I want to know how to have NginX (load balancer) accept traffic on 443 and forward it to port 443 on the load balanced web server nodes.
I am using NginX as a load balancer where the SSL termination occurs at NginX level. And then NginX sends unencrypted traffic to my web serves at port 80.
This is my current ngnx configuration:
upstream appserver {
server 10.0.1.132;
server 10.0.1.243;
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://appserver;
}
}
I have gone through: Nginx load balance with upstream SSL
My real issue is, If I want NginX to listen traffic on 443, then I need to configure the ssl termination on nignx. Else nginx service won't start and will complain about missing ssl cert/keys.
In short, I want Nginx to simply accept traffic on 443 and forward it to 443 on load balanced Web server nodes. Then let my webservers do the SSL work.
The best practice is to do SSL offloading at load balancer level but I want to do otherwise.
Thanks.
This requires Layer 4 snooping/routing on NGINX's part, which is apparently not entirely supported. NGINX seems to support SNI, but for some reason I could not prevent it from terminating the TLS connection.
I ended up using HAProxy.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With