How can i proxy to SSL backend without specifiyng cert files?

Question

I have an Play 2.1.x application which signs itself using JKS. It's up, running and available at domain.com:9443, I need to proxy it with nginx, as there will be more apps on the same machine, (therefore can't run it just on port 443) I added the nginx config in hope that proxy_pass with https will allow me to just proxy it to client

upstream backend-secure {
    server 0.0.0.0:9443;
}

server {
        listen 443 ssl;
        server_name domain.com;

        proxy_redirect          off;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;


        location / {
                proxy_pass  https://backend-secure;
        }

}

Unfortunately when trying to open https://domain.com in browser I only get log in nginx/error.log like:

no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 123.123.123.123, server: 0.0.0.0:443

Is there a way to make it working or only option is using common way for nginx SSL + using http backend?

Edit: It's EV, multidomain certificate if it matters.

Answer 1

The only option for proxy is to have the certificate inside nginx. Another option would be to just TCP forward the connection outside of ngnix, but then you will not get any of the X-Real-IP, X-Forwarded-For etc stuff.