How to configure Nginx reverse proxy using SSL

Prerequisites

1. Backend Server: For the purpose of this tutorial, we are using a tomcat server running on localhost on port 8080

NOTE: - When you start proxying requests, make sure the application server is started.

2.ssl certificate: We also need to configure the ssl certificate on the server. We can use let's encrypt's encryption certificate, you can get one using the program mentioned here. But for this tutorial, we will be using a self-signed certificate, which can be created by running the following command from the terminal,

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/certs/cert.key -out /etc/nginx/certs/cert.crt

The next step in configuring nginx reverse proxy with ssl will be the nginx installation,

Install nginx

ubuntu

##nginx is available in the default ubuntu repository. So easy, install it using the following command,

$ sudo apt-get update && sudo apt-get install nginx

Now start the service and enable it for startup,

# systemctl start nginx 
 
# systemctl enable nginx

Now check the nginx installation, we can open the web browser and enter the system ip as the url to get the default nginx web page, this confirms that nginx is working properly.

Configuring nginx reverse proxy using ssl

Now we have everything we need to configure nginx reverse proxy using ssl. We now need to configure in nginx, we will use the default nginx configuration file which is /etc/nginx/conf.d/default.conf.

Assuming this is the first time we are making any changes to the configuration , open the file and delete or comment out all old file contents, then put the following entries into the file.

vi /etc/nginx/conf.d/default.conf

server { 
 
listen 80; 
 
return 301 https://$host$request_uri; 
 
} 
 
 
 
 
server { 
 
listen 443; 
 
server_name linuxtechlab.com; 
 
ssl_certificate /etc/nginx/ssl/cert.crt; 
 
 
 
 
ssl_certificate_key /etc/nginx/ssl/cert.key; 
 
ssl on; 
 
ssl_session_cache builtin:1000 shared:ssl:10m; 
 
ssl_protocols tlsv1 tlsv1.1 tlsv1.2; 
 
ssl_ciphers high:!anull:!enull:!export:!camellia:!des:!md5:!psk:!rc4; 
 
ssl_prefer_server_ciphers on; 
 
access_log /var/log/nginx/access.log; 
 
 
 
 
location / { 
 
proxy_set_header host $host; 
 
proxy_set_header x-real-ip $remote_addr; 
 
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; 
 
proxy_set_header x-forwarded-proto $scheme; 
 
proxy_pass http://localhost:8080; 
 
proxy_read_timeout 90; 
 
proxy_redirect http://localhost:8080 https://linuxtechlab.com; 
 
} 
 
}

After completing all changes, save the file and exit. We will discuss the configuration we made section by section before we restart the nginx service to implement the changes.

Section 1

server { 
listen 80; 
return 301 https://$host$request_uri; 
}

Here we tell that we want to listen for any requests to port 80 and then redirect them to https.

Section 2

listen 443; 
 
server_name linuxtechlab.com; 
 
ssl_certificate /etc/nginx/ssl/cert.crt; 
 
ssl_certificate_key /etc/nginx/ssl/cert.key; 
 
ssl on; 
 
ssl_session_cache builtin:1000 shared:ssl:10m; 
 
ssl_protocols tlsv1 tlsv1.1 tlsv1.2; 
 
ssl_ciphers high:!anull:!enull:!export:!camellia:!des:!md5:!psk:!rc4; 
 
ssl_prefer_server_ciphers on;

Now these are some default nginx ssl options we are using, they tell the nginx web server which protocol version, ssl cipher is supported.

Section 3

location / { 
 
proxy_set_header host $host; 
 
proxy_set_header x-real-ip $remote_addr; 
 
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; 
 
proxy_set_header x-forwarded-proto $scheme; 
 
proxy_pass http://localhost:8080; 
 
proxy_read_timeout 90; 
 
proxy_redirect http://localhost:8080 https://linuxtechlab.com; 
 
}

Now, this section covers proxies and where incoming requests come in. Now that we have discussed all the configuration, we will check and then restart the nginx service.

To check nginx, run the following command

# nginx -t

Once all our configuration files are ok, we will restart the nginx service

# systemctl restart nginx

That’s it , our ssl nginx reverse proxy is now ready. Now to test the setup, all you have to do is open a web browser and enter the url. We should now be redirected to the apache tomcat web page.

The above is the detailed content of How to configure Nginx reverse proxy using SSL. For more information, please follow other related articles on the PHP Chinese website!