Francis Daly
February 17, 2017 04:52PM
On Fri, Feb 17, 2017 at 02:52:53PM -0500, agforte wrote:

Hi there,

> I have the following setup:
>
> PRIVATE SERVER <--> NGINX <--> PUBLIC SERVER
>
> I need the NGINX server to work as both reverse and forward proxy with SSL
> passthrough.

That's not going to work without a lot of patching of the nginx source.

nginx is not a forward proxy.

If you can rephrase your requirements in terms of things that nginx can
do, it might be possible to find a design that works.

If you can rephrase your requirements in terms of requests and responses
(I am not sure what exactly you are trying to do as-is), it may be
possible to come up with a solution -- but if the solution is "use this
non-nginx product in this particular way", you may be happier looking
for confirmation elsewhere.

> stream {

Note: "stream" is (effectively) a tcp-forwarder. nginx does not know or
care about what is inside the packets. "proxying", in the sense of http,
does not apply.

> while on the private server it says:
> Post https://<PUBLIC_SERVER_IP>:8080/subscribe: malformed HTTP response
> "\x15\x03\x01\x00\x02\x02\x16"

Searching the web for \x15\x03\x01\x00\x02\x02\x16 suggests that that
is what you get back when you make a http request to a https server.

> PRIVATE_SRV ? NGINX HTTP 161 CONNECT <PUBLIC_SRV_IP>:8080 HTTP/1.1

That "CONNECT" is what a http client does when it is configured to use
a http-proxy to connect to a https service.

> Do you have any suggestion on how to debug this? Is the fact that I am using
> HTTPS POST matter? Does it matter for NGINX that I am not using the default
> port 443 for SSL?

Your nginx config means that nginx does not care about http or https;
it just copies packets.

You'll want to rethink your design, in order to find something that can
do what you want.

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

SSL Passthrough

agforte February 17, 2017 02:52PM

Re: SSL Passthrough

Francis Daly February 17, 2017 04:52PM

Re: SSL Passthrough

agforte February 17, 2017 05:37PM

Re: SSL Passthrough

agforte February 17, 2017 05:23PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 188
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready