Nginx transparent reverse proxy for https and http to another server

Question

I have researched this for a while but the use cases that others have asked about are more complex/different to what I am trying to achieve.

I have Nginx serving pages on both ports 80 and 443 for site, say example1.com. It works fine serving http and https. I now have a second server on my internal network running Apache. This is for a second site called, say example2.com. I have a single wan ip address with the A records of both sites pointing to it.

My router forwards ports 80 and 443 to the nginx server. I would like if Nginx could check if the request was for example1.com or example2.com and send example1.com, as now, to itself but just pass on all traffic for example2.com to the Apache server. As I have all the ssl certs properly set up on the example2.com Apache server, I am hoping that Nginx would just transparently pass on everything to Apache. I think I need proxy-pass. Do I also need to set up the same certs on Nginx or can it transparently pass all on to the apache server the same as if I had forwarded port 443 directly to it? A suggested config would be appreciated.

Answer 1

You simply need a new server block with the server_name set to the second domain and a proxy_pass in the location. If you need it to be https you can list either another certificate, or the same certificate if it has the correct alternate names. This is covered in the Nginx beginners guide.

server {
  server_name example.com;
  listen 80;
  listen 443 ssl http2;

  ssl_certificate /var/lib/acme/certs/xyz/fullchain;
  ssl_certificate_key /var/lib/acme/certs/xyz/privkey;

  # Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

  # This is a cache for SSL connections
  ssl_session_cache shared:SSL:5m;
  ssl_session_timeout 60m;

  location / {
    proxy_pass http://example.com;
  }
}