Any reason you are running 6.14? We consider this an old version now. 6.15 is a newer 6 version, but i would recommend to upgrade to XP 7 if possible. I’m don’t know anything about ssl or certificates, so i hope one of my co-workers can help you with that.
You got it right, that XP needs a proxy in front to serve https traffic. So this question is more about NGINX than XP. I can only direct you to the Nginx docs there. We are most familiar with apache, here is an example how that would work:
Note: Change xp:8080 to your upstream XP server.
<VirtualHost *:80>
ServerName mysite.com
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://mysite.com/$1 [L,R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName mysite.com
SSLEngine on
SSLCertificateFile /etc/ssl/mysite.com/mysite.com.crt
SSLCertificateKeyFile /etc/ssl/mysite.com/mysite.com.private.key;
SSLCertificateChainFile /etc/ssl/mysite.com/mysite.com.ca
RequestHeader set X-Forwarded-Proto "https"
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://xp:8080/
ProxyPassReverse / http://xp:8080/
RewriteEngine on
# Rewrite all variants to use base host name
RewriteCond %{HTTP_HOST} !^mysite\.com$
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) https://mysite.com/$1 [L,R]
# Rewrites
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteCond %{REQUEST_URI} / [NC]
RewriteRule /(.*) ws://xp:8080/$1 [P,L]
</VirtualHost>