NGINX SSL passthrough without certificate

OzJD nginx-forum at nginx.us
Fri Sep 5 08:04:28 UTC 2014


We currently have a backend server that listens for SSL requests, and (using
SNI) chooses to pass them on to the correct place, or alternatively will
serve the requested HTTPS.

Our current configuration is slow (not painfully, just slower than we'd
like), and we figured having NGINX do some of the work would speed things
up.

Can NGINX pass through some HTTPS requests (by domain) without modifying
anything (by checking SNI in the initial packet)? Most (all?) websites
indicate that I should decode and encode the traffic (which is not be
possible because of cases such as https://google.com/).

So ultimately, what would be ideal for us is:
1. NGINX sits on network boundary, listening for SSL/TLS connections
2. When a new connection comes in, NGINX decides to pass on the TLS
connection without touching it OR serve it as a regular HTTPS website (OR
depends on domain)

Lastly, is there any current way to achieve X-FORWARDED-FOR with HTTPS? I
understand it can't go into the actual HTTPS request, but figured it could
be sent BEFORE the HTTPS decode packet. (the receiving end would have to
understand this also)

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,253088,253088#msg-253088



More information about the nginx mailing list