How to use NGINX as LDAP -> LDAPS forward proxy

[Bob Brown]

I have a collection of smallish internal-facing apps sitting on a server.

I have been asked to 'secure' these apps.

The apps currently:
+ provide HTTP service to clients
+ make use of a number of internal SOAP services
+ use LDAP (Active Directory) for user authentication

The various apps are written in Java, Groovy and Python.

Rather than hack each app, I would like to take a more system-based approach and completely interpose nginx between them and the rest of the world: I would like to have the apps ONLY talk to nginx on localhost and have nginx stand in for the apps. All (certificate) management will then be centralised. I assume that nginx will be more efficient at handling SSL/TLS as well...

I believe that I can use nginx (...there seem lots of example materials) to handle:

  *   reverse proxy https(from world) -> http(to localhost) for client access
  *   forward proxy SOAP(over http, from localhost) -> SOAP(over https, to world) with mutual authentication

I am unsure of the LDAP->LDAPS aspect.

Is this possible? Are there any HOWTO documents/pages/blogs/... detailing this?

I have seen very few examples of how this might happen.

I tried to replicate: https://jackiechen.blog/2019/01/24/nginx-sample-config-of-http-and-ldaps-reverse-proxy/

This gave me errors about ssl_certificate not being usable at the specific location in the config file. I assume new versions of nginx use a slightly different config file format?

Suggestions/thoughts gratefully received.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210125/bc873fe9/attachment.htm>