Proxy to upstream HTTPS server *without* any keys/certs in nginx
Gary Chodos
gchodos at gmail.com
Wed Sep 25 14:57:42 UTC 2013
On Tuesday, September 24, 2013, Jonathan Matthews wrote:
> On 24 Sep 2013 18:55, "Gary Chodos" <gchodos at gmail.com <javascript:_e({},
> 'cvml', 'gchodos at gmail.com');>> wrote:
> >
> > Hello,
> >
> > We are researching which tools would allow us to do what is described in
> the subject.
> >
> > After searching the archives here and in other places like
> stackoverflow, there seems to be conflicting info on whether this is
> possible. Perhaps it was not doable early in nginx's life but is now?
> Based on the below link (which notes the upstream and reverse proxy
> modules), can we now have nginx listen on 443, and pass browser requests to
> it on to an upstream HTTPS server which actually serves content, has the
> certs/keys and takes care of SSL handshake etc?
>
> I don't believe so, no.
>
> > In our use case we cannot house any keys/certs on the nginx box so
> must proxy everything (including SSL) to the upstream https box, as if the
> end user (who makes the request from the browser) hit the upstream server
> directly, and doesn't have any missing or mismatching certificate errors.
>
> It sounds like you just need a TCP-layer proxy. I suggest HAProxy in TCP
> mode.
>
Bingo! This works perfectly. Thanks.
Gary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130925/e2d1bdba/attachment.html>
More information about the nginx
mailing list