NodeJS, Nginx and SSL. Do I need to establish an ssl connection between the backend on node and nginx?

R

rizzli2017-06-15 17:46:25

Nginx

rizzli, 2017-06-15 17:46:25

There is a backend on port 3000, the port is closed from outside. It is proxied by nginx on port 80.
An https connection is established between the client and nginx.

upstream backend {
  server 127.0.0.1:3000;
  keepalive 8;
}
server {
  # SSL configuration
  #
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_certificate /etc/ssl/ssl-bundle.crt;
  ssl_certificate_key /etc/ssl/r_ru.key;
  add_header Strict-Transport-Security "max-age=31536000";
  #
  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;

    proxy_pass backend;
    proxy_redirect off;
  }
}

Do I also need to establish an ssl connection between nginx and the backend?

server {
        ...
        proxy_ssl_certificate     /etc/ssl/certs/backend.crt;
        proxy_ssl_certificate_key /etc/ssl/certs/backend.key;
        proxy_pass backend;
        proxy_ssl  on;
}

I just always thought that what is behind nginx can already work without ssl.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

S

sim3x, 2017-06-15
@rizzli

On one server - it is better to use a socket
On several - it is worth using encryption, even on self-signed certificates

E

Eugene, 2017-06-15
@Nc_Soft

I don't see the point if the proxy is on localhost

A

Andrey Burov, 2017-06-15
@BuriK666

If everything is on the same server, then there is no point in this.

R

rustler2000, 2017-06-15
@rustler2000

No, it's not necessary.
But if you really want to, then you can, of course, but the meaning escapes when you walk through the localhost