Existem alguns artigos sobre essa configuração aqui e here . Também usamos certificados SSL de cliente com Nginx e temos a seguinte configuração de trabalho com o redirecionamento http / https:
#config for upstream app servers (not aware of SSL)
upstream appcluster {
server X.X.X.1:8000;
server X.X.X.2:8000;
}
# http-to-https redirect
server {
listen 80;
server_name localhost;
return 301 https://$server_name$request_uri;
}
# resolves SSL & client SSL here
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate <path to cert.pem>;
ssl_certificate_key <path to cert.key>;
ssl_client_certificate <path to CA authority to resolve client ssl - this is ca.crt>;
ssl_verify_client on;
...
# after ssl resolution forward to upstream cluster
location /restService {
...
proxy_pass http://appcluster/restService;
}
}