PROXY protocol to upstream server
Danila Vershinin
ciapnz at gmail.com
Sun Aug 12 22:38:38 UTC 2018
Hi Maxim,
I understand. Followup question is:
Is NGINX capable of presenting clients with different SSL certificate based on SNI?
As in:
stream {
server {
ssl_certificate foo.example.com <http://foo.example.com/>.crt;
ssl_certificate bar.example.com <http://bar.example.com/>.crt;
...
}
}
Best Regards,
Danila
> On 13 Aug 2018, at 00:12, Maxim Dounin <mdounin at mdounin.ru> wrote:
>
> Hello!
>
> On Sun, Aug 12, 2018 at 11:33:25PM +0300, Danila Vershinin wrote:
>
>> It seems that nginx can accept PROXY protocol fine, but when it
>> comes to forwarding, it can only do so only within a stream {
>> server { … proxy_protocol on; } } .
>>
>> Are there any plans to add proxy_protocol on; for regular HTTP
>> server blocks so it can be used alongside proxy_pass? This would
>> come in very handy in a situation where NGINX is used as SSL
>> terminator, e.g.:
>>
>> NGINX (SSL) → (Proxy protocol) → Varnish.
>>
>> Varnish supports accepting PROXY protocol.
>
> There are no such plans, because in HTTP the same connection can
> be used for requests from different clients. Consider using
> X-Forwarded-For instead.
>
> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180813/7d9d2be8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180813/7d9d2be8/attachment.bin>
More information about the nginx
mailing list