Welcome! Log In Create A New Profile

Advanced

stream for TLS passthrough to multiple servers, each with their own certificate

Posted by atslash 
stream for TLS passthrough to multiple servers, each with their own certificate
March 11, 2020 07:45AM
I am trying to configure nginx to act as a load balancer for a group of servers, using TLS passthrough. I have corporate-issued certificates for the load balancer, as well as each of the three back-end servers. My current configuration is below.

stream {
upstream backend {
hash $remote_addr consistent;
server myserver1.example.com;
server myserver2.example.com;
server myserver3.example.com;
}

server {
listen 443;
ssl_certificate /path/to/loadbalancercert.pem;
ssl_certificate_key /path/to/loadbalancerkey.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_timeout 24h;
proxy_pass backend;
}
}
My issue is that while it will redirect to the three servers, in round robin, the browser warns that the certificate is untrusted, because the host for the back-end servers doesn't match the load balancer CN. I have configured the load balancer's certificate to include the hostname for each of the three back-end servers as a SAN. Any ideas how to get this to work?
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 85
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready