Home >Operation and Maintenance >Nginx >How to configure Nginx reverse proxy using SSL
Prerequisites
1. Backend Server: For the purpose of this tutorial, we are using a tomcat server running on localhost on port 8080
NOTE: - When you start proxying requests, make sure the application server is started.
2.ssl certificate: We also need to configure the ssl certificate on the server. We can use let's encrypt's encryption certificate, you can get one using the program mentioned here. But for this tutorial, we will be using a self-signed certificate, which can be created by running the following command from the terminal,
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/certs/cert.key -out /etc/nginx/certs/cert.crt
The next step in configuring nginx reverse proxy with ssl will be the nginx installation,
Install nginx
ubuntu
$ sudo apt-get update && sudo apt-get install nginxNow start the service and enable it for startup,
# systemctl start nginx # systemctl enable nginxNow check the nginx installation, we can open the web browser and enter the system ip as the url to get the default nginx web page, this confirms that nginx is working properly.
Configuring nginx reverse proxy using ssl
server { listen 80; return 301 https://$host$request_uri; } server { listen 443; server_name linuxtechlab.com; ssl_certificate /etc/nginx/ssl/cert.crt; ssl_certificate_key /etc/nginx/ssl/cert.key; ssl on; ssl_session_cache builtin:1000 shared:ssl:10m; ssl_protocols tlsv1 tlsv1.1 tlsv1.2; ssl_ciphers high:!anull:!enull:!export:!camellia:!des:!md5:!psk:!rc4; ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; location / { proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header x-forwarded-proto $scheme; proxy_pass http://localhost:8080; proxy_read_timeout 90; proxy_redirect http://localhost:8080 https://linuxtechlab.com; } }After completing all changes, save the file and exit. We will discuss the configuration we made section by section before we restart the nginx service to implement the changes. Section 1
server { listen 80; return 301 https://$host$request_uri; }Here we tell that we want to listen for any requests to port 80 and then redirect them to https. Section 2
listen 443; server_name linuxtechlab.com; ssl_certificate /etc/nginx/ssl/cert.crt; ssl_certificate_key /etc/nginx/ssl/cert.key; ssl on; ssl_session_cache builtin:1000 shared:ssl:10m; ssl_protocols tlsv1 tlsv1.1 tlsv1.2; ssl_ciphers high:!anull:!enull:!export:!camellia:!des:!md5:!psk:!rc4; ssl_prefer_server_ciphers on;Now these are some default nginx ssl options we are using, they tell the nginx web server which protocol version, ssl cipher is supported. Section 3
location / { proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header x-forwarded-proto $scheme; proxy_pass http://localhost:8080; proxy_read_timeout 90; proxy_redirect http://localhost:8080 https://linuxtechlab.com; }Now, this section covers proxies and where incoming requests come in. Now that we have discussed all the configuration, we will check and then restart the nginx service.
To check nginx, run the following command
# nginx -tOnce all our configuration files are ok, we will restart the nginx service
# systemctl restart nginxThat’s it , our ssl nginx reverse proxy is now ready. Now to test the setup, all you have to do is open a web browser and enter the url. We should now be redirected to the apache tomcat web page.
The above is the detailed content of How to configure Nginx reverse proxy using SSL. For more information, please follow other related articles on the PHP Chinese website!