Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to configure Nginx reverse proxy using SSL. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

1. Back-end server: for the purposes of this tutorial, we use a tomcat server running on localhost on port 8080

Note:-when you start to proxy requests, make sure that the application server is started.

2.SSL certificate: we also need to configure the SSL certificate on the server. We can use let's encrypt's encryption certificate, and you can use the program mentioned here to get one. But for this tutorial, we will use a self-signed certificate, which can be created by running the following command from the terminal

$openssl req-x509-nodes-days 365-newkey rsa:2048-keyout / etc/nginx/certs/cert.key-out / etc/nginx/certs/cert.crt

The next step in configuring the nginx reverse proxy using ssl will be the nginx installation

Install Nginx

Ubuntu

Nginx can be used for the default Ubuntu repository. As simple as that, install it with the following command

$sudo apt-get update & & sudo apt-get install nginx

Now start the service and enable it to start

# systemctl start nginx # systemctl enable nginx

Now to check the nginx installation, we can open the Web browser and enter the system IP as url to get the default nginx web page, which confirms that nginx is working properly.

Configure Nginx reverse proxy using SSL

Now we have everything you need to configure a nginx reverse proxy using ssl. We now need to configure it in nginx, and we will use the default nginx configuration file, / etc/nginx/conf.d/default.conf.

Suppose this is the first time we have made any changes to the configuration, open the file and delete or comment all the contents of the old file, and then put the following entry in the file.

Vi / etc/nginx/conf.d/default.conf

Server {listen 80; return 301 https://$host$request_uri;} server {listen 443; server_name linuxtechlab.com; ssl_certificate / etc/nginx/ssl/cert.crt; ssl_certificate_key / etc/nginx/ssl/cert.key; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers Higg Ssl_prefer_server_ciphers on; access_log / var/log/nginx/access.log; location / {proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://localhost:8080; proxy_read_timeout 90; proxy_redirect http://localhost:8080 https://linuxtechlab.com;}}

After you have made all your changes, save the file and exit. Before we restart the nginx service to implement the changes, we will discuss our configuration section by section.

Section 1

Server {listen 80; return 301 https://$host$request_uri;}

Here, we are told to listen to any request for port 80 and redirect it to https.

Section 2

Listen 443; server_name linuxtechlab.com; ssl_certificate / etc/nginx/ssl/cert.crt; ssl_certificate_key / etc/nginx/ssl/cert.key; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers Higg Higg: a NULLLV / eNULLLV / export / CAMELLIA / DES5 / MD5 / RC4; ssl_prefer_server_ciphers on

Now these are some of the default nginx ssl options we are using that tell the nginx web server which version of the protocol to support, the SSL password.

Section 3

Location / {proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://localhost:8080; proxy_read_timeout 90; proxy_redirect http://localhost:8080 https://linuxtechlab.com;}

Now, this section describes the agent and the location after the incoming request enters. Now that we have discussed all the configurations, we will check and restart the nginx service.

To check the nginx, run the following command

# nginx-t

Once all our configuration files are ok, we will restart the nginx service

# systemctl restart nginx

That's it. Our ssl nginx reverse proxy is now ready. Now to test the settings, all you have to do is open a Web browser and type URL. We should now redirect to the apache tomcat page.

After reading the above, do you have any further understanding of how to configure Nginx reverse proxy using SSL? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.