ssl preread for postgres connection

Eduard Vercaemer vercaemereduard at
Sun May 14 04:43:59 UTC 2023

for some context, I recently I tried configuring nginx as a tcp proxy that
connections based on sni to multiple upstream services

the server only exposes one tcp port, and receives all connections there,
for example
a connection to would be proxy_pass'ed to some port
in the
machine, a connection to to another, etc.

i used nginx itself to terminate the tls for all services for convenience

the problem:
now here is the issue, 1: postgres does some weird custom ssl stuff, which
means I
cannot terminate the ssl from within nginx, and 2: doing a tcp pass through
the ssl termination, and attempting to use ssl_preread and
_does not_ work for postgres connections (the module fails to extract the
server name)

what I attempted:
what I first thought of was to expand on the ssl_preread module to support
connections, I went into the source code and found that the module inserts
a handler into
I tried looking into the buffer in this phase and no useful data showed up,
I then tried to
insert a second handler into the `NGX_STREAM_CONTENT_PHASE` and first
it is never used or initialised to begin with, so I did that, but then it
looks like no buffer
is ever available in this phase

any input, pointers, or suggestions are really welcomed

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list