Upgrading plain HTTP to HTTPS using STARTTLS

lbc nginx-forum at nginx.us
Sun Aug 16 14:29:56 UTC 2015


Hello,

I consider switching from Apache to Nginx (or using it as a reverse proxy to
the Apache), but need to upgrade plain HTTP connections to HTTPS using the
scheme defined in RFC 2817. Reason for this is a client software running on
WiFi Captive Portals, which inserts an "Upgrade: TLS/1.x" request together
with custom headers just in front of the encrypted request from a guest's
browser to our login server. In order for this scheme to work, the
connection used for this kind of "ID request" to determine the hotspot in
use and the remaining communication must not change over the upgrade,
therefore redirection to the standard HTTPS port of the login server will
not work.

So, I wonder how I can configure Nginx to get the same effect of Apache's
"SSLEngine: optional" setting? I did read the docs about the "starttls"
setting in Nginx, but couldn't find an example on how exactly to use this in
a server block to achieve an upgrade to TLS.

Is it possible at all to configure Nginx this way? And if so, can I forward
custom headers such as "X-HotspotID" if Nginx would be used as a proxy?

Thanx in advance!

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,261044,261044#msg-261044



More information about the nginx mailing list