Comment on NGINX config for TLS passthrough with multiple services?
nutbutter@discuss.tchncs.de 1 year agoThis looks like a really great tool, but I cannot seem to find TLS pass through options in here. Or maybe I am too dumb to understand. I do not want the proxy server to generate or keep any certificates, all that will be done by my home server. All I want the proxy server to do is pass through the TCP connection.
towerful@programming.dev 1 year ago
If you are forwarding to multiple services, TCP proxying isnt going to work.
The proxy server has to know where to send the connection, so it has to be protocol-aware. In this case, http/https is the protocol.
Luckily TLS/HTTPS has functionality for this without having to terminate encryption, called SNI.
Here is an article using SNI and nginx.
gist.github.com/…/c09dbab5e78bf76402966b13fa72b9d…
nutbutter@discuss.tchncs.de 1 year ago
Thanks. So, I just have to put this
streamblock in mynginx.conffile and everything will work? Do I still have to use reverse proxy for my existing WordPress sites? Or can they stay normally configured?towerful@programming.dev 1 year ago
If they are running on the same server as nginx, then they will need to be proxied as well.
Only 1 service can bind to a port. So if the webserver doing wordpress is bound to 80/443, nginx will not be able to acquire the port.
Hence why reverse proxying. Nginx binds 80/443, then forwards to other services on arbitrary ports