Hi,
> We currently have a backend server that listens for SSL requests, and (using > SNI) chooses to pass them on to the correct place, or alternatively will > serve the requested HTTPS. > > Our current configuration is slow (not painfully, just slower than we'd > like), and we figured having NGINX do some of the work would speed things > up. > > Can NGINX pass through some HTTPS requests (by domain) without modifying > anything (by checking SNI in the initial packet)? Most (all?) websites > indicate that I should decode and encode the traffic (which is not be > possible because of cases such as https://google.com/). > > So ultimately, what would be ideal for us is: > 1. NGINX sits on network boundary, listening for SSL/TLS connections > 2. When a new connection comes in, NGINX decides to pass on the TLS > connection without touching it OR serve it as a regular HTTPS website (OR > depends on domain) > > Lastly, is there any current way to achieve X-FORWARDED-FOR with HTTPS? I > understand it can't go into the actual HTTPS request, but figured it could > be sent BEFORE the HTTPS decode packet. (the receiving end would have to > understand this also) For all those things, haproxy is way more adequate. Regards, Lukas _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
