Nginx反向代理中的SSL传递? [英] SSL Pass-Through in Nginx Reverse proxy?

问题描述

是否可以将Nginx反向代理与SSL传递一起使用，以便它可以将请求传递给需要对客户端进行证书身份验证的服务器.

Is it possible to use Nginx reverse proxy with SSL Pass-through so that it can pass request to a server who require certificate authentication for client.

这意味着服务器将需要具有客户端服务器的证书，而无需Nginx反向代理服务器的证书.

It means server will need to have certificate of client server and will not need certificate of Nginx reverse proxy server.

推荐答案

不确定在您的情况下它可以工作多少，但是较新的(1.9.3+)版本的Nginx可以将(加密的)TLS数据包直接传递到上游服务器，使用 stream块:

Not sure how much it can work in your situation, but newer (1.9.3+) versions of Nginx can pass (encrypted) TLS packets directly to an upstream server, using the stream block :

stream {
  server {
    listen     443;
    proxy_pass backend.example.com:443;
  }
}

如果要定位多个上游服务器(按主机名区分)，则可以使用nginx模块ngx_stream_ssl_preread和ngx_stream_map来实现.其背后的概念是TLS 服务器名称指示. Dave T.很好地概述了解决方案.在此网络上查看他的答案.

If you want to target multiple upstream servers, distinguished by their hostnames, this is possible by using the nginx modules ngx_stream_ssl_preread and ngx_stream_map. The concept behind this is TLS Server Name Indication. Dave T. outlines a solution nicely. See his answer on this network.

这篇关于Nginx反向代理中的SSL传递?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！