Using nginx to add SSL
Posted August 21st, 2009 by chrisI’m not going to lie, like every other network guy, I googled my way through this one.
nginx is one of my favorite new applications. I’ve been using it in a limited fashion to do proxying for websites from the internet DMZ to internal, secured network without poking more holes in the firewall architecture.
Let me note that I understand nginx is designed to do much more than just proxying, and apache can probably do the same thing, but the simplicity and transparency it has with apache configs is pretty priceless. I know a few rails/ROR people love it for the the same reason; it’s incredibly simple and easy to pick up if you’re familiar with apache.
I shamelessly followed the slicehost walkthrough on adding SSL in front of your site via proxying found here. I also followed their steps for adding the SSL cert here.
Take a peek at my finished config.
root@proxy:/etc/nginx/sites-available$ cat site.domain.comserver { listen 80; server_name site.domain.com; location / { rewrite ^/(.*)$ https://site.domain.com/$1 redirect; } } server { listen 443; server_name site.domain.com; ssl on; ssl_certificate /etc/nginx/ssl/certs/site.crt; ssl_certificate_key /etc/nginx/ssl/private/site.key; keepalive_timeout 210; add_header Front-End-Https on; location / { proxy_pass http://yourinternernalapp.domain.com:10000; proxy_redirect on; proxy_set_header Host $host; } }
It’s something I expected for me to claw through, but I finished it in about 5 minutes. I think this is awesome, since you can have the SSL in front of your site in the backend, and not have to worry about changing 10 different certificates in your cluster, just the two+ at your load balancer(s).