Welcome! Log In Create A New Profile


Re: Routing Http2 traffic without decrypting tls packets

September 03, 2019 10:40AM
On Mon, Sep 02, 2019 at 05:45:59PM +0000, Jayarajan, Keerthi (AT ASP RTC) wrote:
> Hi,
> I'm working in blockchain project for Honeywell. We have blockchain nodes
> hosted in our cloud. These nodes should connect and talk to external node and
> vice versa. We are using Nginx as Reverse proxy server through which external
> node can connect to our nodes. We are using Hyperledger fabric blockchain
> framework which works on grpc protocol using http2. I found Nginx 1.15.2
> supports http2. So I installed it and tested sample grpc application(without
> tls) successfully. Now, I need external node to talk to our node reverse
> proxied via Nginx. But our nodes are tls encrypted and client authentication
> is enabled. I want the external node to talk to internal node as if the Nginx
> was not there. It should forward everything based on the hostname without
> decrypting the packets. I tried this ssl_preread directive but It says not
> allowed for http2. Can you please technically tell how this can be
> accomplished. Looking forward for your support. If this is feasible, we would
> like to go with Nginx Plus for production.

ngx_stream_ssl_preread_module that you mentioned above can route traffic
based on either server name requested through SNI or protocols advertised
in ALPN, or combination. The documentation for the module has complete
examples: http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html#example
You don't need "ssl http2" in the listen directive for it to work.
nginx mailing list
Subject Author Posted

Routing Http2 traffic without decrypting tls packets

Jayarajan, Keerthi (AT ASP RTC) September 02, 2019 01:48PM

Re: Routing Http2 traffic without decrypting tls packets

ru@nginx.com September 03, 2019 10:40AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 61
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready