I'm doing a proxy_pass in nginx on port 80 to 8000 on my remote server, and then a port forward from 8000 to 80 from the remote to my localhost. This works great, but I'd also like to do it with https but it seems like nginx needs a valid cert to pass the traffic on.
Is there a way for my remote server to simply forward the trafic from port 443 to say 8443 (and then I'll forward remote 8443 to local 443). Then terminate ssl on my development machine instead instead of needing to do it on the remote server?
While nginx probably has a third-party module to deal with raw TCP connections, I'm pretty sure that by default everything has to be either HTTP or terminated HTTPS. I think in your situation I'd do port forwarding at the network level:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443You could just let nginx handle the SSL and forward to the port 8000 on the backend server. The means nginx is the SSL enpoint and there is no SSL between nginx and the backend.
Probably the best option is to do as @cperrin88 says. But if you really do not want to decrypt https on your nginx you could just forward this as TCP traffic and then decrypt it later on backend.
Nginx does not support TCP proxy by default, but you could use this module nginx_tcp_proxy_module
If you simply want to pass the TCP traffic, HAProxy is a good candidate. Easy to install and simple configuration. HAProxy can load balance TCP as well as HTTP traffic.
This write-up for HTTP traffic on Ubuntu should get you started. Change the mode to TCP for load balancing raw TCP.