Last Updated: February 25, 2016
·
1.077K
· cfeduke

Java+nginx getting around self-signed certs

I encountered a Nexus server over HTTPS that had a self-signed certificate and the certificate wasn't even for the specified public name. I got around it with the following nginx reverse proxy configuration:

server {
       listen 80; 
       server_name _;

       location / { 
       proxy_pass https://nexus.somedomain.com;
       proxy_set_header Host nexus.somedomain.com;
       proxy_redirect https://nexus.somedomain.com/ http://$host:$server_port/;
       proxy_pass_header WWW-Authenticate;   
       }   
   }   

I then installed Sonatype Nexus and pointed to the remote repositories using http://localhost/... and specifying the digest authentication parameters. Problem solved and the entire dev team won't have to add the self signed certificate as a trusted root in their $JAVA_HOME.