Pass https requests to backend servers

Sjaak_P · July 15, 2010, 4:08pm

Hello,
here at our company we are setting up an nginx loadbalancer before a
couple
of webservers(2 tomcat/ 2 iis).

The problem that we walk in to is that we want to do the ssl handling on
the
backend servers.
we know how to do it on the nginx server but is it possible for nginx to
pass trough all the ssl requests to the backend without handling itself?

Hope you can help.
grt Peter
(apologize for the bad English)

Sjaak_P · July 15, 2010, 4:52pm

Dear Sjaak,

On Don 15.07.2010 16:07, Sjaak P. wrote:

Hello,
here at our company we are setting up an nginx loadbalancer before a
couple of webservers(2 tomcat/ 2 iis).

The problem that we walk in to is that we want to do the ssl handling
on the backend servers.
we know how to do it on the nginx server but is it possible for nginx
to pass trough all the ssl requests to the backend without handling
itself?

Afaik no.

You will need some tcp loadbalancer (=haproxy) for this.

You can talk with the backend https if you want to encrypt the
communication between frontend and backend.

proxy_pass https://…

Hth

Aleks

Sjaak_P · July 15, 2010, 5:12pm

Hey Aleks,
it’s to bad that it is not possible.

but when the traffic between the LB en backend is also encrypted is’nt
it a
double burden for the LB server?

2010/7/15 Aleksandar L. [email protected]

Sjaak_P · July 15, 2010, 5:46pm

Hi,

The problem that we walk in to is that we want to do the ssl handling on
the
backend servers.
we know how to do it on the nginx server but is it possible for nginx to
pass trough all the ssl requests to the backend without handling itself?

You might try using nginx_tcp_proxy_module [1]. It seems that it should
be
able to handle such scenario, but to be honest I never used it, so you
must
verify this for yourself.

[1] GitHub - yaoweibin/nginx_tcp_proxy_module: add the feature of tcp proxy with nginx, with health check and status monitor

Best regards,
Piotr S. < [email protected] >

Sjaak_P · July 16, 2010, 9:13am

Hi Sjaak,

On Don 15.07.2010 17:11, Sjaak P. wrote:

Hey Aleks,
it’s to bad that it is not possible.

but when the traffic between the LB en backend is also encrypted is’nt
it a double burden for the LB server?

Yes.

nginx mailing list
[email protected]
nginx Info Page