We are designing a deployment were NGINX front ends all incoming https connection and then forwards it to multiple web containers like Tomcat and Node.js which listen on internal ports on 127.0.0.1. I have some questions here 1. Is it possible to route Outbound connection through NGINX as well. I.e for requests outbound from Tomcat/Node.js, can the requests be forwarded to an internal nginx port first over HTTP and then Nginx will proxy them to the destination over HTTPS? 2. Are there any high to medium severity known threats for having an HTTP connection between nginx and the other web containers listening on local ports on the same machine instead of using HTTPS.Is is there any other alternative? 3. What is the best way to allow access from a list of know IP addresses at the NGINX layer. That is a White list of Ips. Would it be by using mod_security or the ngx_http_access_module. Is the one better over the other? Thanks, Anamitra
on 2013-11-15 21:33
on 2013-11-15 22:05
One of the things that I did was to use unix sockets to the backend.