If I understood well, the ‘normal’ setup is to
let the client talk via https to nginx and to have all servers
behind nginx talk plain http.
web client --https–> nginx --http–> another server
However I have one setup, where I’d like to have an encrypted
communication between nginx and one of the other servers (which cannot
be reached directly by the web client)
web client --https–> nginx --https–> another server
Nginx may be able to intercept (decrypt) the request (no security issue
for the given setup), but it would also be fine if nginx wouldn’t be
able to decrypt the communication.
The remote server is also running nginx, but has however another
certificate.
Any suggestions / recommendations for such a setup?
On Mon, 2012-03-19 at 23:28 +0100, Gelonida N wrote:
If I understood well, the ‘normal’ setup is to
let the client talk via https to nginx and to have all servers
behind nginx talk plain http.
However I have one setup, where I’d like to have an encrypted
communication between nginx and one of the other servers (which cannot
be reached directly by the web client)
web client --https–> nginx --https–> another server
This is perfectly normal too, although probably less common.
Nginx may be able to intercept (decrypt) the request (no security issue
for the given setup), but it would also be fine if nginx wouldn’t be
able to decrypt the communication.
Nginx will need to decrypt the data in order to re-encrypt it for the
second leg.
The remote server is also running nginx, but has however another
certificate.
Won’t matter.
Any suggestions / recommendations for such a setup?
It is just as you described. Just use https:// as the scheme rather
than http:// in your proxy_pass directive.
Regards,
Cliff