reverse proxy using nginx as frontend server.

Daniel Parraz lists at
Sat Jul 10 05:59:15 MSD 2010

Retheesh Kumar R wrote:
> Hello All,
> I am trying to configure reverse proxy on my nginx server. This server
> need to sit in the DMZ zone. Receive the web request and forward it to a
> backend web server.
> I have tried the configuration mentioned here.
> Note: - Currently No firewall in place so no port restriction.
> Scenario -
> The frontend server URL is
> Backend Web Server URL is
> Challenges -
> *         When the redirect happens the frontend URL should not change.
> It should remain the same appending the new page details to the frontend
> server URL.
> *         Need https configured from Client to frontend
> *         https/http from frontend to backend web server.
> Can you please guide me with the configuration. Or let me know if you
> need any further information
> Regards,
> Retheesh
> The information transmitted is intended only for the person or entity to 
> which it is addressed and may contain confidential and/or privileged 
> material.
> Any review, re-transmission, dissemination or other use of or taking of 
> any action in reliance upon,this information by persons or entities 
> other than the intended recipient is prohibited.
> If you received this in error, please contact the sender and delete the 
> material from your computer.
> Microland takes all reasonable steps to ensure that its electronic 
> communications are free from viruses.
> However, given Internet accessibility, the Company cannot accept 
> liability for any virus introduced by this e-mail or any attachment and 
> you are advised to use up-to-date virus checking software.

This is about what your looking for, although it only does plain-text 
conversations from front-end to origin machines.

#Start of nginx config for SSL offloading
upstream app_pool {
         server;  # change these ports to connect to 
SSL backend(s) instead?

server {
        ssl         on;
        ssl_certificate         /etc/ssl/nginx/secure_combined.crt;

        listen                  443;
        location / {
        proxy_pass              http://app_pool; # possible to use ports http://app_pool:443;
        port_in_redirect        off; # toggle on/off if you use a port 
in the above line
        proxy_set_header        Host             $host;
        proxy_set_header        X-Real-IP        $remote_addr;
        proxy_set_header        X-Forwarded-For 
# End of Nginx config

Essentially, this config would listen on 443 of a machine, and pass all 
requests to the two backends that are mentioned in the upstream block 
above server. In this config, a user makes a connection via SSL to, and the request is sent to the back-end as 
plain-text(no ssl)

I would say you can use the "proxy_pass" statement in the server area to 
try and connect to the origin machine(s) via SSL, as you can specify 
ports in proxy_pass like this...

proxy_pass http://localhost:8080

Not exactly what you were looking for, but a few minutes of 
experimenting with the proxy pass ports and upstream nodes, and you 
should have what you want running.

Posted via

More information about the nginx mailing list