NGINX SSL passthrough without certificate

OzJD nginx-forum at
Fri Sep 5 08:04:28 UTC 2014

We currently have a backend server that listens for SSL requests, and (using
SNI) chooses to pass them on to the correct place, or alternatively will
serve the requested HTTPS.

Our current configuration is slow (not painfully, just slower than we'd
like), and we figured having NGINX do some of the work would speed things

Can NGINX pass through some HTTPS requests (by domain) without modifying
anything (by checking SNI in the initial packet)? Most (all?) websites
indicate that I should decode and encode the traffic (which is not be
possible because of cases such as

So ultimately, what would be ideal for us is:
1. NGINX sits on network boundary, listening for SSL/TLS connections
2. When a new connection comes in, NGINX decides to pass on the TLS
connection without touching it OR serve it as a regular HTTPS website (OR
depends on domain)

Lastly, is there any current way to achieve X-FORWARDED-FOR with HTTPS? I
understand it can't go into the actual HTTPS request, but figured it could
be sent BEFORE the HTTPS decode packet. (the receiving end would have to
understand this also)

Posted at Nginx Forum:,253088,253088#msg-253088

More information about the nginx mailing list