Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


nginx reverse proxy ssl question
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

nginx reverse proxy ssl question

xaitmixaitmi Member
edited April 2015 in Help

Hi.

Right now this is my setup.

NGINX Reverse Proxy on VPS 1 --> WebServer on VPS 2 (Which runs NGINX (CentMinMod))

If I install an SSL Certificate for my domain on the webserver, will I have to make any configuration changes to the reverse proxy or will it just work fine?

I've never used a reverse proxy on my site before, so I want to know before I actually install the SSL incase anything breaks.

For the reverse proxy I followed this guide http://lowendtalk.com/discussion/31261/nginx-reverse-proxy-tutorial-centos-6

Comments

  • ATHKATHK Member

    You'll probably need the SSL on the reverse proxy and the webserver.

  • you'll need the ssl where the reverse proxy is. in this case, on the vps 1.

  • deployvmdeployvm Member, Host Rep
    edited April 2015

    Hello,

    You will need SSL on your reverse proxy but your nginx server can proxy the traffic through port 80 to/from the webserver. This means you just need the SSL certificate installed on your reverse proxy.

    If you want full SSL and connections through 443 only, then you will need SSL on both webservers.

  • @deployvm said:
    Hello,

    You will need SSL on your reverse proxy but your nginx server can proxy the traffic through port 80 to/from the webserver. This means you just need the SSL certificate installed on your reverse proxy.

    If you want full SSL and connections through 443 only, then you will need SSL on both webservers.

    Yes I want full SSL.

    Just to clarify, do I install the SAME SSL Cert on both servers, or do I have to use 2 diff ssl certs.

  • you can use the same ssl cert. your backend webserver must be set up to the same domain though, and your front end reverse proxy needs to have a hosts file setup to point the domain at your backend server ip. (dns should be pointing at your front-end nginx server)

  • dragon2611dragon2611 Member
    edited April 2015

    If you have one of the newer versions of Nginx (1.7+ I think) you can configure it to check the certificate for the backend server and refuse to talk to it if the certificate doesn't match one that it's been configured to trust.

    The older versions of Nginx can still be configured to talk SSL to the backend server but If I remember rightly they don't actually check the certificate at all making an MITM attack possible.

Sign In or Register to comment.