Nginx - SSL Proxy configuration

For a project at work I had to setup a SSL Proxy with nginx, because one of our old weblogic server can’t manage SHA2 certificates and we can’t update now. We decided to make it talk to a SSL Proxy and here is the code of the nginx.conf acting as such. It makes use of Nginx module http_proxy.

As a little reminder we had a situation like this :

serverA (client certificate) -> webservice (HTTPS / server certificate)

and we want to reach the following situation

serverA -> nginx (client certificate) -> webservice (HTTPS / server certificate)

server {
    listen       80;
    server_name  serverA.ip;

    access_log  logs/access.log  main;

    location / {
        proxy_pass https://my.web.service:443/;
        proxy_ssl_certificate /opt/nginx/conf/certs/cert-client.pem;
        proxy_ssl_certificate_key /opt/nginx/conf/certs/key-client.pem;
        proxy_ssl_verify on;
        proxy_ssl_verify_depth 3; (you might need to adapt this to your CA chain, mine has 3 levels of certification)
        proxy_ssl_session_reuse off;
        proxy_ssl_trusted_certificate /opt/nginx/conf/certs/ca.pem;

After that you need to setup your serverA to reach nginx:80 instead of webservice:443. And there’s no need for client certificate on serverA anymore.