Search code examples

With NGINX upstreams, is it possible to proxy pass to both HTTP and HTTPS backends in the same upstream?

Suppose I want to proxy some portion of my traffic to a remote backend instead of the local listener on the server. For example:

upstream backends {
    server weight=20;  # local process (HTTP)
    server;  # remote server (HTTPS)

location / {
    # ...other stuff...
    proxy_pass http://backends;

In the above configuration, every 20 or so requests NGINX will try to route to which is only listening for SSL.

Is there a way for the upstream to define its own protocol scheme? Right now this seems undoable without changing the local listener process to be SSL as well (which is a less than desirable change to make).



  • As is the usual case, I've figured out my own problem and its quite obvious. If you're trying to accomplish the above the trick is quite simple.

    1. First create a new NGINX Virtual Host that listens on HTTP and proxy_passes to your remote HTTPS backend like so:


    upstream remote {
    server {
            listen 8181;
            server_name my_original_server_name;
            location / {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_pass https://remote;
    1. You can now use just http for your upstreams in the original configuration listening on 443:


    upstream backends {
        server weight=20;  # local process (HTTP)
        server # local nginx proxying to HTTPS remote
    location / {
        # ...other stuff...
        proxy_pass http://backends;

    Now just enable your new site and restart $ ln -s /etc/nginx/sites-available/remote_proxy /etc/nginx/sites-enabled/ && systemctl restart nginx