nginx as reverse proxy for macOS Server's apache

Question

I want to use nginx on macOS as reverse proxy for server's apache. I managed default macOS Server's apache to run on ports 4780 for HTTP and 47443 for HTTPS. Config is located here: /Library/Server/Web/Config/Proxy/apache_serviceproxy.conf

Now nginx's part: I want nginx to proxy Server's apache on subdomain server.example.com.

For HTTP it works like charm but HTTPS is problem as certificate is in apache, not in nginx...

HTTP config:

server {
    listen       80;
    listen       [::]:80;

    server_name  server.example.com;

    #charset koi8-r;
    access_log /logs/server.access.log main;
    error_log /logs/server.error.log error;

    location / {
        proxy_pass http://localhost:4780;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

HTTPS config:

server {
    listen       443;
    listen       [::]:443;

    server_name  server.example.com;

    #charset koi8-r;
    access_log /logs/server.access.log main;
    error_log /logs/server.error.log error;

    location / {
        proxy_pass https://localhost:47443;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

For HTTP it works, but for HTTPS not: Safari can't establish a secure connection to the server

How can it be done?

Forget to say that both direct access to `http://localhost:4780/` and `https://localhost:47443/` works — Martin, Oct 07 '17 at 11:46
Default location of certificates generated by macOS Server app is `/etc/certificates/$hostname_of_your_server $id .pem` and PEM pass can be retrived from keychain like this: https://web.stanford.edu/group/macosxsig/blog/2010/08/retrieving-the-password-for-se.html — Martin, Oct 08 '17 at 15:37

score 0 · Accepted Answer · answered Oct 07 '17 at 12:33

Add the following two lines below server_name in your HTTPS config:

ssl_certificate /path/to/your/certificate_file;
ssl_certificate_key /path/to/your/private_key_file;

and add ssl option in listen directive.

Your config will look like this:

server {
    listen       443 ssl;
    listen       [::]:443 ssl;

    server_name  server.example.com;
    ssl_certificate /path/to/your/certificate_file;
    ssl_certificate_key /path/to/your/private_key_file;

    #charset koi8-r;
    access_log /logs/server.access.log main;
    error_log /logs/server.error.log error;

    location / {
        proxy_pass https://localhost:47443;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

nginx as reverse proxy for macOS Server's apache

1 Answers1