Simple steps to configure Nginx reverse proxy with SSL

Preface

A reverse proxy is a server that receives requests made over the web, both http and https, and then sends them to a backend server (or servers). The backend server can be a single or a group of application servers like Tomcat, wildfly or Jenkins etc., or it can even be other web servers like Apache etc.

We have discussed how to configure a simple http reverse proxy using Nginx. In this tutorial, we will discuss how to configure Nginx reverse proxy with SSL. So, let’s start with the process of configuring Nginx reverse proxy with SSL.

Prerequisites

1. Backend Server: For the purpose of this tutorial, we are using a tomcat server running on localhost at port 8080

Note: - When you start proxying requests, make sure the application server is started.

2.SSL Certificate: We also need to configure the SSL certificate on the server. We can use a Let's Encrypt certificate, you can get one using the procedure mentioned here. But for this tutorial, we will use a self-signed certificate which can be created by running the following command from the terminal,

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/certs/cert.key -out /etc/nginx/certs/cert.crt

The next step to configure nginx reverse proxy with ssl will be nginx installation,

Install Nginx

Ubuntu

Nginx is available in the default Ubuntu repositories. It's that simple, install it using the following command,

$ sudo apt-get update && sudo apt-get install nginx

Now start the service and enable it for boot,

# systemctl start nginx 
 
# systemctl enable nginx

Now to check the nginx installation, we can open a web browser and enter the system IP as the url to get the default nginx web page, which confirms that nginx is working fine.

Configure Nginx reverse proxy with SSL

Now we have everything we need to configure nginx reverse proxy with ssl. We now need to configure this in nginx. We will use the default nginx configuration file, which is /etc/nginx/conf.d/default.conf.

Assuming this is the first time we are making any changes to the configuration, open the file and delete or comment out all the old file contents, then put the following entries into the file.

vi /etc/nginx/conf.d/default.conf

server { 
 
listen 80; 
 
return 301 https://$host$request_uri; 
 
} 
 
 
 
 
server { 
 
listen 443; 
 
server_name linuxtechlab.com; 
 
ssl_certificate /etc/nginx/ssl/cert.crt; 
 
 
 
 
ssl_certificate_key /etc/nginx/ssl/cert.key; 
 
ssl on; 
 
ssl_session_cache builtin:1000 shared:SSL:10m; 
 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
 
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; 
 
ssl_prefer_server_ciphers on; 
 
access_log /var/log/nginx/access.log; 
 
 
 
 
location / { 
 
proxy_set_header Host $host; 
 
proxy_set_header X-Real-IP $remote_addr; 
 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 
proxy_set_header X-Forwarded-Proto $scheme; 
 
proxy_pass http://localhost:8080; 
 
proxy_read_timeout 90; 
 
proxy_redirect http://localhost:8080 https://linuxtechlab.com; 
 
} 
 
}

Once you have made all changes, save the file and exit. Before we restart the nginx service to implement the changes we made, we will go through the configuration we made section by section.

Section 1

server { 
listen 80; 
return 301 https://$host$request_uri; 
}

Here we are telling us to listen for any requests to port 80 and then redirect them to https.

Section 2

listen 443; 
 
server_name linuxtechlab.com; 
 
ssl_certificate /etc/nginx/ssl/cert.crt; 
 
ssl_certificate_key /etc/nginx/ssl/cert.key; 
 
ssl on; 
 
ssl_session_cache builtin:1000 shared:SSL:10m; 
 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
 
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; 
 
ssl_prefer_server_ciphers on;

Now these are some of the default nginx ssl options we are using which tells the nginx web server which protocol version, SSL ciphers are supported.

Section 3

location / { 
 
proxy_set_header Host $host; 
 
proxy_set_header X-Real-IP $remote_addr; 
 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 
proxy_set_header X-Forwarded-Proto $scheme; 
 
proxy_pass http://localhost:8080; 
 
proxy_read_timeout 90; 
 
proxy_redirect http://localhost:8080 https://linuxtechlab.com; 
 
}

Now, this section describes proxies and where incoming requests go after they come in. Now that we have discussed all the configurations, we will check and then restart the nginx service.

To check nginx, run the following command

# nginx -t

Once all our configuration files are ok, we will restart the nginx service

# systemctl restart nginx

That's it, our ssl nginx reverse proxy is now ready. Now to test the setup, all you have to do is open your web browser and enter the URL. We should now be redirected to the apache tomcat webpage.

This completes our tutorial on how to configure nginx reverse proxy with ssl

Summarize

The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM.