NGINX SSL passthrough without certificate
Lukas Tribus
luky-37 at hotmail.com
Fri Sep 5 10:22:17 UTC 2014
Hi,
> Hi Lukas,
>
> While HAProxy is able to do some of those things (not sure about
> X-FORWARDED-FOR workarounds?)
Yes, haproxy supports and pushes the PROXY protocol for this exact reason.
> I'd still prefer to use NGINX where possible
> (for other reasons, such as PageSpeed support, etc)
Well, you can't use PageSpeed if you forward SSL encrypted TCP traffic,
can you? Perhaps you need a combination between the two?
For example, SNI based routing on a first (HAProxy) layer, passing the
SSL encrypted traffic either to nginx, for decryption/pagepspeed, etc or
directly to a backend (based on SNI).
> Is NGINX able to do any of the things mentioned in the question?
I don't think so, mainly because nginx' focus is http/https, not TCP
forwarding.
Regards,
Lukas
More information about the nginx
mailing list