Enable ngnix as a reverse proxy with ACME support

2024-12-01

Ngnix is my preffered reverse proxy. I use it both in k8s clusters as an ingress controller, as well on old school servers. As a reverse proxy, it can be used to route traffic to different services running on the same machine. It can also be used to terminate TLS connections and handle TLS certificates.

As I'm tinkering with NixOS I wanted to create a simple Nginx configuration that would allow me to route traffic to different services running on the same machine. I also wanted to use Let's Encrypt to automatically generate and renew TLS certificates.

This, as so many other things on NixOS, proved to be really simple. Below you can find a simple example of how to configure Nginx as a reverse proxy with ACME support.

Nginx configuration

From this servers configuration.nix

security.acme.acceptTerms = true;
  security.acme.certs = {
    "nix-ish.xyz".email = "alexander@holte-davidsen.no";
  };
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."nix-ish.xyz" =  {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:3030";
        proxyWebsockets = false;
        extraConfig =
          "proxy_ssl_server_name on;" +
          "proxy_pass_header Authorization;"
          ;
      };
    };
  };