HTTPS Proxy

Quick steps on how to setup a local NGINX proxy with self-signed certificate.

Create self-signed cert

» openssl genpkey -algorithm RSA -out yourdomain.com.key
» openssl req -new -key yourdomain.com.key -out yourdomain.com.csr
» openssl x509 -req -days 365 -in yourdomain.com.csr -signkey yourdomain.com.key -out yourdomain.com.crt

Create proxy site

» sudo vim /etc/nginx/sites-available/yourdomain.com
server {
    listen 7575 ssl;
    server_name yourdomain.com;

    ssl_certificate /home/void/cert/yourdomain.com.crt;
    ssl_certificate_key /home/void/cert/yourdomain.com.key;

    location / {
        proxy_pass http://127.0.0.1:4488;  # Forward to local HTTP server
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

» sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled

Test and run

» sudo nginx -t
» sudo systemctl restart nginx

Debug

» curl -v https://yourdomain.com
» sudo tail -f /var/log/nginx/access.log /var/log/nginx/error.log
» sudo tcpdump -i lo port 80

All incoming traffic to https://yourdomain.com:7575 should now be forwarded to http://127.0.0.1:4488.