I am dockerizing a few websites behind a NGINX proxy. I am migrating from an Apache setup and am new to NGINX. As far as I understand, I should use a NGINX proxy to a web server. I want everything to be over SSL and all non-ssl requests to be redirected to HTTPS.
Should my private websites that are behind the proxy communicate with the proxy over normal HTTP port 80? Is that still encrypted totally? Just for information, is it possible to proxy from a NGINX proxy to an apache website?
Best Answer
You have to install SSL certificates to Nginx (your clients will communicate with it directly) and also define 80 port server then redirect it to 443. Here is a sample configuration for this kind of setup:
I don't know what kind of applications you have on your docker containers.
As an example if you have a PHP application. you can use PHP-FPM & completely remove Apache in between. Nginx can work with your container via fast-cgi. There can be hundreds of different setup depending on your needs & load etc.
Nginx is highly(!) configurable web server + proxy server. But just remember if your dns records points to Nginx ip address then you have to install SSL on it. & if you containers has no access from web which is a good security practice, you don't need to encrypt traffic between nginx & your containers which saves you off cpu power
Also nginx has powerful proxy/fastcgi cache functionality thus you can cache application's output (if they are not dynamic for each request, eg static files)
As of Wed Apr 25 14:57:24 2018
ssl on;
directive is deprecated. You can just comment it out. Details: http://hg.nginx.org/nginx/rev/46c0c7ef4913