Nginx Reverse Proxy, SSL
Nginx is awesome - awesomely simple! I set it up on my FreeBSD home server. I like the idea of reverse proxy. For any application that can service a local port via HTTP. Nginx is able to serve it publicly via proxy. Here's the scenario:
I have a TiddlyWiki node.js app, which is ONLY capable of HTTP, but not HTTPS. That's dangerous with basic auth (which TIddlyWiki only supports). But no problem. Assuming the TiddlyWiki serves a local 8080 port. We can use Nginx to proxy that to a public facing 443 HTTPS port. Here's how.
Install Nginx on FreeBSD
This is as simple as
pkg install nginx
That's only ~1MB.
Note that configurations are installed at /usr/local/etc/
:
- Main configuration at
/usr/local/etc/nginx/nginx.conf
- Service script at
/usr/local/etc/rc.d/nginx
Setup Nginx
Enable the service in /etc/rc.conf
:
nginx_enable="YES"
Start the service manually:
service nginx start
Generate SSL certificate with (refer to freebsd doc). And copy them to /usr/local/etc/nginx/
.
openssl req -new -nodes -out cert.crt -keyout cert.key -sha256 -newkey rsa:2048
Configure /usr/local/etc/nginx/nginx.conf
according to the nginx document (2,3,4):
Disable the HTTP 80 section by commenting out the below section:
server {
listen: 80;
...
}
Enable the HTTPS section likewise.
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;
ssl_certificate cert.crt;
ssl_certificate_key cert.key;
...
location / {
proxy_pass http://localhost:8080;
}
}
The proxy_pass
line specifies to proxy local endpoint 8080.