Curl:
curl: (35) gnutls_handshake () failed: An unexpected TLS packet was received.

Correctly I understand that it’s not about port forwarding, but about the fact that for Mikrotik I need to install the same certificate that I issued and registered in the Nginx settings?

PS if I connect directly (without Mikrotik) - SSL works.
Through Mikrotik, http (80) also works.

normis · December 4, 2017, 8:58am

How are you forwarding it? Post your rules please

You definitely do not need to install certificates in RouterOS. Plenty of people have Letsencrypt SSL configured Nginx servers behind RouterOS NAT and it works great.

abelovn · December 4, 2017, 4:37pm

Thank you!
Done
I made a mistake in the rule.

that’s right:
ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-port=443 protocol=tcp to-addresses= to-ports=443