Capture clear text with Nginx reverse proxy

Francis Daly francis at daoine.org
Mon May 6 15:40:44 UTC 2019


On Sat, May 04, 2019 at 07:50:41PM +0000, Mik J via nginx wrote:

Hi there,

> I often try to solve problems between Nginx and the server communicating in https
> client <= https => Nginx <= https => server

> Is there a way to see in clear text what is exchanged between the Nginx reverse proxy and the server ?

Not directly, no.

None of these suggestions have been tested by me, so decide how useful
they might be before expending effort on trying them.

You could try enabling the debug log (it will be big) and seeing what
it says that nginx is sending.

Or you could possibly try to modify your nginx code to put the plaintext
content that nginx decrypts and encrypts somewhere that you can read
later.

Another possibility would be if you have access to the server's private
key -- then you could (in principle) capture the traffic and decrypt
it yourself. Since you don't have access to the upstream server, that
is less likely to be useful.

I suspect that the most likely in-nginx way would be to change your
nginx config so that it adds a "http" section, and then use "tcpdump"
to watch that traffic.

That is: currently, your config is something like

  server {
    listen 443 ssl;
    location / { proxy_pass https://upstream; }
  }

If you change it to instead be something like

  server {
    listen 127.0.0.1:8888;
    location / { proxy_pass https://upstream; }
  }
  server {
    listen 443 ssl;
    location / { proxy_pass http://127.0.0.1:8888; }
  }

then you could tcpdump to watch traffic to port 8888.

That does *not* show what nginx is sending to upstream; but it should
show the same sort of things that nginx would send to upstream. Perhaps
that is close enough for your purposes.

(Of course, if you are neither the ssl client nor the ssl server, the
whole point of ssl is that you cannot see the plaintext.)

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list