nginx as fwd-proxy to an https server

Cliff Wells cliff at
Mon Mar 19 23:04:54 UTC 2012

On Mon, 2012-03-19 at 23:28 +0100, Gelonida N wrote:
> If I understood well, the 'normal' setup is to
> let the client talk via https to nginx and to have all servers
> behind nginx talk plain http.

> However I have one setup, where I'd like to have an encrypted
> communication between  nginx and one of the other servers (which cannot
> be reached directly by the web client)
> web client --https--> nginx --https--> another server

This is perfectly normal too, although probably less common.

> Nginx may be able to intercept (decrypt) the request (no security issue
> for the given setup), but it would also be fine if nginx wouldn't be
> able to decrypt the communication.

Nginx will need to decrypt the data in order to re-encrypt it for the
second leg.

> The remote server is also running nginx, but has however another
> certificate.

Won't matter.

> Any suggestions / recommendations for such a setup?

It is just as you described.  Just use https:// as the scheme rather
than http:// in your proxy_pass directive.  


More information about the nginx mailing list