Hello,
Is it possible to use nginx as load balancer for SSL traffic?
Will connections from nginx to web servers be encrypted?
What are encryption options are available?
Is there some fast non SSL encryption available? (e.g. symmetric keys)
Thank You!
Max
Max Sevenfold wrote:
Hello,
Is it possible to use nginx as load balancer for SSL traffic?
Yes, see example below
server {
listen 443 default;
ssl_verify_client off;
ssl on;
ssl_certificate /etc/nginx/nginx.cert;
ssl_certificate_key /etc/nginx/nginx.key;
ssl_session_cache shared:ssl:100m;
location / {
proxy_pass http://non-ssl-backend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-HTTPS on;
proxy_set_header X-Real-IP
$remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify
SUCCESS;
proxy_set_header X-SSL-Subject
$ssl_client_s_dn;
proxy_set_header X-SSL-Issuer
$ssl_client_i_dn;
}
}
Will connections from nginx to web servers be encrypted?
No the connection will be forwarded to the backend via clear http
What are encryption options are available?
I think all ciphers from the openssl library.
Is there some fast non SSL encryption available? (e.g. symmetric keys)
Not that I know off.
Regards,
Marlon de Boer
System administrator http://www.hyves.nl
Hello!
On Wed, Jul 02, 2008 at 11:50:08PM +0200, Marlon de Boer wrote:
ssl on;
$remote_addr;
Will connections from nginx to web servers be encrypted?
No the connection will be forwarded to the backend via clear http
Actually, nginx supports https connections to backends, just use
proxy_pass https://...;
But usually it isn’t required.
Maxim D.