Force SSL redirection to target service host for all protocols
Francis Daly
francis at daoine.org
Tue Jul 14 13:16:53 UTC 2020
On Mon, Jul 13, 2020 at 02:57:34PM -0400, siva.pannier wrote:
Hi there,
> https://docs.nginx.com/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream/
>
> My TCP (non-ssl) client is able to hit the TCP Server (SSL enabled) via the
> Nginx (proxy_ssl) but buffered reader gets back only 'null'
When my client is "nc", and my server is "openssl s_server -port 12345",
things seem to work for me. Anything I write on one end is shown on the
other, with nginx handling the ssl/no-ssl translation.
> Server code:
> #########
> ServerSocketFactory ssf = SSLServerSocketFactory.getDefault();
> int port = 8091;
> ServerSocket ss = ssf.createServerSocket(port);
This looks like your server wants to listen on port 8091.
Your nginx configuration suggests that nginx listens on 8091, and talks
to the server on 12345.
> Nginx Conf:
> ############
> stream {
> upstream backend {
> server backend1.example.com:12345;
> }
>
> server {
> listen 8091;
> proxy_pass backend;
> proxy_ssl on;
Match the ports, and it should work.
Cheers,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list