29

my nginx server is actually proxying my node backend (which listens on port 3000) with a simple:

location /api/ {
proxy_pass http://upstream_1;
}

Where upstream_1 is my node cluster defined in nginx.conf (on port 3000).

I'm gonna have to add SSL over http connections, so I have the following question: do I only need to configure nginx to enable ssl? And it will automatically "uncrypt" the request and pass it uncrypted to Node which will be able to handle it normally? Or do I need to configure Nodejs to support ssl as well?

Cœur
  • 37,241
  • 25
  • 195
  • 267
spacenick
  • 1,171
  • 3
  • 14
  • 19

1 Answers1

77

If you're using nginx to handle SSL, then your node server will just be using http. 

    upstream nodejs { 
          server 127.0.0.1:4545 max_fails=0; 
    } 

   server { 
      listen 443; 
      ssl    on; 
      ssl_certificate    newlocalhost.crt; 
      ssl_certificate_key     newlocalhost.key; 
      server_name nodejs.newlocalhost.com; 

      add_header Strict-Transport-Security max-age=500; 

      location / { 
        proxy_pass  http://nodejs; 
        proxy_redirect off; 
        proxy_set_header Host $host ; 
        proxy_set_header X-Real-IP $remote_addr ; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ; 
        proxy_set_header X-Forwarded-Proto https; 
      } 
   }
Bill
  • 25,119
  • 8
  • 94
  • 125
  • Thanks for the quick answer Bill! So I guess it's okay? Since I guess it's not that easy to spoof proxying from nginx to node ? – spacenick Apr 29 '12 at 21:49
  • Yes, this is actually the recommended setup. Nginx should be on the same machine as the node server or communicate to the node server via an internal IP so there would be now way to spoof it. – Bill Apr 29 '12 at 21:55
  • I always get a connection refused error with this when trying to access over https! I am using a internal ip (private networking) to proxy to node server but I guess that shouldn't be a problem. – beNerd Apr 14 '16 at 03:59
  • 1
    Can you advise please how X-XSRF-TOKEN can be sent when using HTTPS? – user2814599 Mar 01 '17 at 15:37