How to use NGINX as LDAP -> LDAPS forward proxy
bob at transentia.com.au
Mon Jan 25 08:35:49 UTC 2021
I have a collection of smallish internal-facing apps sitting on a server.
I have been asked to 'secure' these apps.
The apps currently:
+ provide HTTP service to clients
+ make use of a number of internal SOAP services
+ use LDAP (Active Directory) for user authentication
The various apps are written in Java, Groovy and Python.
Rather than hack each app, I would like to take a more system-based approach and completely interpose nginx between them and the rest of the world: I would like to have the apps ONLY talk to nginx on localhost and have nginx stand in for the apps. All (certificate) management will then be centralised. I assume that nginx will be more efficient at handling SSL/TLS as well...
I believe that I can use nginx (...there seem lots of example materials) to handle:
* reverse proxy https(from world) -> http(to localhost) for client access
* forward proxy SOAP(over http, from localhost) -> SOAP(over https, to world) with mutual authentication
I am unsure of the LDAP->LDAPS aspect.
Is this possible? Are there any HOWTO documents/pages/blogs/... detailing this?
I have seen very few examples of how this might happen.
I tried to replicate: https://jackiechen.blog/2019/01/24/nginx-sample-config-of-http-and-ldaps-reverse-proxy/
This gave me errors about ssl_certificate not being usable at the specific location in the config file. I assume new versions of nginx use a slightly different config file format?
Suggestions/thoughts gratefully received.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx