nginx Reverse proxy

You can use something like proxy_pass directive to pass along to your backend:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass

CloudFlare actually generates a WildCard for the domain that is setup with them.
Once you import your records into their DNS they handle it accordingly.

i already use it but when i redirect to backend server it's give error certificate name !
how they generate a certificate for my domain !
thanks.

Yes because you need to generate a wildcard ssl certificate. With a *.yourdomain.com as a CN field with OpenSSL.

you mean ineternal certificate form open ssl that is installed on nginx ?
how the configuration will be ? i dont want to show a certificate trust error on client side like a cloude flare.
thanks.

Your proxy should serve a wildcard ssl certificate.
https://www.digicert.com/csr-creation.htm

if my domain name example.com and i have wildcard ssl.
how the revers proxy will handle the example1.com with out have any cert on it and without any error.
cloud flare secuse my website without install any ssl on my server.
thanks.

CloudFlare takes over DNS for your domain name, this way they direct traffic for records that you activate the "orange cloud option". On their end they do generate a wildcard certificate to have the SSL connection going,.

ClouFlare SSL options are explained here:
https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-

Hello
i already know about thier option but how they gerate a certificate for my domain !
is there any way to do somting like them from my side for many domains ?
thanks.

The certificates you generate will not be trusted by a browser. You will need to have your WildCard certificate CSR signed by certification authority such as VeriSign, GeoTrust, and or DigiCert, which is not a FREE service. I have provided the link above how to generate a CSR based on your server NGINX.

Example. I have a domain: testing.com. I have delegated by DNS records (pointed by NS records to CloudFlare as requested). Now they have full control of my domain. I can control which records go through CloudFlare through their control panel under the "DNS" option. On a free tier plan, CloudFlare could generate a multiple WildCard and place multiple domains in the same certificate such as *.testing.com and *.anothersite.com. Since they control your DNS records, they technically have control of your domain and can issue the SSL certificates on your behalf. However, they would not do anything like since the reputation is important to them.

In summary, you need to generate a CSR and a Private key using openssl, submit it to a certification authority as mention above, pay the fee, receive a CRT back, install the private key and the CRT file on your NGINX server. Thats about the only way to do what you want. Aside note: If you want to have a free certificate you can use something like https://letsencrypt.org

hello,
sorry but i have some question to understand more.
first i will sign a certificate for nginx server domain name for lets encrypt. nginxdoamin.com
then i will point clientdoamin.com to nginxdomain.com ip
then ?
thanks.

1) generate certificate
2) sign it install on nginx
3) use DNS to point it to your proxy

generate from local open ssl ?
in this case the clientdomain.com will be appear as untrusted cert !
thanks.

Hello,
any update please ?
thanks.

Post the nginx.confn file.

i am wrote because i want it !

What do you mean? Post your basic nginx.conf and we can troubleshoot from there. Or you can start a Gigs project and we can address any of your custom requirements.

server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name example.com
error_log /var/log/nginx/example.com.error.log warn;
access_log /var/log/nginx/example.com.access.log warn;
ssl on;
ssl_certificate /etc/nginx/ssl/<yourkeys>.crt;
ssl_certificate_key /etc/nginx/ssl/<yourkeys>.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://reverseexample.com;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_key backend$request_uri;
proxy_cache_valid 200 301 302 20m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 15m;
proxy_cache_use_stale error timeout invalid_header updating;

}
}

You have not defined your upstream as per:
http://nginx.org/en/docs/http/ngx_http_upstream_module.html

Please read up on how proxy_pass works with NGINX:
https://www.digitalocean.com/community/tutorials/understanding-nginx-http-proxying-load-balancing-buffering-and-caching

Finally, what is the error that you get with your current setup?

Hello,
my current configuration:
upstream backend1 {
    server test.clientdomain.com;  
}

server {
    listen 80;
    listen 443 ssl;
    server_name rpn.mydomain.com;
    ssl on;
         ssl_certificate /etc/letsencrypt/live/rpn.mydomain.com/fullchain.pem; # managed by Certbot
      ssl_certificate_key /etc/letsencrypt/live/rpn.mydomain.com/privkey.pem; # managed by Certbot
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 10m;

    ssl_prefer_server_ciphers       on;
    ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                     ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

    add_header Strict-Transport-Security "max-age=31536000";

    location / {
       proxy_pass http://backend1;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
    }
}
 
error: Error code: SSL_ERROR_BAD_CERT_DOMAIN

As mentioned before you need to create a wildcard SSL certificate and have nginx serve it.

wildcard ssl for mydomian.com ?

what i dint understand when i am use cloud flare i used their cert to protect my domain!
i shot words i want to create like a cloudflare service in our company dc.

when i open any websites that is secure with cloud flare the ssl certificate for domain requested for example is:\
cn: sni150734.cloudflaressl.com
but the requested domain is different !
thanks.

You cannot just proxy SSL with nginx and expect it to work.

You either need a 1) wildcard certificate or 2) the one that matches the CN field.

At any rate those certificates must be signed by a trusted authority for your browser to trust them. This is just how SSL chain of trust works. There are no workarounds.

Now in the case of CloudFlare they issue a wildcard certificate signed by Comodo for their free tier customers.

The certificate must be issued for the domain you are serving. It must either be a wildcard (easiest) or an exact FQDN under the CN field of an SSL certificate issued.

hello,
regarding my replies the rpn.mydomain.com that is the reverse proxy domain is issue from lets encrypt
regarding the could flare certificate in general case is not for exact domain name its for exmaple.com for
cn: sni150734.cloudflaressl.com  !!!
so how they do it ...
in short words the certificate of cloudflare customers is not match the requested domain !
thanks.

Please accept the answer that qualifies and assign points accordingly. Otherwise post back and I will be more than welcome to clarify any additional questions / concerns.