How To Setup SSL For Nginx Reverse Proxy ?

In order to setup Nginx Reverse Proxy to accept SSL connections, we need to make couple modifications to our virtual.conf file. In this basic tutorial, we will assume that you have a working Nginx reverse proxy server running and you have already generated SSL certificate files for your domain. We will be modifying a virtual.conf file for a WordPress website. If you don’t know how to setup Nginx reverse proxy for WordPress, please read our previous article.

How To Enable SSL on Nginx ?

This is actually very simple to do. Basically, make sure that you have port 443 open to public on your firewall and then edit your virtual.conf as follows:

As you can see from our comments above, all you have to do is to define a new server configuration for port 443 and give SSL file paths to Nginx. Once you restart Nginx server, then Nginx is ready to accept SSL connections. However, our goal is to create a configuration for a reverse proxy. So how are we going to accomplish this?

Enabling SSL For A WordPress Site Behind Nginx Reverse Proxy

Let’s assume our Nginx is listening port 80 and reverse proxying requests to an Apache server on port 82. If we want to enable SSL for this domain and redirect all requests to our SSL site then we should make a copy of the block of directives previously defined for port 80 in our virtual.conf and then modify that configuration block so that we can use it for SSL. The new configuration for port 80 should redirect requests to port 443. Let’s look at a new virtual.conf file to make things more clear:

In the configuration above, we are making sure that our Nginx reverse proxy forwards SSL to our Apache server where our WordPress installation runs. As we have previously stated, Nginx redirects request that come to port 80 to our SSL site. This ensures that our website does not have both http and https versions available. Of course, you can get rid of this but it’s not recommended if you are running a WordPress site.

You should make sure that “proxy_set_header X-Forwarded-Ssl on” is definitely included in your virtual.conf file, otherwise you will run into redirection loop problems.