SSL passthrough hosts

[chaptergy]

This PR would resolve #853.

SSL passthrough would be a new type of host where the ssl certificate of the upstream server is used, so no ssl termination is done at the proxy. But the only way this is possible in nginx is streams, using SNI to forward the packet to the right destination. As a stream and the normal proxies using http cannot be on the same port, all https traffic has to go through the stream, which then could forward it internally to the http proxy. As this reduces performance for all hosts, this feature is strictly opt-in. The documentation was updated to add a section about this to the advanced config page.

[chaptergy]

The build fails due to some timeout waiting for the sqlite integration check container to be spun up. But as this relies on a docker image built in the ci, I cannot replicate it locally to see why it is not working. @jc21

[jc21]

When this kind of this happens in CI you can view the artifacts for more info.

The error for sqlite is:

✖  error     alter table `user_permission` add column `ssl_passthrough_hosts` varchar(255) not null - SQLITE_ERROR: Cannot add a NOT NULL column with default value NULL

[jc21]

This is an automated message from CI:

Docker Image for build 10 is available on DockerHub as jc21/nginx-proxy-manager:github-pr-1479

Note: ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.

[chaptergy]

Finally got the migration working, SQLite has more quirks which are not handled by knex than I thought.

[jc21]

This is an automated message from CI:

Docker Image for build 11 is available on DockerHub as jc21/nginx-proxy-manager:github-pr-1479

Note: ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.

[jc21]

This pr also needs rebasing on develop changes to get past CI problems.

[jc21]

This is an automated message from CI:

Docker Image for build 12 is available on DockerHub as jc21/nginx-proxy-manager:github-pr-1479

Note: ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.

[jc21]

This is an automated message from CI:

Docker Image for build 13 is available on DockerHub as jc21/nginx-proxy-manager:github-pr-1479

Note: ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.

[IronTooch]

@chaptergy Just a reminder this PR needs a rebase. I'm really invested in it, so I am hoping it can get merged.

[EduardoOliveira]

Hi, any update?

[HaasMichael]

Hi, any update?

I would also love to hear some news on this topic. Nginx Proxy Manager is a great tool and actually right now this feature is the only one I am missing so far. Nice work so far, but can you give us some hints about this feature. Is it still planned to be released an is there probably already a schedule when we can expect a release?

[psmode]

Hi, any update?

I would also love to hear some news on this topic. Nginx Proxy Manager is a great tool and actually right now this feature is the only one I am missing so far. Nice work so far, but can you give us some hints about this feature. Is it still planned to be released an is there probably already a schedule when we can expect a release?

Same here - I am really looking forward to this. Getting SSL Passthrough working would allow me to more easily migrate onto this, given that part of my environment includes a setup with an existing Letsencrypt key that I must keep operational (that needs to standalone).

[scarolan]

This would be very helpful for apps that want to terminate their own SSL.

[github-actions]

PR is now considered stale. If you want to keep it open, please comment 👍

[scarolan]

PR is now considered stale. If you want to keep it open, please comment 👍

What is missing to get this merged?