SSL Passthrough

Francis Daly francis at
Fri Feb 17 21:51:20 UTC 2017

On Fri, Feb 17, 2017 at 02:52:53PM -0500, agforte wrote:

Hi there,

> I have the following setup:
> I need the NGINX server to work as both reverse and forward proxy with SSL
> passthrough.

That's not going to work without a lot of patching of the nginx source.

nginx is not a forward proxy.

If you can rephrase your requirements in terms of things that nginx can
do, it might be possible to find a design that works.

If you can rephrase your requirements in terms of requests and responses
(I am not sure what exactly you are trying to do as-is), it may be
possible to come up with a solution -- but if the solution is "use this
non-nginx product in this particular way", you may be happier looking
for confirmation elsewhere.

> stream {

Note: "stream" is (effectively) a tcp-forwarder. nginx does not know or
care about what is inside the packets. "proxying", in the sense of http,
does not apply.

> while on the private server it says: 
> Post https://<PUBLIC_SERVER_IP>:8080/subscribe: malformed HTTP response
> "\x15\x03\x01\x00\x02\x02\x16"

Searching the web for \x15\x03\x01\x00\x02\x02\x16 suggests that that
is what you get back when you make a http request to a https server.


That "CONNECT" is what a http client does when it is configured to use
a http-proxy to connect to a https service.

> Do you have any suggestion on how to debug this? Is the fact that I am using
> HTTPS POST matter? Does it matter for NGINX that I am not using the default
> port 443 for SSL?

Your nginx config means that nginx does not care about http or https;
it just copies packets.

You'll want to rethink your design, in order to find something that can
do what you want.

Good luck with it,

Francis Daly        francis at

More information about the nginx mailing list