Search This Blog

Friday, June 7, 2013

Windows - set up SSL/HTTPS reverse proxy using NGINX; Wrap HTTP traffic in SSL tunnel layer

Our main goal is to secure traffic that would normally go in an unsecured HTTP channel with SSL tunnel. To do that you need to buy an SSL certificate - you need to have private as well as public key for that certificate.

This means that we want to call address:  and have that browser call transfered to our unsecured HTTP server WRAPPED in SSL tunnel.

First download NGINX Windows-1.4.1 from:
(Remember to choose the stable version, as the Windows-1.5.1 crashes often on Windows XP SP3)

After successful installation of the nginx, you can start the balancer with:

start nginx

and shut it down with:

nginx -s stop

from the main directory of nginx (that's where nginx.exe resides).

The most important parts of the config file (nginx.conf) are:

ssl_certificate      ssl/companypub.pem;
ssl_certificate_key  ssl/companypriv.key;

Both certificates are in PEM format. This configuration listens an all interfaces on port 443 and tunnels the traffic to its local HTTP server on port 80 (port 80 can be ignored in this case as it is the default port nginx would forward to).

You can download the configuration file along with sample certificate files here.


  1. Tried this but I get this message in error.log and nginx quits. [alert] 16916#7728: the event "ngx_master_16916" was not signaled for 5s

    1. Sorry, didn't see the "Reply" link...

      Just in case you miss my separate comment, try removing any password associated with ssl_certificate_key.

  2. @Harley Do you have a password protecting your ssl_certificate_key? If so, remove the password and try again.

    1. No. I didn't have the password. That's not the solution unfortunately.

  3. Great write-up, I am a big believer in commenting on blogs to inform the blog writers Microleaves know that they’ve added something worthwhile to the world wide web!..


If you like this post, please leave a comment :)