Cache HTTPS-Responses in nginx

I want to cache responses from https://example.com (SSL/TLS !) with nginx, so basically a forward-proxy that caches a response for 10m.

I'm using docker with this image, as it has the ngx_http_proxy_connect_module implemented.

Currently I have set it up like this:

user www-data;
worker_processes auto;
events { }

http {
    server_names_hash_bucket_size 128;


    log_format cache_log '$remote_addr - $upstream_cache_status [$time_local]  '
                    '"$request" $status $body_bytes_sent '
                    'URI: $request_uri - duration: "$request_time';

    access_log /var/log/nginx_access.log cache_log;
    error_log /var/log/nginx_errors.log;


    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=inventory_cache:10m max_size=10g;

    server {
        listen       8888;
        server_name  xyz.com;
        proxy_connect;
        proxy_max_temp_file_size 0;
        resolver 8.8.8.8;
        location / {
           proxy_cache inventory_cache;
           add_header X-Cache-Status $upstream_cache_status;
           proxy_pass https://$http_host;
           proxy_set_header Host $http_host;
        }
    }

    # Everything else is denied
    server {
        listen       8888;
        server_name ~.+;
        return 404;
    }

}

I expected $upstream_cache_status to show the cache-status, but it's always - So I guess the caching is not happening.

Could it be due to SSL/TLS? I tried providing ssl_certificate and ssl_certificate_key but then I got the error unknown directive ssl_certificate.

I would prefer a solution with the normal nginx docker-image but I didn't manage to pass https requests. With the image I am using now, the https proxying works but not the caching..

So any solution is welcome, that caches responses form HTTPS servers. I wonder if this is not possible?

Or to phrase it differently: If a HTTPS-server, that I have no control over, has no caching enabled, how can I enable it for myself?

Yes you can do that in nginx, but your problem is caused by the specific configuration you're using, you have to change the way you configure your SSL/TLS

user www-data;
worker_processes auto;
events { }

http {
    server_names_hash_bucket_size 128;

    log_format cache_log '$remote_addr - $upstream_cache_status [$time_local]  '
                    '"$request" $status $body_bytes_sent '
                    'URI: $request_uri - duration: "$request_time';

    access_log /var/log/nginx_access.log cache_log;
    error_log /var/log/nginx_errors.log;

    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=inventory_cache:10m max_size=10g;

    server {
        listen       8888 ssl;
        server_name  xyz.com;

        ssl_certificate /path/to/your/certificate.crt;
        ssl_certificate_key /path/to/your/private.key;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384';
        ssl_prefer_server_ciphers on;

        location / {
           proxy_cache inventory_cache;
           add_header X-Cache-Status $upstream_cache_status;
           proxy_pass https://$http_host;
           proxy_set_header Host $http_host;
        }
    }

    # Everything else is denied
    server {
        listen       8888;
        server_name ~.+;
        return 404;
    }
}

be sure to replace /path/to/your/certificate.crt and /path/to/your/private.key

if that still dont work you can add the following in the location block

proxy_ignore_headers Cache-Control;
proxy_ignore_headers Set-Cookie;