Powered by Zoomin Software. For more details please contactZoomin

Install Semaphore on Linux

Table of Contents

Configure nginx as a reverse proxy

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 13, 2026
  • 2 minute read
    • Semaphore
    • Documentation

The following section describes how to configure nqinx as a reverse proxy in Linux environment. After configuration, you can use nginx in front of the Semaphore Studio component to handle the conversion from https to http.

Installation of nginx

Execute the following command to install the nginx service:

yum install nginx

You may need to add the access ports to your local firewalld configuration. The following commands add the standard http and https ports. Note that adding the http port is optional. For our example, even though we are disabling http access, we are allowing http access for server for the purposes of redirection.

firewall-cmd --add-port 80/tcp

firewall-cmd --add-port 443/tcp

To list the open ports, use issue the following command:

firewall-cmd --list-all

Configure nginx for SSL forwarding

Store your certificate files, .crt and .rsa, in a convenient location. Note that you can use the user chmod command to grant the nginx processes read access to the certificates. In some scenarios, you might need to run the following command to restore the default SELinux context of the certification files:

restorecon <filename>

If you have a .pfx file and a password, rather than these two files, you can convert them using the following commands:

openssl pkcs12 -in certificate.pfx -clcerts -nokeys -out certificate.crt

openssl pkcs12 -in certificate.pfx -nocerts -nodes -out certificate.rsa

Next, navigate to the nginx configuration file:

/etc/nginx/nginx.cong

In the file, we need to create two server groups. The first server group ensures that any request to port 80 (http) will be redirected to port 443 (https). For example:

server {
         listen 80 default_server;

         server_name \_;

        return 301 https://\$host\$request_uri;

}

The second server group forwards all requests at port 443 to the Semaphore instance (assuming that it is running on the same box at the default port 5080). For example:

server {
   listen \*:443 ssl;
   server_name semaphore-internal.progress.com;
   ssl_certificate /etc/nginx/certificate.crt;
   ssl_certificate_key /etc/nginx/certificate.rsa;
   location / {
      proxy_pass http://localhost:5080;
      proxy_set_header Host \$host;
      proxy_set_header X-Real-IP \$remote_addr;
      proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto \$scheme;
   }
}

Note that it is important to set the proxy headers as they appear in the example; otherwise, Semaphore will be unable to correctly return locations for URLs.

After you update the file, start the nginx server using the following command:

systemctl start nginx
TitleResults for “How to create a CRG?”Also Available inAlert