Welcome! Log In Create A New Profile

Advanced

How to have SSL passthrough with source ip preservation

Posted by martinlev 
Forum List Message List New Topic
martinlev
How to have SSL passthrough with source ip preservation
February 07, 2018 11:04AM
Hey,

I would like to know how to have SSL passthrought (using map $ssl_preread_server_name) where I have one main load balancer forwarding the traffic to multiple Node.js servers. The Node.js servers don't have NGINX in front except the load balancer, so the SSL configurations are in Node.js, not NGINX.

The load balancer - entry NGINX config looks like that:

--
stream {
map $ssl_preread_server_name $name {
backend.example.com backend;
}

upstream backend {
server 192.168.0.1:443;
}

server {
listen 443;
proxy_pass $name;
ssl_preread on;
}
}
--

And I would like to set x-forwarded-for real ip so that the Node.js servers can get the client IPs (not the load balancer ip).

I saw there is proxy_protocol (within a stream), but it looks like it's not working with the kind of settings I am using (SSL credentiels directly in Node.js, not NGINX).

Any idea how to accomplish this?

Thanks
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 316
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready