Interest in extending FastCGI / SCGI support to allow TLS encrypted connections to back end?

Some Developer someukdeveloper at gmail.com
Mon Jan 21 11:15:51 UTC 2013


On 21/01/13 07:31, Peter Vereshagin wrote:
> Hello.
>
> 2013/01/21 07:07:46 +0000 Some Developer <someukdeveloper at gmail.com> => To nginx at nginx.org :
> SD> On 20/01/13 15:10, Peter Vereshagin wrote:
> SD> > 2013/01/18 17:45:13 +0000 Some Developer <someukdeveloper at gmail.com> => To nginx at nginx.org :
> SD> > What's messy with your 'stunnel'? Why shouldn't you use the 'nginx' on the
> SD> > backend side with https as an uplink protocol? The your 'fastcgi client' nginx
> SD> > should use then the 'nginx on a backend side' as an https upstream.
> SD>
> SD> I'm not sure I completely understand your point here. Are you suggesting
> SD> that you just run a simple Nginx server on the application so that the
> SD> front end Nginx server can just pass the requests to the Nginx on the
> SD> application server via HTTPS and then the local Nginx server just passes
> SD> the requests on to the application server on 127.0.0.1?
>
> Short answer: yes.
>
> 127.0.0.1 or local socket or DMZ neighbor (the whatever).
>
> What's wrong with stunnel then?

Nothing is wrong with stunnel other than it adds extra complexity to 
your deployment. It would be nice if Nginx could handle this on its own. 
It clearly already can due to its support of HTTPS on the browser side 
so I can't imagine it would be very hard to add support on the FastCGI 
or SCGI side.



More information about the nginx mailing list