On Tuesday, September 24, 2013, Jonathan Matthews wrote: > On 24 Sep 2013 18:55, "Gary Chodos" <[email protected] <javascript:_e({}, > 'cvml', '[email protected]');>> wrote: > > > > Hello, > > > > We are researching which tools would allow us to do what is described in > the subject. > > > > After searching the archives here and in other places like > stackoverflow, there seems to be conflicting info on whether this is > possible. Perhaps it was not doable early in nginx's life but is now? > Based on the below link (which notes the upstream and reverse proxy > modules), can we now have nginx listen on 443, and pass browser requests to > it on to an upstream HTTPS server which actually serves content, has the > certs/keys and takes care of SSL handshake etc? > > I don't believe so, no. > > > In our use case we cannot house any keys/certs on the nginx box so > must proxy everything (including SSL) to the upstream https box, as if the > end user (who makes the request from the browser) hit the upstream server > directly, and doesn't have any missing or mismatching certificate errors. > > It sounds like you just need a TCP-layer proxy. I suggest HAProxy in TCP > mode. >
Bingo! This works perfectly. Thanks. Gary
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
