NGINX as SSL TLS Proxy
Dustin Heywood edited this page Dec 16, 2021
·
1 revision
nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
stream {
upstream telnet {
server 127.0.0.1:4000;
# add as many or as few of these as you need
}
server {
listen [::]:4022 ssl;
listen 4022 ssl;
listen 4020 ssl;
listen [::]:4020 ssl;
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
proxy_connect_timeout 1s; # detect failure quickly
proxy_pass telnet;
}
upstream telnet2 {
server serverip:5000;
# add as many or as few of these as you need
}
server {
listen [::]:5022 ssl;
listen 5022 ssl;
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
proxy_pass telnet2;
proxy_connect_timeout 1s; # detect failure quickly
proxy_socket_keepalive on;
}
upstream testwebsocket {
server serverip:5001;
# add as many or as few of these as you need
}
server {
listen [::]:5443 ssl;
listen 5443 ssl;
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
proxy_pass testwebsocket;
proxy_connect_timeout 1s; # detect failure quickly
proxy_socket_keepalive on;
}
}
This example proxies TLS to raw socket, good for TLS wrapping telnet