Use Reverse Proxy on NGINX for Wildcard SSL on Separate Server

November 23, 2018

Is it possible to use the NGINX reverse proxy, only for SSL certification?

e.g. devconfluence6.mycompany.com > redir to proxy.mycompany.com (SSL) > (NON SSL) http://devconfluence6.mycompany.com:8090

Where the user will see devconfluence6.mycompany.com - which would be secure to the proxy, but plaintext between proxy and the confluence server?

Currently it works from proxy.mycompany.com - which redirects me to devconfluence6.mycompany.com, and displays proxy.mycompany.com in the browser.

My Confluence Connector:

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
 maxThreads="48" minSpareThreads="10"
 enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
 protocol="org.apache.coyote.http11.Http11NioProtocol"
 scheme="https" proxyName="devconfluence6.mycompany.com" proxyPort="443"/>

NGINX Config:

server {
 # SSL configuration
 #
 listen 443 ssl;
 server_name devconfluence6.mycompany.com;

#ssl on;
 ssl_certificate /etc/ssl/certs/wildcard.mycompany.com.crt;
 ssl_certificate_key /etc/ssl/private/wildcard.mycompany.com.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
 ssl_prefer_server_ciphers on;

location / {
 client_max_body_size 100m;
 proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-Server $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_pass http://devconfluence6.mycompany.com:8090;
 }
 location /synchrony {
 proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-Server $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_pass http://devconfluence6.mycompany.com:8091/synchrony;
 proxy_http_version 1.1;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "Upgrade";
 }
}

 Thanks in advance!

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Use Reverse Proxy on NGINX for Wildcard SSL on Separate Server

1 answer

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events