Using nginx to proxy HTTPS to local non HTTPS servers

README.md

An nginx configuration that can be added to your /etc/nginx/sites-enabled directory to proxy from the local nginx server through to other servers running on other ports. Primarily this is useful when you want to view a site using HTTPS but don't want to associate the certificate with that local server.

The following proxys work:

http://localhost/ => http://localhost:9966/
https://localhost/ => http://localhost:9966/

https://localhost/<port>/ => http://localhost:<port>/
https://localhost/<port>/ => http://localhost:<port>/

proxy.conf

server {
  listen 80;
  server_name localhost;

  index index.html index.htm;

  location ~ ^/(?<fwdport>\d+)/(?<fwdpath>.*)$ {
    proxy_pass http://127.0.0.1:$fwdport/$fwdpath;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  location / {
    proxy_pass http://127.0.0.1:9966/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
}

server {
  listen 443;
  server_name localhost;

  index index.html index.htm;

  ssl on;
  ssl_certificate server.crt;
  ssl_certificate_key server.key;

  ssl_session_timeout 5m;

  ssl_protocols SSLv3 TLSv1;
  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
  ssl_prefer_server_ciphers on;

  location ~ ^/(?<fwdport>\d+)/(?<fwdpath>.*)$ {
    proxy_pass http://127.0.0.1:$fwdport/$fwdpath;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";	 
  }

  location / {
    proxy_pass http://127.0.0.1:9966/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
}