T
T
t38c3j2022-03-19 16:30:18
Nginx
t38c3j, 2022-03-19 16:30:18

How to proxy SSL behind reverse proxy?

There is nginx in the role of gateway, and a bunch of internal services behind it. One of them issues ssl to itself, and I can’t pull up this ssl in the gateway so that it is given to the user when visiting the site. How to pass this ssl using proxy_pass?

Current gateway configuration

server {
  listen 443;
  server_name example.com;

  location / {
    proxy_pass https://$upstream;
  }
}

Answer the question

In order to leave comments, you need to log in

4 answer(s)
A
AUser0, 2022-03-20
@t38c3j

And you only have 3 options. Or physically extract / copy the certificate from the docker, and use it on this gateway. Or generate another certificate in Let'sEncrypt - and use it. Or allocate a separate IP (or non-standard port) to the gateway for this host, and pass all traffic without processing through stream { server {...} } (which is not much different from iptables with DNAT).

D
Drno, 2022-03-19
@Drno

Give nginx access to the certificate. And specify it in the settings
But in general it is more correct to proxy without ssl
Or just do a redirect

A
Alexander Karabanov, 2022-03-19
@karabanov

server {
  listen 443 ssl;
  server_name example.com;

  ssl_certificate /path/to/proxy/cert/example.com/fullchain.pem;
  ssl_certificate_key /path/to/proxy/cert/example.com/privkey.pem;

  location / {
    proxy_pass https://$upstream;
    proxy_ssl_server_name on;
    proxy_ssl_name $host;
    proxy_set_header Host $host;
  }
}

The ssl (0.7.14) parameter specifies that all connections accepted on this port should work in SSL mode. This allows you to set a compact configuration for a server that works in two modes at once - HTTP and HTTPS.

Syntax listen

A
Alexey Dmitriev, 2022-03-19
@SignFinder

What you need to do - you have already answered above.
And about - "pull this ssl into the gateway so that it is given to the user when visiting the site" - SSL was invented precisely so that it was impossible to "pull this ssl into the gateway so that it was given to the user when visiting the site."

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question