Installing and Setting Up NGINX on Windows as an HTTPS Reverse Proxy

NGINX, a fast and lightweight web server, can be used on Windows as an HTTPS reverse proxy. This setup is particularly useful for an On-Premise Connector because it allows you to securely expose internal services to the internet.

This guide outlines the steps to configure Nginx on a Windows system to act as an HTTPS reverse proxy for an OPC server. This setup enhances security by enabling encrypted communication between clients and the OPC server.

How it Works

Nginx handles SSL/TLS encryption, receives incoming HTTPS requests, and forwards them to the On-Premise Connector. It can also modify request headers and buffer responses, improving performance and security. This configuration helps to protect your internal services by hiding their direct IP addresses and managing traffic flow.

Prerequisites

• A Windows server.

• SSL certificates (server certificate and private key).

• OPC server running on http://127.0.0.1:28767 (or the appropriate address and port).

Overview

• Step 1: Download Nginx for Windows

• Step 2: Install Nginx as a Windows Service

• Step 3: Copy your SSL Certificates

• Step 4: Configure Nginx as HTTPS Reverse Proxy

• Step 5: Test and Start Nginx

• Step 6: Verify Configuration

Step 1: Download Nginx for Windows

1. Visit the official Nginx website: http://nginx.org/en/download.html

2. Under Stable version, download the Windows version (typically named "nginx/Windows-x.x.x" where x.x.x is the version number).

3. Extract the zip file to a location of your choice (e.g., C:\nginx).

Step 2: Install Nginx as a Windows Service (Optional but Recommended)

1. Download and install the NSSM (Non-Sucking Service Manager): https://nssm.cc/download

2. Open a Command Prompt as Administrator.

3. Navigate to the NSSM installation directory.

4. Run: nssm install nginx

5. In the NSSM dialog:

   • Set the Path to the nginx.exe file in your Nginx directory.

   • Set the Startup Directory to your Nginx directory.

   • Click Install service.

Step 3: Copy your SSL Certificates

Create C:\nginx\conf\ssl folder and copy your SSL certificates (e.g., server.crt and server.key) into a folder inside the Nginx directory, such as C:\nginx\conf\ssl, and update your configuration accordingly.

Step 4: Configure Nginx as HTTPS Reverse Proxy

1. Open C:\nginx\conf\nginx.conf in a text editor.

2. Replace the contents with:

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile      on;
    keepalive_timeout  65;

    # HTTPS server
    server {
        listen       443 ssl;
        server_name  localhost; # Replace with your domain name

        ssl_certificate      ssl/server.crt;
        ssl_certificate_key  ssl/server.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;

        location / {
            proxy_pass http://127.0.0.1:28767;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

Step 5: Test and Start Nginx

Kindly open the Command Prompt as an administrator and execute the following commands

1. Test your configuration:

   cd C:\nginx
   nginx -t

2. Start Nginx:

   net start nginx

Step 6: Verify Configuration

1. Open a web browser and navigate to https://<your-domain>.

2. Ensure that the domain you are using is correctly pointed to the server's IP address.

3. If DNS records are not available or not updated yet, you can manually add a hosts entry on your local machine for testing purposes:

   • Open C:\Windows\System32\drivers\etc\hosts in a text editor as Administrator.

   • Add a line like:

     127.0.0.1 your-domain.com

4. You should see the content served from your upstream server on port 28767.

5. Since a valid SSL certificate is used, the browser should show a secure connection without any warnings.

Troubleshooting

• If Nginx fails to start, check the error logs at C:\nginx\logs\error.log.

• If the connection to the upstream server fails, verify that it's running on port 28767.

• For SSL certificate issues, ensure the paths in the configuration match your certificate locations.