I have a collection of smallish internal-facing apps sitting on a server.
I have been asked to 'secure' these apps.
The apps currently:
+ provide HTTP service to clients
+ make use of a number of internal SOAP services
+ use LDAP (Active Directory) for user authentication
The various apps are written in Java, Groovy and Python.
Rather than hack each app, I would like to take a more system-based approach and completely interpose nginx between them and the rest of the world: I would like to have the apps ONLY talk to nginx on localhost and have nginx stand in for the apps. All (certificate) management will then be centralised. I assume that nginx will be more efficient at handling SSL/TLS as well....
I believe that I can use nginx (...there seem lots of example materials) to handle:
* reverse proxy https(from world) -> http(to localhost) for client access
* forward proxy SOAP(over http, from localhost) -> SOAP(over https, to world) with mutual authentication
I am unsure of the LDAP->LDAPS aspect.
Is this possible? Are there any HOWTO documents/pages/blogs/... detailing this?
I have seen very few examples of how this might happen.
I tried to replicate: https://jackiechen.blog/2019/01/24/nginx-sample-config-of-http-and-ldaps-reverse-proxy/
This gave me errors about ssl_certificate not being usable at the specific location in the config file. I assume new versions of nginx use a slightly different config file format?
Suggestions/thoughts gratefully received.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx