Nginx configuration will be created inside /etc/nginx/conf.d

Assume is the Domain and is the backend URL.

First we need to create Configuration for each domain.

cd     /etc/nginx/conf.d


Add Below Content for Proxypass:

server {

    listen     80;


 location / {




Above is the simple configuration for Proxy_pass without SSL.

After adding configuration we need to check the configuration is correct .

You can test it with nginx -t .If everything is fine . Then we can reload nginx via service nginx reload

Domain with SSL and Reverse Proxy


Before you generate a Certificate Signing Request (CSR) file, there are several things you should take note of:

  • Private Key (*.key) file you will generate must always be kept secret and kept safe.
  • To remain secure, SSL certificates must use keys that are 2048-bits in length or greater.
  • Remember to include the Subject Alternate Name (SAN) field – FQDN and Email.
  • Only share the generated CSR file (extension *.txt or *.csr); do not share the Private Key (*.key) file with anyone.

To Create SSL certificate, We need to create CSR certificate and request to Remedyforce Self Service for SSL certificate.

You can find 2 files in /home/ubuntu for SSL Setup and req.conf

  1. Install OpenSSL on Server. It will be already installed .

Install openssl by entering the following commands in the terminal:

sudo apt update

sudo apt install openssl

Openssl will be already installed

  1. You can see req.conf in /home/ubuntu


distinguished_name = req_distinguished_name

req_extensions = v3_req

prompt = no


C = BE

ST = Brussels

L = Brussels

O = Solvay


CN =

emailAddress =


keyUsage = keyEncipherment, dataEncipherment

extendedKeyUsage = serverAuth

subjectAltName = @alt_names


DNS.1 =

  1. Replace both instances of with the actual Fully Qualified Domain Name (FQDN) of your Web Application;
  2. Replace the instances of with the emails of the persons or shared mailbox to receive crucial information (e.g. notifications about expiry) about the certificate.

           Save the changes.

3.            Run the following command to generate Public Key and CSR file:

openssl req -new -out -newkey rsa:2048 -nodes -sha256 -keyout -config req.conf

4. Login to Remedy and Request for SSL certificate with created CSR 

Login to Remedy 

Click on Remedyforce Self Service 

Click Authentication -PKI – Issue Web Authentication Certificate.

Fill Application name , Fully Qualified Domain name as Our Domain name and Attatch CSR certificate.

Once it done , You will get SSL certificate as Email

Assume We have created CSR for Once we request we can keep both Private Key and Certificate inside folder  /etc/ssl/

Here it will be  /etc/ssl/

Both Private Key and Certificate Key we need to Keep inside  /etc/ssl/

As and

So, Now We SSL certificate for the Setup.

server {

listen 80;


 location / {




server {

listen 443 ssl;


ssl_certificate          /etc/ssl/;

ssl_certificate_key     /etc/ssl/;

ssl_session_cache       builtin:1000 shared:SSL:10m;

ssl_protocols           TLSv1.2 TLSv1.3;


ssl_ecdh_curve secp384r1;

ssl_prefer_server_ciphers   on;

large_client_header_buffers 8 1024k;

location / {

   access_log on;

   proxy_pass;   }


Once Configuration added , test configuration with nginx -t.

If it’s successful.

Reload nginx via service nginx reload

Leave a Reply

Your email address will not be published. Required fields are marked *