<div><div><div dir="auto">On Sun, Nov 20, 2022 at 1:07 PM masber masber <<a href="mailto:masber@hotmail.com" target="_blank">masber@hotmail.com</a>> wrote:<br></div><div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">




<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
dear nginx community,</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
I would like to communicate with a client with a server application, they can't see each other directly and I would like to use an nginx server to solve this. The communication goes through HTTPS which is already set up on the server. I was wondering whether
 it would be possible to configure nginx proxy without SSL termination.</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
I currently have this as a configuration</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
    server {
<div style="font-family:Calibri,Helvetica,sans-serif">      listen       6442;</div>
<div style="font-family:Calibri,Helvetica,sans-serif">      location / {</div>
<div style="font-family:Calibri,Helvetica,sans-serif">        proxy_pass https://kubeapi-vip.local:6442$uri$is_args$args;</div>
<div style="font-family:Calibri,Helvetica,sans-serif">      }</div>
    }</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
This works for HTTP but I am getting the following error when trying to access the server through HTTPS</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
I assume this is because the client expects nginx to have the certificate configured. Am I right?</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
What can I do in order to have nginx proxy without SSL termination?</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
thank you very much<br>
</div>
</div>

_______________________________________________<br>
nginx mailing list -- <a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
To unsubscribe send an email to <a href="mailto:nginx-leave@nginx.org" target="_blank">nginx-leave@nginx.org</a></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)" dir="auto"></blockquote><div dir="auto"><br></div><div dir="auto"><div dir="auto">Use the stream module for this, you basically do layer3/4 tunnel to the backend. Of course you won’t see any payload or be part of the higher level application decision making process at the nginx if you do this.</div><div dir="auto"><br></div><div dir="auto"><pre style="margin-top:0px;padding:var(--su12);border:0px;font-stretch:inherit;line-height:var(--lh-md);font-size:var(--fs-body1);vertical-align:baseline;box-sizing:inherit;width:auto;max-height:600px;overflow:auto;border-radius:var(--br-md)" dir="auto"><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant-caps:inherit;font-stretch:inherit;line-height:inherit;font-size:var(--fs-body1);vertical-align:baseline;box-sizing:inherit;white-space:inherit;border-radius:0px;color:var(--black-800)">stream {
    upstream stream_backend {
        server backend1.example.com:port;
        server backend2.example.com:port;
    }
    server {
        listen port;
        proxy_pass stream_backend;
    }
}</code></pre><pre style="margin-top:0px;padding:var(--su12);border:0px;font-stretch:inherit;line-height:var(--lh-md);font-size:var(--fs-body1);vertical-align:baseline;box-sizing:inherit;width:auto;max-height:600px;overflow:auto;border-radius:var(--br-md)" dir="auto"><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant-caps:inherit;font-stretch:inherit;line-height:inherit;font-size:var(--fs-body1);vertical-align:baseline;box-sizing:inherit;white-space:inherit;border-radius:0px;color:var(--black-800)"><br></code></pre><pre style="margin-top:0px;padding:var(--su12);border:0px;font-stretch:inherit;line-height:var(--lh-md);font-size:var(--fs-body1);vertical-align:baseline;box-sizing:inherit;width:auto;max-height:600px;overflow:auto;border-radius:var(--br-md)" dir="auto"><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant-caps:inherit;font-stretch:inherit;line-height:inherit;font-size:var(--fs-body1);vertical-align:baseline;box-sizing:inherit;white-space:inherit;border-radius:0px;color:var(--black-800)">Cheers,</code></pre><pre style="margin-top:0px;padding:var(--su12);border:0px;font-stretch:inherit;line-height:var(--lh-md);font-size:var(--fs-body1);vertical-align:baseline;box-sizing:inherit;width:auto;max-height:600px;overflow:auto;border-radius:var(--br-md)" dir="auto"><code style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant-caps:inherit;font-stretch:inherit;line-height:inherit;font-size:var(--fs-body1);vertical-align:baseline;box-sizing:inherit;white-space:inherit;border-radius:0px;color:var(--black-800)">Payam</code></pre></div><div dir="auto"><br></div></div></div></div>
</div>
</div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Payam Tarverdyan Chychi<br></div></div>