Of Stack

Simple steps to configure the Nginx reverse proxy with SSL

  • 2020-05-17 07:45:18
  • OfStack

preface

A reverse proxy is a server that receives requests made through Web, http and https, and sends them to the back-end server (or server). The back-end server can be a single or a group of application servers, such as Tomcat, wildfly, or Jenkins, or even other Web servers, such as Apache.

We have discussed how to configure a simple http reverse proxy using Nginx. In this tutorial, we will discuss how to configure the Nginx reverse proxy using SSL. So let's start with the process of configuring the Nginx reverse proxy using SSL.

A prerequisite for

1. Back-end server: for the purposes of this tutorial, we used an tomcat server running on localhost on port 8080

Note: - when you start the proxy request, make sure the application server is started.

2.SSL certificates: we also need to configure SSL certificates on the server. We can use the let's encrypt encryption certificate and you can get one using the program mentioned here. But for this tutorial, we'll use self-signed certificates, which can be created by running the following commands from the terminal, 


$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/certs/cert.key -out /etc/nginx/certs/cert.crt

The next step in configuring the nginx reverse agent using ssl will be the nginx installation,

Install Nginx

Ubuntu

Nginx is available for the default Ubuntu repository. As simple as that, install it using the following command, 


$ sudo apt-get update && sudo apt-get install nginx

Now start the service and enable it to start, 


# systemctl start nginx 
 
# systemctl enable nginx

Now check the nginx installation, we can open the Web browser and enter the system IP as url to get the default nginx page, which confirms that nginx is working properly.

Configure the Nginx reverse proxy using SSL

We now have everything we need to configure the nginx reverse proxy using ssl. We now need to configure in nginx, we will use the default nginx configuration files, namely/etc nginx/conf d/default conf.

Assuming this is the first time we've made any configuration changes, open the file and delete or comment all the old file contents, then put the following entries into the file.

vi /etc/nginx/conf.d/default.conf 


server { 
 
listen 80; 
 
return 301 https://$host$request_uri; 
 
} 
 
 
 
 
server { 
 
listen 443; 
 
server_name linuxtechlab.com; 
 
ssl_certificate /etc/nginx/ssl/cert.crt; 
 
 
 
 
ssl_certificate_key /etc/nginx/ssl/cert.key; 
 
ssl on; 
 
ssl_session_cache builtin:1000 shared:SSL:10m; 
 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
 
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; 
 
ssl_prefer_server_ciphers on; 
 
access_log /var/log/nginx/access.log; 
 
 
 
 
location / { 
 
proxy_set_header Host $host; 
 
proxy_set_header X-Real-IP $remote_addr; 
 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 
proxy_set_header X-Forwarded-Proto $scheme; 
 
proxy_pass http://localhost:8080; 
 
proxy_read_timeout 90; 
 
proxy_redirect http://localhost:8080 https://linuxtechlab.com; 
 
} 
 
}

When all changes are made, save the file and exit. Before we restart the nginx service to implement the changes, we will discuss the configuration we did section by section.

Section 1 


server { 
listen 80; 
return 301 https://$host$request_uri; 
}

Here, we tell us to hear any requests to port 80 and then redirect it to https.

Section 2 


listen 443; 
 
server_name linuxtechlab.com; 
 
ssl_certificate /etc/nginx/ssl/cert.crt; 
 
ssl_certificate_key /etc/nginx/ssl/cert.key; 
 
ssl on; 
 
ssl_session_cache builtin:1000 shared:SSL:10m; 
 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
 
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; 
 
ssl_prefer_server_ciphers on;

Now these are some of the default nginx ssl options we are using. They tell nginx web server which version of the protocol is supported, SSL password.

Section 3 


location / { 
 
proxy_set_header Host $host; 
 
proxy_set_header X-Real-IP $remote_addr; 
 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 
proxy_set_header X-Forwarded-Proto $scheme; 
 
proxy_pass http://localhost:8080; 
 
proxy_read_timeout 90; 
 
proxy_redirect http://localhost:8080 https://linuxtechlab.com; 
 
}

Now, this section describes the proxy and where the incoming request comes in. Now that we have discussed all the configurations, we will check and then restart the nginx service.

To check nginx, run the following command 


# nginx -t

Once all our configuration files are ok, we will restart the nginx service 


# systemctl restart nginx

That's it. Our ssl nginx reverse agent is now ready. Now to test the Settings, all you have to do is open the Web browser and enter URL. We should now redirect to the apache tomcat page.

This completes our tutorial on how to configure the nginx reverse agent using ssl

conclusion

Related articles: