The original post: /r/nginx by /u/bagelwoof on 2024-07-24 02:42:08.
I have two questions. First question:
I have an instance of NGINX running on a PI that I’m using to reverse proxy lots of things that are running on a variety of different bits and pieces of computer hardware…
I would like to have the connections between NGINX and whatever it’s proxying be over https (TLS?) but I’m not sure how to do that.
I think I need to
- set up a minimal CA/PKI
- install and trust the root CA cert on the NGINX host
- Issue certs for each of the hosts using my root/CA cert
- install the host certs on the actual hosts
Is that right? If not, how should I do this?
Second question:
I feel really dumb not knowing if I should be asking about upstream or downstream in this question… I think if I knew the answer to this question, I could do the usual search engine tap dance and have usable answers. I admint that I’m totally cosplaying a sysadmin.
say I have The Internets -> My Router -> NGINX -> A Thing on a Pi
from the perspective of NGINX, is my thing on a Pi upstream or downstream? Assuming all the users are somewhere toward the Internet?
Thanks!