This article applies to PRTG Network Monitor 12 or later

This article does NOT describe a full configuration of nginx. You might need to apply some security adjustments!!!

Using nginx Web Server as SSL Proxy for PRTG

There are some prerequisites that must be met if you plan to follow this article:

• Basic knowledge of the nginx web server
• A running nginx web server
• Make sure the machine running PRTG is accessible from the machine running nginx

Configure PRTG

• On the machine running the PRTG core server, open the PRTG Administration Tool on your core server system and configure the PRTG web server to run without SSL on http (a custom http port may be used).
• In the PRTG web interface, configure the same DNS name (Setup | System & Website, option DNS name) as you will use for the nginx later.

Configure nginx

Note: For reasons of simplicity we used the SSL certificates which are delivered with PRTG.

• Copy the PRTG certificate files (prtg.crt and prtg.key) from the machine where PRTG is installed (<PRTG Program Directory>\cert) to the machine where nginx is running (in this example to /var/www/cert).
• Create a new file called vhost_prtg_ssl in your sites-available directory
• Put the following content in it:

server {
       listen 443;
       server_name yourdomain.com;

       ssl on;
       ssl_certificate /var/www/cert/prtg.crt;
       ssl_certificate_key /var/www/cert/prtg.key;

       ssl_session_timeout 5m;

       ssl_protocols TLSv1;
       ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
       ssl_prefer_server_ciphers on;

       location / {
               proxy_pass http://YOUR_PRTG_SERVER;
       }
}

• Replace the server_name ("yourdomain.com" in this case) with the DNS name set up in PRTG (please make sure you have a valid A-Record for the used domain).
• Replace "YOUR_PRTG_SERVER" with the internal server name used for PRTG (the IP also can be used). Don't forget to add the port if you use a non standard port.
• Because PRTG runs in normal HTTP mode so it will create links without https, we will have to redirect them from http to https in nginx. To achieve this, create another file in your sites-available directory called vhost_prtg.
• Put the following content in it:

server {
       listen 80;
       server_name yourdomain.com;
       rewrite ^(.*) https://$host$1 permanent;
}

• Replace the ServerName ("yourdomain.com" in this case) with the DNS name set up in PRTG (please make sure you have a valid A-Record for the used domain).
• The ServerName and the set up DNS name in PRTG have to match in all files resp. PRTG itself
• This will make nginx redirect all http requests to https.
• Then either create a symbolic link ("ln -s source target") in your sites-enabled directory for the just created files or just copy them over from sites-enabled.
• (Re)start your nginx web server. Now you should be able to connect to PRTG via your SSL proxy.

Note: All external PRTG applications (Enterprise Console, PRTG for Android, PRTG for iOS) should work with this solution as well.

Any feedback on the article or further suggestions are highly appreciated.

See also

• Using Apache Web Server as SSL Proxy for PRTG
• Using IIS Web Server as SSL Proxy for PRTG