Hello Duo Community,
I am trying to setup a Web Application in our DNG but I get a 502 Bad Gateway.
- DNG version: 1.6.1 with RDP feature enabled.
- RDP is working fine
- 2FA SSO works fine.
- Right after the 2FA thing, I get that 502 Error.
- Internal server uses a self-signed certificate I uploaded to DNG. That certificate inludes the server’s hostname (
zav-mon-central.cameoglobal.local) as CN. - When you connect to the website internally, there is something add at the end of the URL.
In the logs, I can see the following:
network-gateway-portal | 2022/02/28 17:36:30 [error] 202#0: *94 upstream SSL certificate verify error: (21:unable to verify the first certificate) while SSL handshaking to upstream, client: 178.51.111.250, server: monitoring.cameoglobal.eu, request: "GET / HTTP/1.1", upstream: "https://10.32.6.240:443/", host: "monitoring.cameoglobal.eu", referrer: "https://■■■■■■■■■■■■■■■■■■■■■■■■■■■■/"
In this line, I do not see any mention to the server’s hostname.
When I look in the log file, the only mention I see is:
network-gateway-admin | 2022-02-28 17:24:10+0000 [admin] Arguments: {"_xsrf": "********************************", "ikey": "■■■■■■■■■■■■■■■■■■■■", "skey": "****************************************", "■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■", "enable_frameless": "on", "ehost": "monitoring.cameoglobal.eu", "external_host_cert_source": "own", "external_host_cert": "", "external_host_key": "", "allowlist_values": "", "allowlist_ips": "", "ihost": "https://zav-mon-central.cameoglobal.local/", "private_certificate_authority": "on", "internal_host_cert": "", "http_host_header_name": "internal", "ssl_sni_and_cert_name": "internal", "session_duration": "480", "upstream_response_timeout": "180", "client_max_body_size": "128"}
Regards,
Antony