How to proxy https to http and enable ssl?

Posted September 12, 2020 2.2k views
NginxServer OptimizationConfiguration Management

Hello everyone,

I have configured an app that communicated via websocket (ws) protocol.
I want to config this app over https but getting “mixed content error”:

** The app was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint.

Now I want to proxy https to http while enabling the SSL as well.

My current configs are:

server {
           listen 443;

            ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
            ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
            include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
            ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

           ssl on;
           ssl_session_cache  builtin:1000  shared:SSL:10m;

        location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            proxy_read_timeout 86400;       


server {
    listen 8000;

    root /home/ubuntu/alf_poc/app;
    # Add index.php to the list if you are using PHP
    index index.html;


However, I’m still getting the same error.
Is there any help how can I proxy/redirect https to http and enable SSL as well?

Many thanks

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi there @myahya,

As per the official Nginx documentaton, what I could suggest trying is to add the following extra proxy rules:

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

After that run a config test:

  • sudo nginx -t

And if you get Syntax OK, restart Nginx:

  • sudo systemctl restart nginx

Let me know how it goes!

  • Hi @bobbyiliev,

    Thank you for your help.

    I updated the configs according to your instructions, but still no luck. Getting the same “Mixed content” error.

    any other suggestion?


    • Hi there @myahya,

      How is your WebSocket defined? Are you using wss:// or ws://?

      What I could suggest is changing ws:// to wss:// and give it a try again.

      Let me know how it goes!

      • Hi @bobbyiliev,

        In my app, I’m using the endpoint like this:

        const web3 = new Web3 (‘ws://server-ip:7546’);

        The problem is that I can not use wss instead of ws.

        I already tried wss and its not working. I think I have to use some external libraries like “websocket’ and also need to use SSL inorder to make wss work.

        Any suggestion from your side, is there any better way to achieve this?

        Many thanks

      • Hello @bobbyiliev,

        Thanks again.

        I have created a test script index.js as below:

        const https = require('https');
        const fs = require('fs');
        const WebSocket = require('ws');
        const server = https.createServer({
            cert: fs.readFileSync('./cert/server.pem'),
            key: fs.readFileSync('./cert/server.key')
        const wss = new WebSocket.Server({ server });
        wss.on('connection', function connection(ws) {
            ws.on('message', function message(msg) {
        server.listen(function listening() {
            const ws = new WebSocket('wss://', {
                rejectUnauthorized: false
            ws.on('open', function open() {
                const web3 = new Web3(ws);
                web3.eth.getAccounts().then(e => console.log(e));

        However, I’m getting the following error:

        (node:19165) [DEP0123] DeprecationWarning: Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.
        (Use `node --trace-deprecation ...` to show where the warning was created)
              throw er; // Unhandled 'error' event
        Error: write EPROTO 140019449694080:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
            at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:94:16)
        Emitted 'error' event on WebSocket instance at:
            at ClientRequest.<anonymous> (/home/yahya/Documents/GitHub/wss-test/node_modules/ws/lib/websocket.js:551:15)
            at ClientRequest.emit (events.js:314:20)
            at TLSSocket.socketErrorListener (_http_client.js:469:9)
            at TLSSocket.emit (events.js:314:20)
            at emitErrorNT (internal/streams/destroy.js:100:8)
            at emitErrorCloseNT (internal/streams/destroy.js:68:3)
            at processTicksAndRejections (internal/process/task_queues.js:80:21) {
          errno: -71,
          code: 'EPROTO',
          syscall: 'write'

        Any help, please?