Skip to main content

Configure Nginx as SSL Reverse Proxy

Configuring Nginx on windows, using Pfx Files

  1.  Install Chocolatey (if not installed already)
  2. Install OpenSSL 
    1. Command: choco install openssl
  3. Install Nginx 
    1. Command: choco install nginx --params '"/installLocation:C:\Program Files\McRoberts Technologies\McTechProxy /serviceName:McTechProxy"'
  4. Copy the SSL Certificate PFX file to an easy to access location (C:\temp works for now)
  5. Open the OpenSSL Command prompt (Start > All Programs > OpenSSL > Win64 OpenSSL Command Prompt)
  6. Navigate to the directory where the pfx file is located (C:\temp) - cd c:\temp
  7. Extract the SSL Certificate Key from the PFX File
    1. Command: openssl pkcs12 -in <PFX_file> -nocerts -nodes -out mychild.<domain_name>.key.pem
  8. Extract the "crt" file from the PFX file
    1. Command: openssl pkcs12 -in <PFX_file> -clcerts -nokeys -out mychild.<domain_name>.certs.pem
  9. Copy the *.pem files from the temporary location, to a permnate home
    1.   Recommended Location: C:\Program Files\McRoberts Technologies\McTechProxy\nginx-<version>\conf\ssl
  10. Edit the nginx.conf in the McTechProxy\conf folder, use Template 1 as an example, changing server_name & certificates locations as needed
Note: When setting file locations in the nginx config you *MUST* use the format c:/path/to/certificates paying attention to use ONE / (forward slash) in place of the back slashes ( \ )
##########################
# Start of Template 1 - nginx.conf #
##########################
#user  nobody;
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
map $http_connection $connection_upgrade {
"~*Upgrade" $http_connection;
default keep-alive;
}
  
    server {
        listen       80;
listen 443 ssl;
        server_name  mychild.domain.org;
ssl_certificate "C:/Program Files/McRoberts Technologies/RtlsProxy/conf/ssl/certs.mychild.domain.org.pem";
ssl_certificate_key "C:/Program Files/McRoberts Technologies/RtlsProxy/conf/ssl/key.mychild.domain.org.pem";
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
large_client_header_buffers 4 16k;
        location / {
proxy_http_version 1.1;
proxy_set_header   Upgrade $http_upgrade;
proxy_set_header   Connection $connection_upgrade;
proxy_set_header   Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header   X-Forwarded-Scheme $scheme;
proxy_set_header   X-Forwarded-Proto  $scheme;
proxy_set_header   X-Forwarded-For   $remote_addr;
proxy_set_header   X-Real-IP  $remote_addr;
proxy_pass         http://localhost:9982;
        }
        # redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}
##########################
# End of Template 1 - nginx.conf #
##########################
No Comments
Back to top