> The vendor recommended me to use a reverse proxy....
Ideally the vendor should have a working config in that case, but, I do see a few things that can be an issue.
You’re serving https but proxying to an http backend – depending on how the software works, a lot of the reverse URLs that is sent back, might be linking to http:// instead of https://
This in itself can break a lot of functionality, you might want to try to proxy to an https backend – this might require that you create a self-signed certificate on the backend (can be valid for 10 years) – the backend
software itself, if it has a way to enable “https”, you’d have to set this as well.
I also recommend removing the / (slash) in the end of the proxy_pass, this will pass through the request URI from the client, as per documentation:
> If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing
the changed URI
I personally prefer the $request_uri one because it’s very clear exactly what it does.
> I think I read somewhere that nginx would connect unencrypted to the backend, and do the encryption / decryption, is this wrong then?
Nginx will connect the way you’ve told it to connect, if you’re connecting to a http backend, it will do plain communication over http – if you’re connecting to a https backend, it will establish a secure connection with
the backend, and decrypt the response before encrypting it again when going to the client.
> It works on some of my other domains, so is this just an exeption?
> What I really ask is this: Should I change my other domains also, or should I kepp them as they are as long as they work?
I would change it for consistency across your configs, but that’s my opinion – if it works then it’s all OK anyway, I don’t know the specific case when it will and will not work – so I by default set $request_uri because
it works in 99% of the cases, and I’ll only modify it if another behaviour is required.