For example: I want to use a domain reverse proxy https://tw.godaddy.com, is this possible? My config does not work.

        location ~ /
    {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass https://tw.godaddy.com;
            proxy_set_header Host "tw.godaddy.com";
            proxy_set_header Accept-Encoding "";
            proxy_set_header User-Agent $http_user_agent;
            #more_clear_headers "X-Frame-Options";
            sub_filter_once off;
    }

Yes. It is possible.

Requirements:

• Compiled with --with-stream
• Compiled with --with-stream_ssl_module

You can check that with nginx -V

Configuration example:

stream {

    upstream backend {
        server backend1.example.com:12345;
        server backend2.example.com:12345;
        server backend3.example.com:12345;
   }

    server {
        listen     12345;
        proxy_pass backend;
        proxy_ssl  on;

        proxy_ssl_certificate         /etc/nginx/nginxb.crt;
        proxy_ssl_certificate_key     /etc/nginx/nginxb.key;
        proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
        proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
        proxy_ssl_trusted_certificate /etc/ssl/certs/trusted_ca_cert.crt;

        proxy_ssl_verify        on;
        proxy_ssl_verify_depth  2;
        proxy_ssl_session_reuse on;
    }
}

Explaination:

Turn on ssl backend:

proxy_ssl  on;

Specify the path to the SSL client certificate required by the upstream server and the certificate’s private key:

proxy_ssl_certificate         /etc/nginx/nginxb.crt;
proxy_ssl_certificate_key     /etc/nginx/nginxb.key;

These client key/certificates are your certificates to start ssl session to backend. you can create self signed via:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/nginxb.key -out /etc/nginx/nginxb.crt

If backend is selfsigned too turn off proxy_ssl_verify and remove ssl depth.