There are usually two ways to realize the certificateless forwarding function in nginx:

1. Use a self-signed certificate:

-Create a self-signed certificate: Use openssl or other tools to generate a self-signed ssl certificate without the signature of a third-party certificate authority (CA).

-Configure nginx: specify the path of the generated SSL certificate and private key in the nginx configuration file and apply it to the server configuration corresponding to the site to be forwarded.

-Verify the certificate: Since the self-signed certificate is not signed by a trusted CA authority, a warning message will appear when the client accesses it, so you can choose to trust the certificate and continue to access it.

2. Configure the HTTPS proxy:

-Configure nginx as an HTTP proxy server: configure proxy_pass instruction in nginx configuration file to forward the original HTTPS request to the target server via HTTP.

-Configure the target server: Ensure that the target server supports the HTTPS protocol, which can be a self-signed certificate or a valid CA-signed certificate.

-Authentication certificate: Because the HTTP protocol is used between the client and nginx, there is no need to configure a certificate on nginx, but the client still needs to authenticate the certificate when accessing the target server.

There are some risks in certificateless forwarding, because certificateless HTTPS transmission may be stolen and tampered with by man-in-the-middle attacks. Therefore, it is recommended to use a valid CA signing certificate to ensure security in the production environment.