NGINX SSL passthrough without certificate

Lukas Tribus luky-37 at
Fri Sep 5 08:15:48 UTC 2014


> We currently have a backend server that listens for SSL requests, and (using
> SNI) chooses to pass them on to the correct place, or alternatively will
> serve the requested HTTPS.
> Our current configuration is slow (not painfully, just slower than we'd
> like), and we figured having NGINX do some of the work would speed things
> up.
> Can NGINX pass through some HTTPS requests (by domain) without modifying
> anything (by checking SNI in the initial packet)? Most (all?) websites
> indicate that I should decode and encode the traffic (which is not be
> possible because of cases such as
> So ultimately, what would be ideal for us is:
> 1. NGINX sits on network boundary, listening for SSL/TLS connections
> 2. When a new connection comes in, NGINX decides to pass on the TLS
> connection without touching it OR serve it as a regular HTTPS website (OR
> depends on domain)
> Lastly, is there any current way to achieve X-FORWARDED-FOR with HTTPS? I
> understand it can't go into the actual HTTPS request, but figured it could
> be sent BEFORE the HTTPS decode packet. (the receiving end would have to
> understand this also)

For all those things, haproxy is way more adequate.




More information about the nginx mailing list