Welcome! Log In Create A New Profile

Advanced

Re: Force SSL redirection to target service host for all protocols

July 13, 2020 02:57PM
Hi there,

I have tried doing TCP redirection to a backend TCP server with SSL enabled following the below URL.

https://docs.nginx.com/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream/

My TCP (non-ssl) client is able to hit the TCP Server (SSL enabled) via the Nginx (proxy_ssl) but buffered reader gets back only 'null'

Client code:
##########
Socket socket = new Socket(hostname, port);
InputStream input = socket.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(input));
String time = reader.readLine(); //returns only null
System.out.println(time);

Server code:
#########
ServerSocketFactory ssf = SSLServerSocketFactory.getDefault();
int port = 8091;
ServerSocket ss = ssf.createServerSocket(port);

while (true) {
Socket sock = ss.accept();
try {
System.out.println("New client connected");
//BufferedReader br = new BufferedReader(new InputStreamReader(sock.getInputStream()));
//String data = br.readLine();
PrintWriter pw = new PrintWriter(sock.getOutputStream());
pw.println(new Date().toString() + " from port: "+port);
pw.flush();
pw.close();
sock.close();
....
....

Nginx Conf:
############
stream {
upstream backend {
server backend1.example.com:12345;
}

server {
listen 8091;
proxy_pass backend;
proxy_ssl on;

proxy_ssl_certificate /etc/ssl/certs/backend.crt;
proxy_ssl_certificate_key /etc/ssl/certs/backend.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_trusted_certificate /etc/ssl/certs/trusted_ca_cert.crt;

proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
}
}


can somebody please suggest what is wrong with the above configuration?
Subject Author Posted

Force SSL redirection to target service host for all protocols

siva.pannier July 03, 2020 09:12AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 06, 2020 12:15AM

Re: Force SSL redirection to target service host for all protocols

Francis Daly July 08, 2020 03:56AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 10, 2020 10:49AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 13, 2020 02:57PM

Re: Force SSL redirection to target service host for all protocols

Francis Daly July 14, 2020 09:18AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 14, 2020 09:55AM

Re: Force SSL redirection to target service host for all protocols

Francis Daly July 14, 2020 10:02AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 15, 2020 09:16AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 73
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready