Welcome! Log In Create A New Profile

Advanced

Re: Force SSL redirection to target service host for all protocols

Francis Daly
July 14, 2020 09:18AM
On Mon, Jul 13, 2020 at 02:57:34PM -0400, siva.pannier wrote:

Hi there,

> https://docs.nginx.com/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream/
>
> My TCP (non-ssl) client is able to hit the TCP Server (SSL enabled) via the
> Nginx (proxy_ssl) but buffered reader gets back only 'null'

When my client is "nc", and my server is "openssl s_server -port 12345",
things seem to work for me. Anything I write on one end is shown on the
other, with nginx handling the ssl/no-ssl translation.

> Server code:
> #########
> ServerSocketFactory ssf = SSLServerSocketFactory.getDefault();
> int port = 8091;
> ServerSocket ss = ssf.createServerSocket(port);

This looks like your server wants to listen on port 8091.

Your nginx configuration suggests that nginx listens on 8091, and talks
to the server on 12345.

> Nginx Conf:
> ############
> stream {
> upstream backend {
> server backend1.example.com:12345;
> }
>
> server {
> listen 8091;
> proxy_pass backend;
> proxy_ssl on;

Match the ports, and it should work.

Cheers,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Force SSL redirection to target service host for all protocols

siva.pannier July 03, 2020 09:12AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 06, 2020 12:15AM

Re: Force SSL redirection to target service host for all protocols

Francis Daly July 08, 2020 03:56AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 10, 2020 10:49AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 13, 2020 02:57PM

Re: Force SSL redirection to target service host for all protocols

Francis Daly July 14, 2020 09:18AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 14, 2020 09:55AM

Re: Force SSL redirection to target service host for all protocols

Francis Daly July 14, 2020 10:02AM

Re: Force SSL redirection to target service host for all protocols

siva.pannier July 15, 2020 09:16AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 59
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready