Proxy to upstream HTTPS server *without* any keys/certs in nginx
gchodos at gmail.com
Wed Sep 25 14:57:42 UTC 2013
On Tuesday, September 24, 2013, Jonathan Matthews wrote:
> 'cvml', 'gchodos at gmail.com');>> wrote:
> > Hello,
> > We are researching which tools would allow us to do what is described in
> the subject.
> > After searching the archives here and in other places like
> stackoverflow, there seems to be conflicting info on whether this is
> possible. Perhaps it was not doable early in nginx's life but is now?
> Based on the below link (which notes the upstream and reverse proxy
> modules), can we now have nginx listen on 443, and pass browser requests to
> it on to an upstream HTTPS server which actually serves content, has the
> certs/keys and takes care of SSL handshake etc?
> I don't believe so, no.
> > In our use case we cannot house any keys/certs on the nginx box so
> must proxy everything (including SSL) to the upstream https box, as if the
> end user (who makes the request from the browser) hit the upstream server
> directly, and doesn't have any missing or mismatching certificate errors.
> It sounds like you just need a TCP-layer proxy. I suggest HAProxy in TCP
Bingo! This works perfectly. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx