proxy protocol over a plain tcp with ssl
Roman Arutyunyan
arut at nginx.com
Thu Jan 11 17:20:13 UTC 2018
Hi,
On Thu, Jan 11, 2018 at 08:22:47AM -0500, nir wrote:
> I'm trying to configure nginx which is behind an haproxy to pass the proxy
> protocol over a plain tcp connection. It works well.
> When I add ssl to the equation it fails. Below is the nginx configuration
> block I'm using.
> Is it a configuration issue or might be that it's not at all possible for
> nginx to pass proxy protocol with ssl if the connection is not strictly
> https?
It's not clear what exactly is not working, can you elaborate on that?
Just in case, PROXY protocol header is always sent (and expected) by nginx
prior to anything else. For SSL connections, PROXY protocol header is sent
prior to SSL handshake and is not encrypted.
> stream {
> upstream some_backend {
> server some_host:18010;
> }
>
> server {
> listen 8010;
> listen 8012 ssl;
> proxy_pass some_backend;
> proxy_protocol on;
>
> ssl_certificate /etc/ssl/server.crt;
> ssl_certificate_key /etc/ssl/server.key;
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers HIGH:!aNULL:!MD5;
> ssl_session_cache shared:SSLTCP:20m;
> ssl_session_timeout 4h;
> ssl_handshake_timeout 30s;
> }
> }
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278113,278113#msg-278113
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
--
Roman Arutyunyan
More information about the nginx
mailing list