Thursday, September 1, 2022

[FIXED] How do I configure localhost nginx to proxy https remote backend

      , ,      No comments   

Issue

I am developing a web UI frontend in JS, for a backend API that is now using HTTPS. The following nginx config on my development machine was all I needed:

http {
  include /etc/nginx/mime.types;
  disable_symlinks off;

  server {
    disable_symlinks off;
    listen 8080;
    server_name localhost;

    location /api/ {
        proxy_pass                http://www.my-api.com;
    }

    location /some-path/ {
      disable_symlinks off;
      root /var/www;
      index index.html;
    }
  }

}

But now www.my-api.com is an https endpoint.

What adjustments do I need to make to my nginx config, in order to forward my localhost requests to the HTTPS backend?


Solution

Below is the server section that works for me. @Jay Achar got me close, and to be honest there are a few things I should try in order to simplify the config. I added the following lines:-

    ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_ssl_server_name on;

I also found that I had the proxied host name incorrect. In my case the www. on the front was not right. I suspect that the host's certificate doesn't match with www in there. Perhaps just using @Jay Achar's answer with the correct remote host name would be all one would need.

The /etc/ssl/certs/ca-certificates.crt comes from my openssl. I figured it would be suitable as client certificate to send to the proxied host.

The only other change I made to @Jay Achar's config was in the lines

  proxy_set_header Host              $proxy_host;
  proxy_set_header X-Real-IP         $upstream_addr;

Again, perhaps those changes were not necessary.

    server {
        disable_symlinks off;
        listen 8080;
        server_name pb.localhost;
        
        ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
        location /api {
            proxy_pass  https://my-api.com:443;

            proxy_ssl_server_name on;
                proxy_http_version  1.1;
                proxy_cache_bypass  $http_upgrade;

            proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
                proxy_set_header Upgrade           $http_upgrade;
                proxy_set_header Connection        "upgrade";
                proxy_set_header Host              $proxy_host;
                proxy_set_header X-Real-IP         $upstream_addr;
                proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Host  $host;
                proxy_set_header X-Forwarded-Port  $server_port;
        }

        location /some-path/ {
            disable_symlinks off;
            root /var/www;
            index index.html;
        }
    }


Answered By - Henry Bone
Answer Checked By - Marie Seifert (PHPFixing Admin)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...