We are researching which tools would allow us to do what is described in
the subject.
After searching the archives here and in other places like
stackoverflow,
there seems to be conflicting info on whether this is possible. Perhaps
it
was not doable early in nginx’s life but is now? Based on the below
link
(which notes the upstream and reverse proxy modules), can we now have
nginx
listen on 443, and pass browser requests to it on to an upstream HTTPS
server which actually serves content, has the certs/keys and takes care
of
SSL handshake etc? In our use case we cannot house any keys/certs on
the
nginx box so must proxy everything (including SSL) to the upstream https
box, as if the end user (who makes the request from the browser) hit the
upstream server directly, and doesn’t have any missing or mismatching
certificate errors.
I hope my question is clear. Thanks for your help.
We are researching which tools would allow us to do what is described in
the subject.
After searching the archives here and in other places like stackoverflow,
there seems to be conflicting info on whether this is possible. Perhaps
it
was not doable early in nginx’s life but is now? Based on the below
link
(which notes the upstream and reverse proxy modules), can we now have
nginx
listen on 443, and pass browser requests to it on to an upstream HTTPS
server which actually serves content, has the certs/keys and takes care
of
SSL handshake etc?
I don’t believe so, no.
In our use case we cannot house any keys/certs on the nginx box so
must proxy everything (including SSL) to the upstream https box, as if
the
end user (who makes the request from the browser) hit the upstream
server
directly, and doesn’t have any missing or mismatching certificate
errors.
It sounds like you just need a TCP-layer proxy. I suggest HAProxy in TCP
mode.
I don’t believe the answer there is correct. I don’t believe you can
reverse-proxy an SSL connection into nginx without terminating it first,
using local certs.
