0

I have a "main" Nginx instance, that i configure manually. This one faces the internet on my home connection. It has some https sites configured that i consider important for me.

Then i have another "playground" Nginx instance that is configured by an nginx-proxy-manager. This one runs in a docker, and contains some stuff i play around with, or some other not critical applications.

My questions is now:

Can i configure the main Nginx, to serve some https sites it has certificates for, but proxy all the unknown https connections to the "playground" one, it does not have any config for? I think i would like to combine ssl hosting and stream somehow.

Currently, with this setup, only http works, since i have a default route that just proxy to the playground one.

enthus1ast
  • 121
  • 3
  • Off topic here, but you need valid SSL certificates for all domains you want to redirect. – Gerald Schneider Aug 10 '22 at 10:19
  • This is the main issue i have. For the important sites (served by the main nginx) i have lets encrypt certs. For the playground one, i would like to hand over all the nitty gritty to the nginx-proxy-manager (which can aquire certs from lets encrypt automatically). I hoped, nginx can somehow do this: if it has a cert for this one https, it encrypt it, serve it, etc... if it has no cert, forward to the playground nginx – enthus1ast Aug 10 '22 at 10:20
  • Nevertheless, your playground at home is off topic for this site. – Gerald Schneider Aug 10 '22 at 10:23
  • If this setup proves to work, i will also use it in a university environment. I usually test this kind of stuff at home, since i pretty much have an "corporate network" at home. – enthus1ast Aug 10 '22 at 11:14
  • To proxy https you either need the certificates of the target sites on the proxy itself OR use TCP proxying which means that http termination will happen in the target server that (hopefully) has the correct certificate. If the sites all belong to the same domain you can use the same wildcard certificate for all of them on the proxy. If not then the issue is that you need to "mix" http listening and tcp proxying on the same port which I think is not possible :) – ttsakpc Aug 10 '22 at 12:36

0 Answers0