On Thu, Jul 07, 2022 at 11:17:03AM -0300, Daniel A. Rodriguez wrote:
Hi there,
> Nginx is actually working as RP for several subdomains for which is also SSL
> termination. The traefik box is out of my scope, but it has the ability to
> negotiate TLS certificates for its own. That's why I need to forward just
> specific subdomain TCP traffic to it.
I think you are indicating that you currently have a http section with
something like
===
server {
listen nginx-ip:443 ssl;
server_name one.example.com;
location / {
proxy_pass http://internal-one;
# or maybe "https://internal-one;"
}
}
server {
listen nginx-ip:443 ssl;
server_name two.example.com;
location / {
proxy_pass http://internal-two;
# or maybe "https://internal-two;"
}
}
===
If you need your traefik server to see the original data stream from the
client (such as: if your traefik server is using client certificates for
authentication; I can't immediately think of any other https reason),
then I suspect that in nginx terms you will need a second IP address,
and have a separate nginx "stream" block that will listen on that-ip:443.
If you are not using client certificates, you can still use a second IP
to let traefik see the original data stream. But maybe you can "get away"
with a normal http proxy_pass?
I guess it depends on your use case, and I'm afraid that I do not know
what your specific use case is.
The short answer is: on a single IP:port, nginx either listens for stream,
or for http, but not both.
Cheers,
f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org