Welcome! Log In Create A New Profile

Advanced

Re: ssl preread for postgres connection

Maxim Dounin
May 14, 2023 10:34AM
Hello!

On Sun, May 14, 2023 at 09:55:54AM +0400, Roman Arutyunyan wrote:

> Hi Eduard,
>
> On Sat, May 13, 2023 at 10:43:59PM -0600, Eduard Vercaemer wrote:
> > for some context, I recently I tried configuring nginx as a tcp proxy that
> > routes
> > connections based on sni to multiple upstream services
> >
> > the server only exposes one tcp port, and receives all connections there,
> > for example
> > a connection to redis.example.com:1234 would be proxy_pass'ed to some port
> > in the
> > machine, a connection to www.example.com:1234 to another, etc.
> >
> > i used nginx itself to terminate the tls for all services for convenience
> >
> > the problem:
> > now here is the issue, 1: postgres does some weird custom ssl stuff, which
> > means I
> > cannot terminate the ssl from within nginx
>
> In this case there must be an SSL error logged in nginx error log.
> Can you post it?

Postgres uses their own protocol with STARTTLS-like interface to
initiate SSL handshake, see here:

https://www.postgresql.org/docs/current/protocol-flow.html#id-1.10.6.7.12

That is, it's not going to work with neither SSL termination, nor
SSL preread, and needs an implementation of the Postgres protocol.

[...]

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

ssl preread for postgres connection

Eduard Vercaemer May 14, 2023 12:46AM

Re: ssl preread for postgres connection

Roman Arutyunyan May 14, 2023 01:56AM

Re: ssl preread for postgres connection

Maxim Dounin May 14, 2023 10:34AM

Re: ssl preread for postgres connection

J Carter May 14, 2023 02:10PM

Re: ssl preread for postgres connection

J Carter May 14, 2023 02:44PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 195
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready