Setting up NGINX as a reverse proxy for Nakivo

I wanted to setup NGINX as a reverse proxy for Nakivo backup so I could install a custom SSL certificate. I don't know Tomcat well enough (or at all) to set it up via that, so I decided on NGINX.

First things first, you'll need to comment out the port 80 redirect from the Tomcat install at /opt/nakvio/director/tomcat/conf/server-linux.xml and comment out lines:

<Connector executor="tomcatThreadPool" port="80"
 protocol="org.apache.coyote.http11.Http11NioProtocol" pollerThreadCount="1" oomParachute="1024"
 connectionTimeout="2000" redirectPort="${webui.port}" URIEncoding="UTF-8"
 useBodyEncodingForURI="true"/>

Now restart the service or reboot your server.

Edit your NGINX server block

server {
    listen 80;
    server_name localhost;
    return 301 https://bluethroat.ibex.com; # or whatever your machines DNS name is
}
server {
    listen 443;
    server_name localhost;
root html;
    index index.html index.htm;
    ssl on;
    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;
    ssl_session_timeout 5m;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass https://bluethroat:4443; # localhost does not work so you'll have to set this to whatever your machines name is or IP address
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Client-Verify SUCCESS;
        proxy_set_header X-Client-DN $ssl_client_s_dn;
        proxy_set_header X-SSL-Subject $ssl_client_s_dn;
        proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
        proxy_read_timeout 1800;
        proxy_connect_timeout 1800;
    }
}