NGINX SSL passthrough without certificate

Lukas Tribus luky-37 at
Fri Sep 5 10:22:17 UTC 2014


> Hi Lukas,
> While HAProxy is able to do some of those things (not sure about
> X-FORWARDED-FOR workarounds?)

Yes, haproxy supports and pushes the PROXY protocol for this exact reason.

> I'd still prefer to use NGINX where possible
> (for other reasons, such as PageSpeed support, etc)

Well, you can't use PageSpeed if you forward SSL encrypted TCP traffic,
can you? Perhaps you need a combination between the two?

For example, SNI based routing on a first (HAProxy) layer, passing the
SSL encrypted traffic either to nginx, for decryption/pagepspeed, etc or
directly to a backend (based on SNI).

> Is NGINX able to do any of the things mentioned in the question?

I don't think so, mainly because nginx' focus is http/https, not TCP




More information about the nginx mailing list