nginx: forward ssl connection to another server
Solution 1
Try to proxy the tcp traffic instead of the http traffic
stream {
server {
listen SRC_IP:SRC_PORT;
proxy_pass DST_IP:DST_PORT;
}
}
for more details refer to the nginx documentation https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/
Solution 2
Here's a configuration that might work. Proxy through the master and forward everything to Server3. Use the ssl port but turn ssl off.
server {
listen 443;
server_name myserver.mydomain.whatever;
ssl off;
access_log /var/log/nginx/myserver.access.log;
error_log /var/log/nginx/myserver.error.og;
keepalive_timeout 60;
location / {
set $fixed_destination $http_destination;
if ( $http_destination ~* ^https(.*)$ )
{
set $fixed_destination http$1;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Destination $fixed_destination;
# Fix the “It appears that your reverse proxy set up is broken" error.
# might need to explicity set https://localip:port
proxy_pass $fixed_destination;
# force timeout if backend died.
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_read_timeout 90;
proxy_redirect http:// https://;
}
}
J J
Technology navigator & problem solver - critical projects and challenging situations are my specialty
Updated on July 24, 2022Comments
-
J J almost 2 years
I have a master nginx server deciding on the incoming server name where to route requests to. For two secondary servers this master nginx server is also holding ssl certificates and keys. The 3rd server is holding his own certificates and keys because there is a frequent update process for those.
My question is now how I can configure the master nginx server to forward all requests to server 3 which are coming in for this server. I cannot copy the certificates and keys from server 3 to the master server as they change too often.
-
J J over 8 yearsThanks for your help. I'm not quite sure if I get everything right. What am I supposed to do with the server definition for
listen 80;
? Redirect it to 443 on the master nginx server and then use your code example? Where in your example do you specify to which IP internally the request is forwarded to? -
J J over 8 yearsI tested it both ways. Either I get an error in the nginx log saying
2015/10/22 11:34:21 [error] 18229#0: *57916 invalid URL prefix in "", client: xxx.xxx.xxx.xxx, server: my_server_name, request: "GET / HTTP/1.1$
or the browser directly says that no secure connection could be established and refuses to connect. -
wolfhammer over 8 yearsLooks like it's not possible. Nginx does not do forward proxy. https and nginx as forward proxy.