Welcome! Log In Create A New Profile

Advanced

Re: proxy protocol over a plain tcp with ssl

Roman Arutyunyan
January 11, 2018 12:22PM
Hi,

On Thu, Jan 11, 2018 at 08:22:47AM -0500, nir wrote:
> I'm trying to configure nginx which is behind an haproxy to pass the proxy
> protocol over a plain tcp connection. It works well.
> When I add ssl to the equation it fails. Below is the nginx configuration
> block I'm using.
> Is it a configuration issue or might be that it's not at all possible for
> nginx to pass proxy protocol with ssl if the connection is not strictly
> https?

It's not clear what exactly is not working, can you elaborate on that?

Just in case, PROXY protocol header is always sent (and expected) by nginx
prior to anything else. For SSL connections, PROXY protocol header is sent
prior to SSL handshake and is not encrypted.

> stream {
> upstream some_backend {
> server some_host:18010;
> }
>
> server {
> listen 8010;
> listen 8012 ssl;
> proxy_pass some_backend;
> proxy_protocol on;
>
> ssl_certificate /etc/ssl/server.crt;
> ssl_certificate_key /etc/ssl/server.key;
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers HIGH:!aNULL:!MD5;
> ssl_session_cache shared:SSLTCP:20m;
> ssl_session_timeout 4h;
> ssl_handshake_timeout 30s;
> }
> }
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278113,278113#msg-278113
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

--
Roman Arutyunyan
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

proxy protocol over a plain tcp with ssl

nir January 11, 2018 08:22AM

Re: proxy protocol over a plain tcp with ssl

Roman Arutyunyan January 11, 2018 12:22PM

Re: proxy protocol over a plain tcp with ssl

nir January 11, 2018 01:21PM

Re: proxy protocol over a plain tcp with ssl

nir January 11, 2018 07:22PM

Re: proxy protocol over a plain tcp with ssl

Yaroslav Zhuravlev January 18, 2018 07:14AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 98
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready