Dans une infrastructure auto-h\u00e9berg\u00e9e o\u00f9 cohabitent plusieurs services \u2014 Gitea, Nextcloud, CKAN, Keycloak, Grafana \u2014 la question du point d’entr\u00e9e r\u00e9seau se pose rapidement. Nginx, utilis\u00e9 comme reverse proxy, permet de centraliser le routage, g\u00e9rer les certificats TLS et appliquer des r\u00e8gles de s\u00e9curit\u00e9 communes \u00e0 l’ensemble des services. C’est une brique fondamentale, souvent sous-estim\u00e9e, qui conditionne la fiabilit\u00e9 et la s\u00e9curit\u00e9 de toute l’infrastructure.<\/p>\n\n\n\n
Un reverse proxy se place entre les clients (navigateurs, API consumers) et vos services internes. Il remplit plusieurs r\u00f4les essentiels :<\/p>\n\n\n\n
Dans un d\u00e9ploiement classique bas\u00e9 sur Docker, Nginx s’installe comme conteneur d\u00e9di\u00e9 (ou directement sur l’h\u00f4te) et redirige chaque requ\u00eate entrante vers le bon conteneur en fonction du virtual host. Voici un sch\u00e9ma simplifi\u00e9 :<\/p>\n\n\n\n
Internet\n \u2502\n \u25bc\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u2502 Nginx (port 443) \u2502\n\u2502 Terminaison TLS \u2502\n\u2502 Routage vhosts \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n \u2502 \u2502\n \u250c\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2510 \u250c\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n \u2502 Gitea \u2502 \u2502Nextcloud\u2502 ...autres services\n \u2502 :3000 \u2502 \u2502 :8080 \u2502\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n<\/pre>\n\n\n\nChaque service \u00e9coute sur un port interne, inaccessible depuis l’ext\u00e9rieur. Seul Nginx expose les ports 80 (redirection) et 443 (HTTPS).<\/p>\n\n\n\n
Configuration d’un virtual host<\/h3>\n\n\n\n
La configuration Nginx pour un service type suit un patron r\u00e9current. Voici un exemple pour Gitea :<\/p>\n\n\n\n
server {\n listen 443 ssl http2;\n server_name git.mondomaine.fr;\n\n ssl_certificate \/etc\/letsencrypt\/live\/git.mondomaine.fr\/fullchain.pem;\n ssl_certificate_key \/etc\/letsencrypt\/live\/git.mondomaine.fr\/privkey.pem;\n\n # En-t\u00eates de s\u00e9curit\u00e9\n add_header Strict-Transport-Security \"max-age=63072000; includeSubDomains\" always;\n add_header X-Content-Type-Options nosniff;\n add_header X-Frame-Options DENY;\n add_header Referrer-Policy strict-origin-when-cross-origin;\n\n location \/ {\n proxy_pass http:\/\/gitea:3000;\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Proto $scheme;\n }\n}\n<\/pre>\n\n\n\nCe bloc se duplique pour chaque service, en adaptant le
server_name<\/code> et leproxy_pass<\/code>. L’avantage : chaque service n’a besoin de conna\u00eetre que son propre port interne.<\/p>\n\n\n\nAutomatiser les certificats avec Let’s Encrypt<\/h3>\n\n\n\n
La gestion manuelle des certificats TLS est fastidieuse et source d’erreurs. Certbot, le client officiel de Let’s Encrypt, s’int\u00e8gre directement avec Nginx pour obtenir et renouveler automatiquement les certificats :<\/p>\n\n\n\n
# Obtenir un certificat\ncertbot --nginx -d git.mondomaine.fr\n\n# Renouvellement automatique (cron ou timer systemd)\ncertbot renew --quiet\n<\/pre>\n\n\n\nAvec un timer systemd ou une t\u00e2che cron quotidienne, le renouvellement devient transparent. Certbot modifie directement la configuration Nginx et recharge le service sans interruption.<\/p>\n\n\n\n
Durcissement : aller plus loin que la configuration par d\u00e9faut<\/h3>\n\n\n\n
La configuration par d\u00e9faut de Nginx est fonctionnelle mais insuffisante en production. Quelques ajustements importants :<\/p>\n\n\n\n
\n
- Protocoles TLS :<\/strong> d\u00e9sactiver TLS 1.0 et 1.1, ne conserver que TLS 1.2 et 1.3 (
ssl_protocols TLSv1.2 TLSv1.3;<\/code>).<\/li>\n\n\n\n- Suites de chiffrement :<\/strong> utiliser une liste restrictive de ciphers modernes pour \u00e9viter les algorithmes vuln\u00e9rables.<\/li>\n\n\n\n
- Rate limiting :<\/strong> limiter le nombre de requ\u00eates par IP pour att\u00e9nuer les attaques par force brute, notamment sur les pages de connexion.<\/li>\n\n\n\n
- Taille des requ\u00eates :<\/strong> configurer
client_max_body_size<\/code> selon les besoins (upload Nextcloud vs API l\u00e9g\u00e8re).<\/li>\n\n\n\n- Logs structur\u00e9s :<\/strong> formater les logs en JSON pour faciliter leur ingestion par un stack d’observabilit\u00e9 (Loki, Elasticsearch).<\/li>\n<\/ul>\n\n\n\n
# Rate limiting sur la page de login\nlimit_req_zone $binary_remote_addr zone=login:10m rate=5r\/m;\n\nserver {\n ...\n location \/user\/login {\n limit_req zone=login burst=3 nodelay;\n proxy_pass http:\/\/gitea:3000;\n }\n}\n<\/pre>\n\n\n\nNginx et Docker Compose : un duo naturel<\/h3>\n\n\n\n
Dans un environnement Docker Compose, Nginx peut r\u00e9soudre les noms de services directement via le r\u00e9seau Docker interne. Il suffit de placer Nginx et les services dans le m\u00eame r\u00e9seau :<\/p>\n\n\n\n
# docker-compose.yml (extrait)\nservices:\n nginx:\n image: nginx:alpine\n ports:\n - \"80:80\"\n - \"443:443\"\n volumes:\n - .\/nginx\/conf.d:\/etc\/nginx\/conf.d\n - .\/certbot\/conf:\/etc\/letsencrypt\n networks:\n - frontend\n\n gitea:\n image: gitea\/gitea:latest\n networks:\n - frontend\n expose:\n - \"3000\"\n\nnetworks:\n frontend:\n driver: bridge\n<\/pre>\n\n\n\nAvec
expose<\/code> au lieu deports<\/code>, les services restent accessibles uniquement via le r\u00e9seau Docker interne \u2014 jamais directement depuis l’ext\u00e9rieur.<\/p>\n\n\n\nAlternatives et compl\u00e9ments<\/h3>\n\n\n\n
Nginx n’est pas la seule option. Traefik, par exemple, offre une d\u00e9couverte automatique des services Docker et une gestion int\u00e9gr\u00e9e de Let’s Encrypt via des labels. Caddy propose une configuration minimaliste avec HTTPS automatique par d\u00e9faut. Cependant, Nginx reste le choix le plus r\u00e9pandu, le mieux document\u00e9, et le plus flexible pour des configurations avanc\u00e9es (r\u00e9\u00e9criture d’URL, authentification par sous-requ\u00eate, streaming WebSocket).<\/p>\n\n\n\n
Pour les infrastructures plus complexes, HAProxy apporte des fonctionnalit\u00e9s avanc\u00e9es de load balancing (algorithmes round-robin pond\u00e9r\u00e9s, health checks actifs) qui compl\u00e8tent bien un Nginx en frontal.<\/p>\n\n\n\n
En r\u00e9sum\u00e9<\/h3>\n\n\n\n
Nginx en reverse proxy est le point de d\u00e9part de toute infrastructure auto-h\u00e9berg\u00e9e s\u00e9rieuse. Il centralise la gestion TLS, simplifie le routage multi-services, et offre un premier niveau de s\u00e9curit\u00e9 indispensable. Combin\u00e9 \u00e0 Let’s Encrypt et Docker Compose, il permet de monter une architecture solide avec un minimum de friction. L’investissement initial dans une bonne configuration Nginx se rentabilise \u00e0 chaque nouveau service ajout\u00e9 \u00e0 l’infrastructure.<\/p>","protected":false},"excerpt":{"rendered":"
Nginx comme reverse proxy : routage, TLS et s\u00e9curit\u00e9 pour une infrastructure auto-h\u00e9berg\u00e9e Dans une infrastructure auto-h\u00e9berg\u00e9e o\u00f9 cohabitent plusieurs services \u2014 Gitea, Nextcloud, CKAN, Keycloak, Grafana \u2014 la question du point d’entr\u00e9e r\u00e9seau se pose rapidement. Nginx, utilis\u00e9 comme reverse proxy, permet de centraliser le routage, g\u00e9rer les certificats TLS et appliquer des r\u00e8gles de […]<\/p>\n","protected":false},"author":1,"featured_media":2076,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","osh_disable_topbar_sticky":"default","osh_disable_header_sticky":"default","osh_sticky_header_style":"default","osh_sticky_header_effect":"","osh_custom_sticky_logo":0,"osh_custom_retina_sticky_logo":0,"osh_custom_sticky_logo_height":0,"osh_background_color":"","osh_links_color":"","osh_links_hover_color":"","osh_links_active_color":"","osh_links_bg_color":"","osh_links_hover_bg_color":"","osh_links_active_bg_color":"","osh_menu_social_links_color":"","osh_menu_social_hover_links_color":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[18],"tags":[],"class_list":["post-2075","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops","entry","has-media"],"yoast_head":"\n
Nginx comme reverse proxy : routage, TLS et s\u00e9curit\u00e9 pour une infrastructure auto-h\u00e9berg\u00e9e - askem<\/title>\n<meta name=\"description\" content=\"ASKEM BUREAU D'\u00c9TUDES ET DE FORMATION NUM\u00c9RIQUE. Nous vous assistons dans la transformation num\u00e9rique de vos outils, services et organisations tout en pla\u00e7ant l\u2019humain au c\u0153ur de notre d\u00e9marche d\u2019accompagnement.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/askem.eu\/en\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Nginx comme reverse proxy : routage, TLS et s\u00e9curit\u00e9 pour une infrastructure auto-h\u00e9berg\u00e9e - askem\" \/>\n<meta property=\"og:description\" content=\"ASKEM BUREAU D'\u00c9TUDES ET DE FORMATION NUM\u00c9RIQUE. Nous vous assistons dans la transformation num\u00e9rique de vos outils, services et organisations tout en pla\u00e7ant l\u2019humain au c\u0153ur de notre d\u00e9marche d\u2019accompagnement.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/askem.eu\/en\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/\" \/>\n<meta property=\"og:site_name\" content=\"askem\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/fb.me\/askem.eu\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-13T08:49:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-13T08:49:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mlpi0fxo3sth.i.optimole.com\/cb:3obA.c61\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/askem.eu\/wp-content\/uploads\/2026\/03\/sujet-askem-2026-03-13.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"askemadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"askemadmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/\"},\"author\":{\"name\":\"askemadmin\",\"@id\":\"https:\\\/\\\/askem.eu\\\/#\\\/schema\\\/person\\\/8bbee74ab9a977d56bf4826662e9d2e9\"},\"headline\":\"Nginx comme reverse proxy : routage, TLS et s\u00e9curit\u00e9 pour une infrastructure auto-h\u00e9berg\u00e9e\",\"datePublished\":\"2026-03-13T08:49:42+00:00\",\"dateModified\":\"2026-03-13T08:49:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/\"},\"wordCount\":773,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/askem.eu\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\/\\/askem.eu\\/wp-content\\/uploads\\/2026\\/03\\/sujet-askem-2026-03-13.png\",\"articleSection\":[\"devops\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/\",\"url\":\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/\",\"name\":\"Nginx comme reverse proxy : routage, TLS et s\u00e9curit\u00e9 pour une infrastructure auto-h\u00e9berg\u00e9e - askem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/askem.eu\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\/\\/askem.eu\\/wp-content\\/uploads\\/2026\\/03\\/sujet-askem-2026-03-13.png\",\"datePublished\":\"2026-03-13T08:49:42+00:00\",\"dateModified\":\"2026-03-13T08:49:44+00:00\",\"description\":\"ASKEM BUREAU D'\u00c9TUDES ET DE FORMATION NUM\u00c9RIQUE. Nous vous assistons dans la transformation num\u00e9rique de vos outils, services et organisations tout en pla\u00e7ant l\u2019humain au c\u0153ur de notre d\u00e9marche d\u2019accompagnement.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/#primaryimage\",\"url\":\"https:\\/\\/askem.eu\\/wp-content\\/uploads\\/2026\\/03\\/sujet-askem-2026-03-13.png\",\"contentUrl\":\"https:\\/\\/askem.eu\\/wp-content\\/uploads\\/2026\\/03\\/sujet-askem-2026-03-13.png\",\"width\":1200,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/askem.eu\\\/2026\\\/03\\\/13\\\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/askem.eu\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Nginx comme reverse proxy : routage, TLS et s\u00e9curit\u00e9 pour une infrastructure auto-h\u00e9berg\u00e9e\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/askem.eu\\\/#website\",\"url\":\"https:\\\/\\\/askem.eu\\\/\",\"name\":\"askem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/askem.eu\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/askem.eu\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/askem.eu\\\/#organization\",\"name\":\"Askem\",\"url\":\"https:\\\/\\\/askem.eu\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/askem.eu\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\/\\/mlpi0fxo3sth.i.optimole.com\\/cb:3obA.c61\\/w:760\\/h:480\\/q:mauto\\/f:best\\/https:\\/\\/askem.eu\\/wp-content\\/uploads\\/2020\\/10\\/logoGalaxieAskem3.png\",\"contentUrl\":\"https:\\/\\/mlpi0fxo3sth.i.optimole.com\\/cb:3obA.c61\\/w:760\\/h:480\\/q:mauto\\/f:best\\/https:\\/\\/askem.eu\\/wp-content\\/uploads\\/2020\\/10\\/logoGalaxieAskem3.png\",\"width\":760,\"height\":480,\"caption\":\"Askem\"},\"image\":{\"@id\":\"https:\\\/\\\/askem.eu\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/fb.me\\\/askem.eu\",\"https:\\\/\\\/linkedin.com\\\/company\\\/askem-eu\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/askem.eu\\\/#\\\/schema\\\/person\\\/8bbee74ab9a977d56bf4826662e9d2e9\",\"name\":\"askemadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a202f744ee3a4b6fdbe2ceb57fd84c72559337791a276662270d8d2fb7842e3f?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a202f744ee3a4b6fdbe2ceb57fd84c72559337791a276662270d8d2fb7842e3f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a202f744ee3a4b6fdbe2ceb57fd84c72559337791a276662270d8d2fb7842e3f?s=96&d=mm&r=g\",\"caption\":\"askemadmin\"},\"sameAs\":[\"https:\\\/\\\/askem.eu\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Nginx comme reverse proxy : routage, TLS et s\u00e9curit\u00e9 pour une infrastructure auto-h\u00e9berg\u00e9e - askem","description":"ASKEM BUREAU D'\u00c9TUDES ET DE FORMATION NUM\u00c9RIQUE. Nous vous assistons dans la transformation num\u00e9rique de vos outils, services et organisations tout en pla\u00e7ant l\u2019humain au c\u0153ur de notre d\u00e9marche d\u2019accompagnement.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/askem.eu\/en\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/","og_locale":"en_US","og_type":"article","og_title":"Nginx comme reverse proxy : routage, TLS et s\u00e9curit\u00e9 pour une infrastructure auto-h\u00e9berg\u00e9e - askem","og_description":"ASKEM BUREAU D'\u00c9TUDES ET DE FORMATION NUM\u00c9RIQUE. Nous vous assistons dans la transformation num\u00e9rique de vos outils, services et organisations tout en pla\u00e7ant l\u2019humain au c\u0153ur de notre d\u00e9marche d\u2019accompagnement.","og_url":"https:\/\/askem.eu\/en\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/","og_site_name":"askem","article_publisher":"https:\/\/fb.me\/askem.eu","article_published_time":"2026-03-13T08:49:42+00:00","article_modified_time":"2026-03-13T08:49:44+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/mlpi0fxo3sth.i.optimole.com\/cb:3obA.c61\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/askem.eu\/wp-content\/uploads\/2026\/03\/sujet-askem-2026-03-13.png","type":"image\/png"}],"author":"askemadmin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"askemadmin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/#article","isPartOf":{"@id":"https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/"},"author":{"name":"askemadmin","@id":"https:\/\/askem.eu\/#\/schema\/person\/8bbee74ab9a977d56bf4826662e9d2e9"},"headline":"Nginx comme reverse proxy : routage, TLS et s\u00e9curit\u00e9 pour une infrastructure auto-h\u00e9berg\u00e9e","datePublished":"2026-03-13T08:49:42+00:00","dateModified":"2026-03-13T08:49:44+00:00","mainEntityOfPage":{"@id":"https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/"},"wordCount":773,"commentCount":0,"publisher":{"@id":"https:\/\/askem.eu\/#organization"},"image":{"@id":"https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/#primaryimage"},"thumbnailUrl":"https:\/\/mlpi0fxo3sth.i.optimole.com\/cb:3obA.c61\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/askem.eu\/wp-content\/uploads\/2026\/03\/sujet-askem-2026-03-13.png","articleSection":["devops"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/","url":"https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/","name":"Nginx comme reverse proxy : routage, TLS et s\u00e9curit\u00e9 pour une infrastructure auto-h\u00e9berg\u00e9e - askem","isPartOf":{"@id":"https:\/\/askem.eu\/#website"},"primaryImageOfPage":{"@id":"https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/#primaryimage"},"image":{"@id":"https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/#primaryimage"},"thumbnailUrl":"https:\/\/mlpi0fxo3sth.i.optimole.com\/cb:3obA.c61\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/askem.eu\/wp-content\/uploads\/2026\/03\/sujet-askem-2026-03-13.png","datePublished":"2026-03-13T08:49:42+00:00","dateModified":"2026-03-13T08:49:44+00:00","description":"ASKEM BUREAU D'\u00c9TUDES ET DE FORMATION NUM\u00c9RIQUE. Nous vous assistons dans la transformation num\u00e9rique de vos outils, services et organisations tout en pla\u00e7ant l\u2019humain au c\u0153ur de notre d\u00e9marche d\u2019accompagnement.","breadcrumb":{"@id":"https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/#primaryimage","url":"https:\/\/mlpi0fxo3sth.i.optimole.com\/cb:3obA.c61\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/askem.eu\/wp-content\/uploads\/2026\/03\/sujet-askem-2026-03-13.png","contentUrl":"https:\/\/mlpi0fxo3sth.i.optimole.com\/cb:3obA.c61\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/askem.eu\/wp-content\/uploads\/2026\/03\/sujet-askem-2026-03-13.png","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/askem.eu\/2026\/03\/13\/nginx-comme-reverse-proxy-routage-tls-et-securite-pour-une-infrastructure-auto-hebergee\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/askem.eu\/"},{"@type":"ListItem","position":2,"name":"Nginx comme reverse proxy : routage, TLS et s\u00e9curit\u00e9 pour une infrastructure auto-h\u00e9berg\u00e9e"}]},{"@type":"WebSite","@id":"https:\/\/askem.eu\/#website","url":"https:\/\/askem.eu\/","name":"askem","description":"","publisher":{"@id":"https:\/\/askem.eu\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/askem.eu\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/askem.eu\/#organization","name":"Askem","url":"https:\/\/askem.eu\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/askem.eu\/#\/schema\/logo\/image\/","url":"https:\/\/mlpi0fxo3sth.i.optimole.com\/cb:3obA.c61\/w:760\/h:480\/q:mauto\/f:best\/https:\/\/askem.eu\/wp-content\/uploads\/2020\/10\/logoGalaxieAskem3.png","contentUrl":"https:\/\/mlpi0fxo3sth.i.optimole.com\/cb:3obA.c61\/w:760\/h:480\/q:mauto\/f:best\/https:\/\/askem.eu\/wp-content\/uploads\/2020\/10\/logoGalaxieAskem3.png","width":760,"height":480,"caption":"Askem"},"image":{"@id":"https:\/\/askem.eu\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/fb.me\/askem.eu","https:\/\/linkedin.com\/company\/askem-eu"]},{"@type":"Person","@id":"https:\/\/askem.eu\/#\/schema\/person\/8bbee74ab9a977d56bf4826662e9d2e9","name":"askemadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a202f744ee3a4b6fdbe2ceb57fd84c72559337791a276662270d8d2fb7842e3f?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a202f744ee3a4b6fdbe2ceb57fd84c72559337791a276662270d8d2fb7842e3f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a202f744ee3a4b6fdbe2ceb57fd84c72559337791a276662270d8d2fb7842e3f?s=96&d=mm&r=g","caption":"askemadmin"},"sameAs":["https:\/\/askem.eu"]}]}},"_links":{"self":[{"href":"https:\/\/askem.eu\/en\/wp-json\/wp\/v2\/posts\/2075","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/askem.eu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/askem.eu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/askem.eu\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/askem.eu\/en\/wp-json\/wp\/v2\/comments?post=2075"}],"version-history":[{"count":1,"href":"https:\/\/askem.eu\/en\/wp-json\/wp\/v2\/posts\/2075\/revisions"}],"predecessor-version":[{"id":2077,"href":"https:\/\/askem.eu\/en\/wp-json\/wp\/v2\/posts\/2075\/revisions\/2077"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/askem.eu\/en\/wp-json\/wp\/v2\/media\/2076"}],"wp:attachment":[{"href":"https:\/\/askem.eu\/en\/wp-json\/wp\/v2\/media?parent=2075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/askem.eu\/en\/wp-json\/wp\/v2\/categories?post=2075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/askem.eu\/en\/wp-json\/wp\/v2\/tags?post=2075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}