Nginx reverse proxy without SSL termination

Goez asked:

I’m trying to set up Microsoft Remote Desktop Web Services on a Windows 2k12 server. This is fully functional, however I would like (need to) put a reverse proxy (Nginx) in front of it.

I only have 1 external ip (fixed) and I am hosting multiple websites behind it, not all on the same VM. I managed to get Nginx working as a reverse proxy for both HTTP as HTTPS traffic, with vhosts. However, for the remote desktop services, the SSL offloading gives me issues when launching the application. So I would like to pass traffic trough the Nginx server, without SSL offloading and have the Windows server do all the SSL stuff. It seems that even without entering “ssl on;” Nginx puts a certificate from another vhost on the server section of the RD Web. I don’t have something like a “default” block anywhere in my configuration.

Here is a little ‘sketch’ of how the setup looks like:

                                                           -- |server 1 HTTP|
|internet user| -- |Nginx Rev Proxy listening on port 443| -- |windows server|
                                                           -- |server 2 HTTP|

Below is the configuration file that I have (for the RD Web):

server {
        listen 443;

        access_log /var/log/nginx/;

        location / {
                proxy_set_header        Host $host;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $scheme;
                proxy_pass    ;


I already tried to have the Windows server accept plain HTTP but this once again gives issues with the remote desktop applications. I can get as far as logging in and there it stops.
I already mentioned it before, but when I forward port 443 on my firewall towards the windows server the remote desktop connections work without issues, so that doesn’t seem to be the problem.

Any help here would be greatly appreciated. I’m new to Nginx and its configuration (always used apache in the past).

My answer:

nginx can’t pass through SSL without terminating it. Use haproxy in front of nginx, which is capable of this (at least version 1.5), to proxy the RD Web traffic to your terminal server, and everything else to nginx.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.