What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags

View all Tags

Using nginx web server as SSL Proxy for PRTG



Is it possible to use the nginx webserver as SSL proxy for PRTG?

nginx ssl ssl-proxy

Created on Jan 18, 2016 3:34:09 PM by  Konstantin Wolff [Paessler Support]

Last change on Oct 22, 2019 11:11:42 AM by  Brandy Greger [Paessler Support]

6 Replies

Accepted Answer



This article applies to PRTG Network Monitor 12 or later

This article does NOT describe a full configuration of nginx. You might need to apply some security adjustments!!!

Using nginx Web Server as SSL Proxy for PRTG

There are some prerequisites that must be met if you plan to follow this article:

  • Basic knowledge of the nginx web server
  • A running nginx web server
  • Make sure the machine running PRTG is accessible from the machine running nginx

Configure PRTG

  • On the machine running the PRTG core server, open the PRTG Administration Tool on your core server system and configure the PRTG web server to run without SSL on http (a custom http port may be used).
  • In the PRTG web interface, configure the same DNS name (Setup | System & Website, option DNS name) as you will use for the nginx later.

Configure nginx

Note: For reasons of simplicity we used the SSL certificates which are delivered with PRTG.

  • Copy the PRTG certificate files (prtg.crt and prtg.key) from the machine where PRTG is installed (<PRTG Program Directory>\cert) to the machine where nginx is running (in this example to /var/www/cert).
  • Create a new file called vhost_prtg_ssl in your sites-available directory
  • Put the following content in it:
server {
       listen 443;
       server_name yourdomain.com;

       ssl on;
       ssl_certificate /var/www/cert/prtg.crt;
       ssl_certificate_key /var/www/cert/prtg.key;

       ssl_session_timeout 5m;

       ssl_protocols TLSv1;
       ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
       ssl_prefer_server_ciphers on;

       location / {
               proxy_pass http://YOUR_PRTG_SERVER;
  • Replace the server_name ("yourdomain.com" in this case) with the DNS name set up in PRTG (please make sure you have a valid A-Record for the used domain).
  • Replace "YOUR_PRTG_SERVER" with the internal server name used for PRTG (the IP also can be used). Don't forget to add the port if you use a non standard port.
  • Because PRTG runs in normal HTTP mode so it will create links without https, we will have to redirect them from http to https in nginx. To achieve this, create another file in your sites-available directory called vhost_prtg.
  • Put the following content in it:
server {
       listen 80;
       server_name yourdomain.com;
       rewrite ^(.*) https://$host$1 permanent;

  • Replace the ServerName ("yourdomain.com" in this case) with the DNS name set up in PRTG (please make sure you have a valid A-Record for the used domain).
  • The ServerName and the set up DNS name in PRTG have to match in all files resp. PRTG itself
  • This will make nginx redirect all http requests to https.
  • Then either create a symbolic link ("ln -s source target") in your sites-enabled directory for the just created files or just copy them over from sites-enabled.
  • (Re)start your nginx web server. Now you should be able to connect to PRTG via your SSL proxy.

Note: All external PRTG applications (Enterprise Console, PRTG for Android, PRTG for iOS) should work with this solution as well.

Any feedback on the article or further suggestions are highly appreciated.

See also

Created on Jan 18, 2016 3:45:18 PM by  Konstantin Wolff [Paessler Support]

Last change on Oct 22, 2019 11:11:29 AM by  Brandy Greger [Paessler Support]



This configuration assumes that someone is going to be using a separate domain or subdomain for PRTG, but people generally use a folder on an existing domain or subdomain. So they would want to use https://my.domain/prtg/, instead of https://prtg.my.domain or https://myprtgdomain.com.

I tested the above configuration and it does indeed work, but only when using a separate domain or subdomain. As soon as you change "location /" to "location /subfolder", the configuration breaks and gives a not found error. My guess would be the something within PRTG is hard-coded to use /, so if you're not using the root of a domain or subdomain it's going to break.

Created on Jan 18, 2016 8:55:34 PM

Last change on Jan 18, 2016 8:55:34 PM



Not tested with URL path proxying yet. So yes, this setup only works with a (sub-)domain.

Created on Jan 19, 2016 12:32:31 PM by  Konstantin Wolff [Paessler Support]



I'm curious as to why we need to turn off SSL for the PRTG web interface? Before finding this article, I left SSL on and configured Nginx to redirect proxy_pass to my PRTG server on HTTPS.

This *appears* to work in my setup, so is the recommendation simply to reduce overhead of encryption/decryption? or is it for another reason I'm not understanding.

Having SSL on the website is helpful for a number of reasons; Chrome (my preferred browser) moans a lot when using non-HTTPS sites. Also, Chrome's built-in ability to suggest saved passwords won't work if the site is non-HTTPS.


Created on Jun 6, 2019 3:31:30 PM



Hi there,

This is hard to tell, the guide is already 3 years old and things can change. If the setup works with enabled SSL, then keep it that way.

Best regards.

Created on Jun 6, 2019 6:49:49 PM by  Dariusz Gorka [Paessler Support]



Hello Jason,

Probes communicate with the probe on TCP 23560, see:


Are your probes disconnected completely after implementing this?

Regards, Oscar

Created on Oct 25, 2022 8:38:40 PM by  Oscar Chavarria [Paessler Technical Support]

Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.