nginx proxy without ssl termination
Payam Chychi
pchychi at gmail.com
Sun Nov 20 21:13:59 UTC 2022
On Sun, Nov 20, 2022 at 1:07 PM masber masber <masber at hotmail.com> wrote:
> dear nginx community,
>
> I would like to communicate with a client with a server application, they
> can't see each other directly and I would like to use an nginx server to
> solve this. The communication goes through HTTPS which is already set up on
> the server. I was wondering whether it would be possible to configure nginx
> proxy without SSL termination.
>
> I currently have this as a configuration
>
> server {
> listen 6442;
> location / {
> proxy_pass https://kubeapi-vip.local:6442$uri$is_args$args;
> }
> }
>
> This works for HTTP but I am getting the following error when trying to
> access the server through HTTPS
>
> curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
>
> I assume this is because the client expects nginx to have the certificate
> configured. Am I right?
>
> What can I do in order to have nginx proxy without SSL termination?
>
> thank you very much
> _______________________________________________
> nginx mailing list -- nginx at nginx.org
> To unsubscribe send an email to nginx-leave at nginx.org
Use the stream module for this, you basically do layer3/4 tunnel to the
backend. Of course you won’t see any payload or be part of the higher level
application decision making process at the nginx if you do this.
stream {
upstream stream_backend {
server backend1.example.com:port;
server backend2.example.com:port;
}
server {
listen port;
proxy_pass stream_backend;
}
}
Cheers,
Payam
--
Payam Tarverdyan Chychi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20221120/b3a05b32/attachment.htm>
More information about the nginx
mailing list