We have a PHP platform as a client for AWS SNS. We use NGINX as a proxy for Apache 2 in the background.
This works great when sending notifications on port 80 (HTTP). We recently implemented SSL certificates to better simulate our production environment. We made a new HTTPS subscription in the AWS SNS console, but the subscription message never gets into the PHP source code. It is blocked somewhere along the way.
In NGINX access logs we cannot get answers. We see the following lines, which we suspect come from SNS (IP addresses are resolved within the Amazon network)
54.240.197.67 - - [10/Feb/2014:10:49:42 +0000] "-" 400 0 "-" "-"
54.240.197.2 - - [10/Feb/2014:10:50:03 +0000] "-" 400 0 "-" "-"
62.75.187.88 - - [10/Feb/2014:10:50:07 +0000] "-" 400 0 "-" "-"
54.240.197.65 - - [10/Feb/2014:10:50:23 +0000] "-" 400 0 "-" "-"
54.240.197.35 - - [10/Feb/2014:10:51:48 +0000] "-" 400 0 "-" "-"
54.240.197.66 - - [10/Feb/2014:10:52:09 +0000] "-" 400 0 "-" "-"
54.240.197.35 - - [10/Feb/2014:10:52:30 +0000] "-" 400 0 "-" "-"
54.240.197.33 - - [10/Feb/2014:10:52:51 +0000] "-" 400 0 "-" "-"
Our NGINX configuration looks like this:
listen 443;
root /var/www/example_dev/public/;
index index.php index.html index.htm;
server_name dev.example.com;
client_max_body_size 20M;
ssl on;
ssl_certificate /etc/nginx/ssl/dev.example.com/dev.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/dev.example.com/dev.example.com.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/nginx.dev_example_com.access.log;
error_log /var/log/nginx/nginx.dev_example_com.error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~ /\.ht {
deny all;
}
, CA , , AWS, ? CA PositiveSSL CA 2, Root CA AddTrust CA
, NGINX?
!
, SSL. () CA Root SNS . , NGINX.
.
. , AWS SNS CA Root, .