Skip to content

SSL Termination with NGINX for Martini Server Runtime

NGINX is a powerful web server and reverse proxy that can effectively handle SSL termination. By integrating Nginx with the Martini Server Runtime, you can ensure that HTTPS requests are securely processed and forwarded to your backend application. This configuration allows for efficient management of SSL certificates while enhancing the security of your web applications.

Prerequisites

  • NGINX: Ensure you have NGINX installed on your server.
  • SSL Certificate: Obtain an SSL certificate for your-domain.com. You can use Let's Encrypt for free certificates.

Configuration

Assuming you have NGINX installed and have your DNS configured you may follow the steps below to configure SSL Termination. Make sure to replace placeholders your-domain.com to your actual domain name.

1. Create a NGINX config

Open the Nginx configuration file or create a new one for your domain:

1
sudo nano /etc/nginx/conf.d/your-domain.com.conf

2. Add the following configuration to handle SSL termination and reverse proxy to Martini Server Runtime

This configuration assumes Martini Server Runtime is running on the same machine and using the default port localhost:8080 if not replace proxy_pass to your Martini Server Runtime desired destination. Update the paths for ssl_certificate and ssl_certificate_key with the correct file paths.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
server {
    listen 443 ssl;
    server_name your-domain.com;  # Replace with your domain

    ssl_certificate /path/to/your/fullchain.pem;  # Path to your SSL certificate
    ssl_certificate_key /path/to/your/privkey.pem;  # Path to your private key

    location / {
        proxy_pass http://localhost:8080;  # Forward requests to Martini Server Runtime
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 80;
    server_name your-domain.com;  # Replace with your domain
    return 301 https://$host$request_uri;  # Redirect HTTP to HTTPS
}

3. Test the configuration

Run the following command to check for syntax errors:

1
sudo nginx -t

4. Restart Nginx

If there are no errors, restart Nginx to apply the changes:

1
sudo systemctl restart nginx

5. Start Martini Runtime

If Martini Runtime is not already running, start it.

6. Verify

Visit https://your-domain.com in your web browser to verify that your configuration is working.

Additional Security Settings

You may want to add some security headers or tweak your SSL settings. Here’s a basic example:

1
2
3
4
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";

To know more about headers refer to NGINX documentation: Proxy Response Headers