Windows Home Server Behind NGINX Reverse Proxy

Windows Home Server behind NGINX

I recently install WHS 2011 on my ESXI machine. All web traffic goes through a NGINX server to reverse proxy all my domains hosted another server.
WHS requires SSL and therefore a records needs to be set within the nginx conf file.

First thing to do is install WHS 2011. To help things along, I configured my router to send all traffic to WHS so I can easily setup the remote access and domain name. During this process, a ssl cert is generated and installed into IIS. We will need to export this cert and key and load it onto the NGINX box.

Export WHS Certificate

  1. From IIS Manager, click on Server->Sites->Default Web Sites.
  2. In the right column, ‘Actions’, click Bindings.
  3. Select HTTPS *:433: record and Edit.
  4. Under SSL Certificate, your server name should appear, then click View.
  5. Click the Details tab, then click Copy to File button.
  6. Continue through the wizard and select “yes, export the private key” and check “Export all extended properties”.
  7. Give it a password you will remember, then save it as whs.pfx to your desktop.

Copy it to NGINX

FTP the pfx file to a hosted site or any accessible folder
On the NGINX server, cd /etc/nginx/ssl/


Convert Certificate

From within the ssl folder, export the certificate:

openssl pkcs12 -in whs.pfx -nokeys -out whs.pem

Export the private key:

openssl pkcs12 -in whs.pfx -out whs.key -nocerts -nodes

Create NGINX WHS Conf

Create conf file

vi /etc/nginx/conf.d/whs.conf

Paste the following and replace INTERNALIP with your internal server IP and servername with your actual domainĀ :

server {
  listen 80;
  location / {
    proxy_pass http://INTERNALIP:80;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_redirect off;

server {
  listen 443;
  ssl on;
  ssl_certificate ssl/whs.pem;
  ssl_certificate_key ssl/whs.key;
  ssl_session_timeout 5m;
  ssl_protocols SSLv3 TLSv1;
  ssl_ciphers HIGH:!ADH:!MD5;
  ssl_prefer_server_ciphers on;
  location / {
    proxy_pass https://INTERNALIP:443;
    proxy_set_header host;

Reload NGINX

/etc/rc.d/init.d/nginx reload

Open a browser and navigate to your servers domain.