Queries in NGINX proxy features

Anamitra Dutta Majumdar (anmajumd) anmajumd at cisco.com
Fri Nov 15 20:33:06 UTC 2013


We are designing a deployment were NGINX front ends all incoming https connection and then forwards it to multiple web containers like
Tomcat and Node.js which listen on internal ports on 127.0.0.1.

I have some questions here

  1.  Is it possible to route Outbound connection through NGINX as well. I.e for requests outbound from Tomcat/Node.js, can the requests  be forwarded to an internal nginx port first over HTTP and then Nginx will proxy them to the destination over HTTPS?
  2.  Are there any high to medium severity known threats for having an HTTP connection between nginx and the other web containers listening on local ports on the same machine instead of using HTTPS.Is is there any other alternative?
  3.  What is the best way to allow access from a list of know IP addresses at the NGINX layer. That is a White list of Ips. Would it be by using mod_security or the ngx_http_access_module. Is the one better over the other?

Thanks,
Anamitra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20131115/535c0818/attachment.html>


More information about the nginx mailing list