How to setup the nginx for https reverse proxy

Here is just one example how you can setup the nginx server to let it forward the https call and consume the ssl  cert (you have created in my last article).

In fact at the location section you can forward request to the non https server which could in your DMZ. Outside surf will surf the public domain and with https secured.

server {
 listen 443 ssl;
 server_name wayneshare.com;

ssl_certificate cert_wayneshare/cert_wayneshare.crt;
 ssl_certificate_key cert_wayneshare/key_wayneshare.pem;

ssl_session_cache shared:SSL:1m;
 ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
 ssl_prefer_server_ciphers on;

client_body_buffer_size 200k;
 client_header_buffer_size 20k;
 client_max_body_size 256m;
 large_client_header_buffers 16 32k;

access_log /var/log/nginx/node0.access.log;
 error_log /var/log/nginx/node0.error.log info;

location /internal/ {
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_pass http://10.1.1.36/internal/;
 }
}

 

As you have the https enabled now, so you can set a force redirect of your http site or URL to a https URL. just use nginx setting :

 

server {
 listen 80;
............
 location /internal/ {
    return 301 https://$server_name$request_uri;
}
}

 

Advertisements