Many articles have been written about this topic, yet none of them seem to fulfill the basic premise I wanted: get it working.

The problem for me was if I ran SSL, the redirect was talking plain http, and would try to redirect to the remote Splunk using http. My Splunk instance is also running on a different machine to the Nginx front end.

So here are the config file details:

nginx conf.d/splunk.conf

server {
    listen 443 ssl;
    server_name log log.domain.com;

    access_log  /var/log/nginx/splunk_access.log;
    error_log   /var/log/nginx/splunk_error.log;

    ssl                       on;
    ssl_certificate           certs/my.crt;
    ssl_certificate_key       certs/my.key;
    ssl_session_timeout       5m;
    ssl_ciphers               HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache         shared:SSL:128m;

    location / {
        auth_basic           "Login";
        auth_basic_user_file auth/users_file;

        proxy_pass       https://192.168.1.1:8000/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

splunk $SPLUNK_HOME/etc/system/local/web.conf

[settings]
enableSplunkWebSSL = 1