Nginx – pass HTTPS traffic from one port to another

httpsnginxosxport-forwardingsslUbuntu

I'm doing a proxy_pass in nginx on port 80 to 8000 on my remote server, and then a port forward from 8000 to 80 from the remote to my localhost. This works great, but I'd also like to do it with https but it seems like nginx needs a valid cert to pass the traffic on.

Is there a way for my remote server to simply forward the trafic from port 443 to say 8443 (and then I'll forward remote 8443 to local 443). Then terminate ssl on my development machine instead instead of needing to do it on the remote server?

My remote runs ubuntu and my localhost runs osx.

Best Answer

While nginx probably has a third-party module to deal with raw TCP connections, I'm pretty sure that by default everything has to be either HTTP or terminated HTTPS. I think in your situation I'd do port forwarding at the network level:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443

Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

Nginx Configuration – Front-End Reverse Proxy to Another Port

I'm assuming that nginx is not the server listening on port 5010 as well as 80, correct? Something else is listening on 5010 and you wish to have nginx proxy to that server?

If that's the case, here's a nice sample config I've used in the past with success:

server {
        listen       80;
        server_name  <YOUR_HOSTNAME>;
        location / {
            proxy_pass         http://127.0.0.1:5010/;
            proxy_redirect     off;

            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

            client_max_body_size       10m;
            client_body_buffer_size    128k;

            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;

            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
}

I believe that should accomplish what you're seeking. Good luck!

Best Answer

Related Solutions

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

Nginx Configuration – Front-End Reverse Proxy to Another Port

Related Topic