Routing Http2 traffic without decrypting tls packets

Jayarajan, Keerthi (AT ASP RTC) Keerthi.Jayarajan at
Mon Sep 2 17:45:59 UTC 2019


I'm working in blockchain project for Honeywell. We have blockchain nodes hosted in our cloud. These nodes should connect and talk to external node and vice versa. We are using Nginx as Reverse proxy server through which external node can connect to our nodes. We are using Hyperledger fabric blockchain framework which works on grpc protocol using http2. I found Nginx 1.15.2 supports http2. So I installed it and tested sample grpc application(without tls) successfully. Now, I need external node to talk to our node reverse proxied via Nginx. But our nodes are tls encrypted and client authentication is enabled. I want the external node to talk to internal node as if the Nginx was not there. It should forward everything based on the hostname without decrypting the packets. I tried this ssl_preread directive but It says not allowed for http2. Can you please technically tell how this can be accomplished. Looking forward for your support. If this is feasible, we would like to go with Nginx Plus for production.

Thanks and Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list