Varnish + ngingx - bypass certificates from remote (same LAN) webserver



i’ve my apache webserver with multiple sites on an ubuntu (16.04) host and i’ve my varnish with ngingx (for https) on another host (CentOS 6.5).

is it possible to bypass certificates from apache webserver (remote host) to ngingx?
what is the best way to do this?
on what host should the certificates be installed?

thanks in advance


It would seem that NGINX is handling all the HTTPS, so the certs should go there.

If you mean to transfer them from one server to the other, yes, that should be possible.
But it may be easier to just let nginx get new certs.
That said, nginx would most likely also need to handle the http connections - you could use it as a reverse proxy for both http and https.
Or you could just redirect the http acme challenge requests to https.



does this mean that in nginx i should configure the same sites i have in my remote apache webserver?



How did you set up both servers?
Where did you point the domain to? (the apache remote server or the nginx server?)

Thank you


Generally speaking, yes, one has the content for the sites and needs all their names; and the other needs to properly proxy to the individual sites and needs all their names as well (and certs to encrypt them with).