nginx - How to let the backend api handle https certificate?

Question

I'm new to nginx.

I have a machine, behind my router, that runs a server and handles correctly 80 and 443 request with Https.

Problem is that I want to host a second website on another device but I have only one IP address. I bought a raspberry pi zero to use it as a reverse proxy behind my router. I install nginx and want to redirect all the request to my other machines. Both the RPI 0 and the old machine have local IP.

To redirect requests from my router to RPI 0 and then to my old machine, I used proxy_pass. On port 80 everything works fine, but on port 443 I get a certificate error on my browser.

Is it possible to let the whole request go on the old machine and let the old machine handles the https certificate like before ? Or is it mandatory to have the certificate processed by nginx ?

Diagram of the old but functional installation

Current installation with certificate error

My configuration:

upstream backend_a {
    server 192.168.0.20:80;
}

upstream backend_a_s {
    server 192.168.0.20:443;
}

server {
    listen  80;
    server_name mydomain;

    location / {
        include proxy_params;
        proxy_pass http://backend_a;
    }
}

server {
    listen 443 ssl;
    server_name mydomain;

    location / {
        include proxy_params;
        proxy_pass https://backend_a_s;
    }
}

question from:https://stackoverflow.com/questions/65862779/how-to-let-the-backend-api-handle-https-certificate

Answer 1

I found a solution. I need to use port forwarding. To do this in nginx, I need to use stream keyword.

stream {
   server {
        listen 443;
        proxy_pass 192.168.0.20:443;
   }
}

The stream keyword need to be at the same level as http, so I needed to edit /etc/nginx/nginx.conf source. Other solution is to manually compile a version of nginx, with the parameter --with-stream source.