SSL proxy without certificate

Edho Arief edho at myconan.net
Thu Nov 22 03:27:03 UTC 2012


On Thu, Nov 22, 2012 at 10:21 AM, Edmund Lhot <edmund.lhot at gmail.com> wrote:
> Hello!
>
> I want to proxy ssl connections to a backend without a certicate but it
> isn't working:
>
> server {
>   listen x.x.x.x:443;
>   location / {
>       proxy_pass https://y.y.y.y:443;
>   }
> }
>
> I tried to use an approach like this (client auth with self generated cert),
> but it didn't work too:
>

How is it not working?

> server {
>
>         listen x.x.x.x:443 ssl;
>
>         ssl                  on;
>         ssl_certificate      /etc/nginx/certs/server.crt;
>         ssl_certificate_key  /etc/nginx/certs/server.key;
>         ssl_client_certificate /etc/nginx/certs/ca.crt;
>         ssl_verify_client optional;
>
>         location / {
>             proxy_pass https://y.y.y.y:443;
>
>         }
> }
>
> Must I have the customer certificate to proxy this kind of request or there
> is another way to do this?
>

I think the one you want is tcp layer proxying/balancing which is not
what nginx can do. Try using HAProxy instead.



More information about the nginx mailing list