nginx: How To Set Up an SSL Reverse Proxy (Windows / Linux)

So you have a program on your computer that's running a HTTP server, but you want to add HTTPS support to it to prevent people from snooping on your activity.

Fortunately, that's pretty easy to do.

Downloads

  • nginx
  • openssl (for Windows, mine came with cmder)

Installing nginx

Pretty straight forward.

Windows: Download, extract and open command prompt there

Linux: Add repo, update and apt-get to install

Testing default setup

  • Windows: type "start nginx"
  • Linux: Should already be started after installation. If not, try /etc/init.d/nginx start

Open up a browser to http://localhost/ and you should see an nginx page.

Generating Encryption Certificate

For this process I'm just going to self-sign a certificate to get your server up and running. The browser will complain about it for the first time, but after you add the exception and test that it's all working you can get it signed properly elsewhere.

  • Open up a terminal and "cd" to nginx conf folder
    • Linux: cd /etc/nginx/
    • Windows: cd /D X:\Wherever\You\Extracted\nginx\conf\
  • Type in

openssl req -x509 -sha256 -newkey rsa:2048 -keyout yourdomain.com.key -out yourdomain.com.pem -days 1825 -subj '/CN=yourdomain.com' -nodes

  • This will generate your private key file and your certificate. Keep your key safe!

Configuring SSL on nginx

  • Open up nginx.conf
  • Under the "http" entry
  • Add in this snippet and modify to suit your domain/port numbers

# SSL reverse proxy server
server {
    listen      443 ssl;
    server_name localhost;

    ssl_certificate      yourdomain.com.pem;
    ssl_certificate_key  yourdomain.com.key;

    #ssl_session_cache    shared:SSL:1m;
    #ssl_session_timeout  5m;

    #ssl_ciphers  HIGH:!aNULL:!MD5;
    #ssl_prefer_server_ciphers  on;

     location / {
        proxy_pass http://localhost:1234/;
    }
}

In this example I'm proxying the HTTPS request to https://yourdomain.com:443 (default HTTPS port being 443) to a service running at http://localhost:1234 on the same computer.

Reload nginx and you see if it works on the browser.

  • Linux: /etc/init.d/nginx reload
  • Windows: nginx -s reload

Now you should be able to access your HTTP service via a secure HTTPS proxy.

See? Wasn't that hard after all!

22a53b79dac1e7a50ba3c5c3836ef702

Additional redirects

You might want to add a regular HTTP server which redirects to the new HTTP server. Simply add this to the conf script above or below the details for the HTTPS "server {}".

server {
    listen       80;
    server_name  yourdomain.com;

    location / {
        return 301 https://$host/;
    }
}

Sources

 
Copyright © Twig's Tech Tips
Theme by BloggerThemes & TopWPThemes Sponsored by iBlogtoBlog