Enable proxy_ssl_server_name for Nginx HTTPS Backends

📖 1 minute read

Proxying to an HTTPS backend in Nginx? Don’t forget this one directive:

location / {
    proxy_pass https://backend.example.com;
    proxy_ssl_server_name on;  # This one
}

Why it matters: modern web servers host multiple SSL sites on one IP using SNI (Server Name Indication). When your Nginx proxy connects to https://backend.example.com, it needs to tell the backend “I want the cert for backend.example.com.”

Without proxy_ssl_server_name on, Nginx doesn’t send the SNI header. The backend doesn’t know which SSL cert to use, and you get connection failures or wrong cert errors.

When you need it:

Proxying to Cloudflare-backed sites
Proxying to shared hosting
Any backend with multiple domains on one IP

Think of it like calling a company with multiple departments — you need to tell the receptionist which one you want, not just dial the main number.

Daryle De Silva

VP of Technology

11+ years building and scaling web applications. Writing about what I learn in the trenches.

Enable proxy_ssl_server_name for Nginx HTTPS Backends

Daryle De Silva

Comments

Leave a Reply Cancel reply

More posts

Code Archaeology: How to Reverse-Engineer a Complex Operation

Per-Step Try/Catch: Don’t Let One Bad Record Kill Your Entire Batch

PR Descriptions: Describe the Final State, Not the Journey

Add Optional Parameters Instead of Creating New Methods

Enable proxy_ssl_server_name for Nginx HTTPS Backends

Daryle De Silva

Related Articles

Ollama num_ctx: Why Setting It Higher Than the Model Supports Backfires

Branch From the Right Base When Stacking PRs

Check If the Binary Exists Before Installing It in Docker

Comments

Leave a Reply Cancel reply

More posts

Code Archaeology: How to Reverse-Engineer a Complex Operation

Per-Step Try/Catch: Don’t Let One Bad Record Kill Your Entire Batch

PR Descriptions: Describe the Final State, Not the Journey

Add Optional Parameters Instead of Creating New Methods