On Fri, Jul 03, 2020 at 09:12:56AM -0400, siva.pannier wrote: Hi there,
> I want all my client applications make call to the service host via proxy. > And the hosted services are TLSv1.2 enabled. Clients are not in a position > to upgrade. Hence I want to enforce the SSL encryption when the call > routed/redirected to the target from proxy. I may be misunderstanding the terminology, but I think your scenario is that your clients speak their protocol over a "normal" (non-encrypted) network connection; and your (upstream) servers allow the protocol both directly over a "normal" connection, or over a SSL-wrapped connection. An you want your clients to talk to nginx without encryption, and for nginx to talk to upstream with encryption. If nginx does not already have a dedicated module for the protocol you care about, then possibly the "stream" module with "proxy_ssl" will work for you. http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html That *does* depend on the nature of the protocol, of course -- if the protocol does not easily allow proxying, then it is not going to easily work through the nginx stream proxy. > I have seen few blogs that talks about HTTP to HTTPS redirection. I want to > do that for all protocols like TCPS, UDPS(DTLS), SMTPS, IIOPS. > > Can you please share your suggestions on this? If my protocol writes IP addresses or ports within the content payload, then a "blind" traffic-forwarder (as "stream" mostly is) will probably not be able to reliably proxy things that use my protocol. For the specific protocols you care about: can they be proxied? I suspect that the list will be interested in the results of your testing, if you are willing to share them. Thanks, f -- Francis Daly [email protected] _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
