proxy protocol over a plain tcp with ssl

nir nginx-forum at
Thu Jan 11 13:22:47 UTC 2018

I'm trying to configure nginx which is behind an haproxy to pass the proxy
protocol over a plain tcp connection. It works well.
When I add ssl to the equation it fails. Below is the nginx configuration
block I'm using.
Is it a configuration issue or might be that it's not at all possible for
nginx to pass proxy protocol with ssl if the connection is not strictly

stream {
    upstream some_backend {
         server some_host:18010;

    server {
        listen                8010;
        listen                8012 ssl;
        proxy_pass            some_backend;
        proxy_protocol        on;

        ssl_certificate           /etc/ssl/server.crt;
        ssl_certificate_key   /etc/ssl/server.key;
        ssl_protocols         SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers           HIGH:!aNULL:!MD5;
        ssl_session_cache     shared:SSLTCP:20m;
        ssl_session_timeout   4h;
        ssl_handshake_timeout 30s;

Posted at Nginx Forum:,278113,278113#msg-278113

More information about the nginx mailing list