nginx as fwd-proxy to an https server
Cliff Wells
cliff at develix.com
Mon Mar 19 23:04:54 UTC 2012
On Mon, 2012-03-19 at 23:28 +0100, Gelonida N wrote:
> If I understood well, the 'normal' setup is to
> let the client talk via https to nginx and to have all servers
> behind nginx talk plain http.
>
> However I have one setup, where I'd like to have an encrypted
> communication between nginx and one of the other servers (which cannot
> be reached directly by the web client)
>
> web client --https--> nginx --https--> another server
This is perfectly normal too, although probably less common.
> Nginx may be able to intercept (decrypt) the request (no security issue
> for the given setup), but it would also be fine if nginx wouldn't be
> able to decrypt the communication.
Nginx will need to decrypt the data in order to re-encrypt it for the
second leg.
> The remote server is also running nginx, but has however another
> certificate.
Won't matter.
> Any suggestions / recommendations for such a setup?
It is just as you described. Just use https:// as the scheme rather
than http:// in your proxy_pass directive.
Regards,
Cliff
More information about the nginx
mailing list