Sample Header Ad - 728x90

How to NGINX reverse proxy to backend server which has a self signed certificate?

0 votes
1 answer
6402 views
nginx proxy reverse-proxy load-balancing
I have a small network with a webserver and an OpenVPN Access Server (with own webinterface). I have only 1 public ip and want to be able to point subdomains to websites on the webserver (e.g. website1.domain.com, website2.domain.com) and point the subdomain vpn.domain.com to the web interface of the OpenVPN access server. After some Google actions i think the way to go is setup a proxy server. NGINX seems to be able to do this with the "proxy_pass" function. I got it working for HTTP backend URL's (websites) but it does not work for the OpenVPN Access Server web interface as it forces to use HTTPS. I'm fine with HTTPS and prefer to use it also for the websites hosted on the webserver. By default a self signed cert. is installed and i want to use also self signed cert. for the other websites. How can i "accept" self signed cert. for the backend servers? I found that i need to generate a cert. and define it in the NGINX reverse proxy config but i do not understand how this works as for example my OpenVPN server already has an SSL certificate installed. I'm able to visit the OpenVPN web interface via https://direct.ip.address.here/admin but got an "This site cannot deliver an secure connection" page when i try to access the web interface via Chrome. My NGINX reverse proxy config: 
server {
  listen        443;
  server_name   vpn.domain.com;

  ssl_verify_client off;

  location / {
    # app1 reverse proxy follow
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass https://10.128.20.5:443 ;
    proxy_ssl_verify off;
  }

  access_log /var/log/nginx/access_log.log;
  error_log /var/log/nginx/access_log.log;
}

server {
  listen        80;
  server_name   website1.domain.com;

  location / {
    # app1 reverse proxy follow
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://10.128.11.20:80 ;
  }

  access_log /var/log/nginx/access_log.log;
  error_log /var/log/nginx/access_log.log;
}
**A nearby thought...** Maybe NGINX is not the right tool for this at all (now or on long term)? Lets assume i can fix the cert. issue i currently have and we need more backend web servers to handle the traffic, is it possible to scale the NGINX proxy as well? like a cluster or load balancer or something? Should i look for a completely different tool?
Asked by CodeNinja (231 rep)
May 29, 2020, 07:14 AM
Last activity: Nov 16, 2020, 04:59 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "nginx"
More questions tagged "proxy"
More questions tagged "reverse-proxy"
Footer Ad - 728x90