Proxy Pass

Reinis Rozitis r at roze.lv
Thu May 23 14:58:07 UTC 2019


> Instead of IP address, if we use FQDN with https, do we have to validate the SSL certificate on Proxy_Pass?. 

By default the certificate validation is turned off (and nginx just uses the ssl for traffic encryption). 
If needed you can enable it with proxy_ssl_verify on; ( http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_verify )


> Due to IP address, multiple sites on the server Nginx access log logging the same requests.

If you do the logging on the backend server (and there are multiple virtualhosts) and proxy_pass is via http://ip, then you need/have to pass also the Host header.

Either by passing the Host header from original request:

proxy_set_header Host $host;

or you can specify a custom one:

proxy_set_header Host "some.domain";



> Is the above Nginx config, correct way of doing it?.

Depends on your setup and what you want to achieve.


For example if your location blocks match the request on the backend you can omit the URI in the proxy_pass directive:

location /abc {
proxy_pass https://1.1.1.1;
}

rr



More information about the nginx mailing list