Reputation: 5689
Configuring NGINX as reverse-proxy (to dispatch) to backend services that are already SSL configured
I have one physical server and one IP address. On that server I have three (qty. 3) backend services configured, each having it's own public DNS domain-name and each having it's own Let's Encrypt SSL certificates, as shown:
- svc01.example.com:1443 # Own DNS domain-name and SSL certificates.
- svc02.example.com:2443 # Own DNS domain-name and SSL certificates.
- svc03.example.com:3443 # Own DNS domain-name and SSL certificates.
These coexist on the same physical server, so each is configured to use it's own Port; however the public IP-Address for svc01|02|03.example.com are identical.
Keeping in mind that these backend services are already SSL configured (and I can't undo that), how do I configure NGINX to implement the following simple forwards (almost like a dispatcher):
svc01.example.com:443 --> svc01.example.com:1443
svc02.example.com:443 --> svc02.example.com:2443
svc03.example.com:443 --> svc03.example.com:3443
Sadly, I'm not an NGINX person, so a complete configuration file for each would be deeply appreciated:
- svc01_nginx.conf
- svc02_nginx.conf
- scv03_nginx.conf
Thank you in advance!
Upvotes: 0
Views: 648
Answers (1)
Reputation: 5689
Thanks to the hint provided by @SteffenUllrich in the comments above, the solution is shown below. Not being an nginx guy, I'm not sure if there are other best-practices to make this configuration more secure or robust (fee free to comment), but it's a start.
/etc/nginx/nginx.conf:
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
events {}
stream {
map $ssl_preread_server_name $targetBackend {
svc01.example.com svc01.example.com:1443
svc02.example.com svc02.example.com:2443
svc03.example.com svc03.example.com:3443
}
server {
listen 8443;
# ==============================================================
# http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html
# ==============================================================
proxy_connect_timeout 10s;
proxy_timeout 600s;
resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1;
proxy_pass $targetBackend;
# ==============================================================
# ==============================================================
# http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html
# ==============================================================
ssl_preread on;
# ==============================================================
}
}
I hope this helps others. (◠﹏◠)
Upvotes: 1
Related Questions
- SSL Pass-Through in Nginx Reverse proxy?
- Nginx proxy_pass to https
- How to combine nginx tcp pass-through with ssl-preread and reverse-proxy functionality?
- Nginx upstream with http & https
- Nginx configuration behind nginx reverse proxy
- Proxy HTTP requests to an HTTPS server in nginx
- reverse proxy with nginx ssl passthrough
- Nginx reverse proxy https to https
- Docker: nginx-proxy with ssl backend
- Nginx Reverse proxy force https