We are designing a deployment were NGINX front ends all incoming https
connection and then forwards it to multiple web containers like
Tomcat and Node.js which listen on internal ports on 127.0.0.1.
I have some questions here
- Is it possible to route Outbound connection through NGINX as well.
I.e for requests outbound from Tomcat/Node.js, can the requests be
forwarded to an internal nginx port first over HTTP and then Nginx will
proxy them to the destination over HTTPS? - Are there any high to medium severity known threats for having an
HTTP connection between nginx and the other web containers listening on
local ports on the same machine instead of using HTTPS.Is is there any
other alternative? - What is the best way to allow access from a list of know IP
addresses at the NGINX layer. That is a White list of Ips. Would it be
by using mod_security or the ngx_http_access_module. Is the one better
over the other?
Thanks,
Anamitra