Secure TCP traffic to backend server with nginx

Question

I have a web-app consisting of front- and back-end services. I want to secure my front-end service with let's encrypt certificate, but then I have to use secured connection between front- and back-end. I have the back-end service served on a custom port. For securing back-end I want to use nginx to proxy my server. However, I am struggling to get it right. Here is my nginx configuration:

server {
    listen 8082;
    server_name ;

    ssl on;
    ssl_certificate           /etc/letsencrypt/live//fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live//privkey.pem;
    ssl_ciphers               HIGH:!aNULL:!MD5;
    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2 SSLv3;
    location / {
        proxy_pass http://0.0.0.0:8081;
    }
}

~~First, I just wanted to get it through, without ssl. But it does not work like this, nothing is served on 8082. If~~ it works, I thought I could use my letsencrypt certificates here, though I'm not sure, whether it is possible and I understand things correctly.

I would appreciate any help! Thanks a lot in advance!

Update

I figured out the problem was in iptables. After I added the port 8082 to them, it worked. What I don't understand, why I can connect to the port 8081, although it is not in the iptables.

However, now I get ERR_SSL_PROTOCOL_ERROR when I try https://my_domain:8082.

I also tried to add ssl to the listen directive, like listen 8082 ssl;. Then I get ERR_CONNECTION_RESET.

Daria · Accepted Answer

Just for the record. The problem was indeed in the directive listen. Adding

listen 8082 ssl;

and removing

ssl on;

solved it.

It is a mystery, why it didn't work and gave me ERR_CONNECTION_RESET before. Now it works.

Secure TCP traffic to backend server with nginx

Answers (2)

Related Questions