SSL proxy without certificate
Edho Arief
edho at myconan.net
Thu Nov 22 03:27:03 UTC 2012
On Thu, Nov 22, 2012 at 10:21 AM, Edmund Lhot <edmund.lhot at gmail.com> wrote:
> Hello!
>
> I want to proxy ssl connections to a backend without a certicate but it
> isn't working:
>
> server {
> listen x.x.x.x:443;
> location / {
> proxy_pass https://y.y.y.y:443;
> }
> }
>
> I tried to use an approach like this (client auth with self generated cert),
> but it didn't work too:
>
How is it not working?
> server {
>
> listen x.x.x.x:443 ssl;
>
> ssl on;
> ssl_certificate /etc/nginx/certs/server.crt;
> ssl_certificate_key /etc/nginx/certs/server.key;
> ssl_client_certificate /etc/nginx/certs/ca.crt;
> ssl_verify_client optional;
>
> location / {
> proxy_pass https://y.y.y.y:443;
>
> }
> }
>
> Must I have the customer certificate to proxy this kind of request or there
> is another way to do this?
>
I think the one you want is tcp layer proxying/balancing which is not
what nginx can do. Try using HAProxy instead.
More information about the nginx
mailing list