Interest in extending FastCGI / SCGI support to allow TLS encrypted connections to back end?
someukdeveloper at gmail.com
Mon Jan 21 07:07:46 UTC 2013
On 20/01/13 15:10, Peter Vereshagin wrote:
> 2013/01/18 17:45:13 +0000 Some Developer <someukdeveloper at gmail.com> => To nginx at nginx.org :
> SD> be unencrypted. Of course you can use something like stunnel (which
> SD> someone on this list told me about helpfully a while ago) to encrypt the
> SD> communications but that seems a bit messy. If Nginx supported TLS
> *CGI interfaces look to be the previous century demand. HTTP(S) seems to be
> the trend, even for the newly developed databases.
Unfortunately there really isn't much that you can use instead of
FastCGI or SCGI if you want to be able to host multiple applications
using different languages in a consistent manner.
> What's messy with your 'stunnel'? Why shouldn't you use the 'nginx' on the
> backend side with https as an uplink protocol? The your 'fastcgi client' nginx
> should use then the 'nginx on a backend side' as an https upstream.
I'm not sure I completely understand your point here. Are you suggesting
that you just run a simple Nginx server on the application so that the
front end Nginx server can just pass the requests to the Nginx on the
application server via HTTPS and then the local Nginx server just passes
the requests on to the application server on 127.0.0.1?
> SD> I can't be the only person who wants a 100% encrypted connection from
> SD> the browser to Nginx to the FastCGI application to the database.
> Are there any other web server(s) having this feature implemented then?
Not that I am aware of.
More information about the nginx