Back to Linter
Infosecurity

Upstream Traffic Unencrypted

When to encrypt traffic between Nginx and your backend servers.

What This Rule Checks

This rule detects when Nginx is proxying requests to a remote backend server over plain HTTP (not localhost/127.0.0.1).

Why It Matters

If your backend isn't on the same machine or local network, traffic between Nginx and the backend can be intercepted. This is especially risky in cloud environments or across data centers.

Bad — Triggers this rule

location / {
    proxy_pass http://10.0.0.5:3000;
}

Good — Passes this rule

location / {
    proxy_pass https://10.0.0.5:3000;
}

How to Fix

If your backend is on a different machine, configure it to accept HTTPS connections and change the proxy_pass URL to use `https://`.

Related Rules

security-ssl-missing

Check your config now

Paste your nginx.conf and get instant feedback on 20+ rules.

Open Linter →