1

I have multiple nodejs web application servers over HTTP and I need to certify the requests sent to those servers. I was thinking about using nginx as a proxy for the requests, certifying only the nginx server with an SSL certificate so that data/images sent back to the client are served over HTTPS.

This is the structure I thought about:

 +--- app1 ---> node.js on ip:10001 | client --> https --> nginx --> http --- app2 ---> node.js on ip:10002 | +--- app3 ---> node.js on ip:10003

My concern is about the response object from the proxied request. Webkit based browsers and Safari are warning me that my application is in HTTPS but serving content over HTTP (mixed content warning).

By certifying the proxy server, would my response to the client be validated as HTTPS or as HTTP?

My nginx proxy would have a certified subdomain like proxy.domain.com, so requests would be done, as an example, like "https://proxy.domain.com:10001". The request is done over HTTPS to the proxy, but the returned server content is over HTTP. How would the proxy enact on such returned contents?

Would it apply SSL encryption, hence sending back the resource like so: "https://proxy.domain.com:10001/resource.png"

Thanks in advance everyone

Improve this question
1
  • 1
    As far as I know, you can use the SSL cert stored on the NginX proxy server. But you have to pass the header as well, or something like that. Also another thing I've noticed about the browser security is that they often scream about a website if it is served as HTTPS but it contains links, picture URLs or anything else that is redirecting or pointing to any HTTP website. In these cases, your SSL cert will be broken and many browsers will show it as a broken SSL. At least this happened to me with earlier projects. Commented Nov 20, 2017 at 10:44

1 Answer 1

Reset to default
1

what you are trying is named as SSL termination. It is when the reverse proxy handles the SSL then forward the request to proxied server with HTTP protocol. So the client will have HTTPS connection but from reverse proxy (nginx) to proxied server(apache) will have HTTP connection. In nginx you do as follow :

server { listen 443 ssl; server_name www.example.com; ssl_certificate www.example.com.chained.crt; ssl_certificate_key www.example.com.key; location /{ proxy_pass http://upstream_name:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Scheme $scheme; } }

If you want to study it more you can use this official documentation from Nginx https://www.nginx.com/resources/admin-guide/nginx-ssl-termination/. For mixed content, I think I have same though to @Bert. It's maybe because in the HTML you still serving http protocol.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.