Forum List Message List New Topic Print View

Roman Arutyunyan

November 20, 2019 06:40AM

Hi,

On Wed, Nov 20, 2019 at 10:53:42AM +0000, kev jr wrote:
> Hi all,
>
> Question 1
> Is it possible to have NGINX reverse proxy to multiple MySQL servers listening on the same port using different names like you can with http? We don't want to perform any load balancing operation on them, we just want to be able to redirect to MySQL instances based on a logical name, same as on http.

If by logical name you mean TLS SNI then it is possible. You need to use the
ssl preread module:

http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html#ssl_preread

> Question 2
> When I try to implement TLS encryption between NGINX and MYSQL Database server, I have the following error on my MySQL Client : ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error
>
> I have the following configuration : Ubuntu server with the MySQL Client // NGINX (with the configuration below) // MYSQL Database (with SSL activated)
> stream {
>
> upstream mysql1 {
> server 172.31.39.168:3306;
> }
>
> server {
> listen 3306;
> proxy_pass mysql1;
> proxy_ssl on;
>
> proxy_ssl_certificate /etc/ssl/client-cert.pem;
> proxy_ssl_certificate_key /etc/ssl/client-key.pem;
> #proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> #proxy_ssl_ciphers HIGH:!aNULL:!MD5;
> proxy_ssl_trusted_certificate /etc/ssl/ca-cert.pem;
>
> proxy_ssl_verify on;
> proxy_ssl_verify_depth 2;
> proxy_ssl_session_reuse on;
> }
> }
>
> If I comment proxy_ssl* parameters on NGINX, the connection works between "Ubuntu server (with the MySQL Client)" and "MYSQL Database (with SSL activated)" throught "NGINX".

I can only assume that the MySQL port you connect to does not expect TLS
connections. You should probably connect to a different port when proxy_ssl
is enabled.

>
> Thanks all
>
>
>

> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

--
Roman Arutyunyan
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
Error : NGINX - MYSQL TLS encryption and	kev jr	530	November 20, 2019 05:54AM
Re: Error : NGINX - MYSQL TLS encryption and	Roman Arutyunyan	361	November 20, 2019 06:40AM
Re: Error : NGINX - MYSQL TLS encryption and	Maxim Dounin	395	November 20, 2019 06:48AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 293

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018

Error : NGINX - MYSQL TLS encryption and

Re: Error : NGINX - MYSQL TLS encryption and

Re: Error : NGINX - MYSQL TLS encryption and

Online Users