nginx proxy_pass to https

So I would like to proxy_pass requests to an https backend server, however, every time I try to reload nginx server with https:// configured backend I get the following error:

nginx: [emerg] https protocol requires SSL support

This is the nginx config

server{

    listen 8080;

    root /opt/nginx_1.17.0/nginx_ok/html;
    server_name www.frontedndomain.com;

    index index.php index.html;

            location /health-monitor/ {
                    add_header Custom-Header test;
            }

            location ~* ^\/([a-z][a-z]\/)?abc\/?(.*)? {
                    error_log /opt/nginx_1.17.0/nginx_ok/logs/proxy_error.log;
                    add_header X-query-string $is_args$query_string;
                    resolver 0.0.0.0;
                    resolver_timeout 15s;
                    proxy_pass https://backenddomain.com;
                    proxy_ssl on;
                    proxy_http_version 1.1;
                    proxy_set_header Accept-Encoding "";
                    proxy_set_header Cache-Control no-cache;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection 'upgrade';
                    proxy_set_header X-Real-IP $remote_addr;
                    subs_filter_types *;
           }
    }

Originally I've built nginx for source and this is the output of nginx -V

nginx version: nginx/1.16.0 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) configure arguments: --prefix=/opt/nginx_1.17.0/nginx_ok/ --sbin-path=/opt/nginx_1.17.0/nginx_ok/sbin/nginx --with-openssl=/opt/nginx_1.17.0/openssl-1.1.1c/ --add-module=/opt/nginx_1.17.0/ngx_http_substitutions_filter_module/ --with-zlib=/opt/nginx_1.17.0/zlib-1.2.11/

Can someone please outline what I'm missing from this config please. I would like to also forward a query string to the backend.


The issue was resolved by adding the following directive

proxy_ssl_server_name on;

This allowed for the request to be handled by the server specified in the certificate's SNI at the upstream endpoint.


You are listening on a port 8080 with no SSL (http) and trying to proxy to an SSL enabled host on port 443 (https). if this worked it would essentially make encryption pointless as it would be encrypted only on your end and not while the packets are in transit to your client. The solution is to make sure you have certificates installed and ssl enabled for the port in question and that any proxy_pass does not forward from non-ssl enabled ports to ssl enabled ones.


I had the same problem because my DNS host provider has https and I dont need to encrypt my connection 2 times, as it would be slower.

It worked for me as follows:

  upstream backend {
        server node_socket1:3000 weight=10 max_fails=3 fail_timeout=30s;
        server node_socket2:3000 weight=10 max_fails=3 fail_timeout=30s;
  }

  server {
        listen 80;
        server_name 0.0.0.0;
        root  /var/www/public;

        location / {
              try_files $uri $uri/ https://backend;
        }

        location /socket.io/ {
              proxy_http_version    1.1;
              proxy_redirect        off;
              proxy_set_header      Upgrade $http_upgrade;
              proxy_set_header      Connection "upgrade";
              proxy_set_header      Host $host;
              proxy_set_header      X-Real-IP        $remote_addr;
              proxy_set_header      X-Forwarded-For  $proxy_add_x_forwarded_for;
              proxy_set_header      X-NginX-Proxy    true;
              proxy_pass            https://backend/socket.io/;
        }
  }