2

I have multiple local https servers running on different ports with their own certificate. Now, I would like to use nginx to make these https servers available under different host names, port 443 and ssl secured.

My current configuration per hostname looks like

server {
    listen       443 ssl;
    server_name  hostname1;

    ssl_certificate     /etc/nginx/hostname1.cert.pem;
    ssl_certificate_key /etc/nginx/hostname1.privkey.pem;

    location / {
        proxy_pass ...
    }
}

But using the listen 443 ssl; directive forces me to specify certificate and key. Instead, I would like to simply pass-through that traffic from my servers, so I do not have to maintain a second level of certificates in nginx and my local environment comes closer to the production environment.

For targeting a single server, F.X. offers a solution with streams in SSL Pass-Through in Nginx Reverse proxy? However, as he/her points out, as it simply forwards TCP, there is no way to peek into the hostname and make it work for multiple servers.

Are there any other ways? Is there some fundamental limitation that this cannot work?

Richard Kiefer
  • 1,814
  • 2
  • 23
  • 42

1 Answers1

2

The magic concept here is Server Name Indication, a TSL extensions which adds the host name desired by the client in the TSL Client Hello and allows the server to map the connection to one of multiple virtual hosts.

It turns out that the answer by F.X. was outdated and Dave T. has a solution using two newer nginx modules, ngx_stream_ssl_preread and ngx_stream_map. See his answer on this network for details.

Community
  • 1
  • 1
Richard Kiefer
  • 1,814
  • 2
  • 23
  • 42