Hi Maxim,
I understand. Followup question is:
Is NGINX capable of presenting clients with different SSL certificate based on SNI?
As in:
stream {
server {
ssl_certificate foo.example.com http://foo.example.com/.crt;
ssl_certificate bar.example.com http://bar.example.com/.crt;
...
}
}
Best Regards,
Danila
> On 13 Aug 2018, at 00:12, Maxim Dounin <mdounin@mdounin.ru> wrote:
>
> Hello!
>
> On Sun, Aug 12, 2018 at 11:33:25PM +0300, Danila Vershinin wrote:
>
>> It seems that nginx can accept PROXY protocol fine, but when it
>> comes to forwarding, it can only do so only within a stream {
>> server { … proxy_protocol on; } } .
>>
>> Are there any plans to add proxy_protocol on; for regular HTTP
>> server blocks so it can be used alongside proxy_pass? This would
>> come in very handy in a situation where NGINX is used as SSL
>> terminator, e.g.:
>>
>> NGINX (SSL) → (Proxy protocol) → Varnish.
>>
>> Varnish supports accepting PROXY protocol.
>
> There are no such plans, because in HTTP the same connection can
> be used for requests from different clients. Consider using
> X-Forwarded-For instead.
>
> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx