Skip to content

NGINX as SSL TLS Proxy

Jump to bottom
Dustin Heywood edited this page Dec 16, 2021 · 1 revision

nginx.conf

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

stream {
  upstream telnet {
    server 127.0.0.1:4000;
    # add as many or as few of these as you need
  }

  server {
    listen [::]:4022 ssl;
    listen 4022 ssl;
    listen 4020 ssl;
    listen [::]:4020 ssl;

    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;

    proxy_connect_timeout 1s; # detect failure quickly
    proxy_pass telnet;
  }

  upstream telnet2 {
    server serverip:5000;
    # add as many or as few of these as you need
  }

  server {
    listen [::]:5022 ssl;
    listen 5022 ssl;

    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
    proxy_pass telnet2;
    proxy_connect_timeout 1s; # detect failure quickly
    proxy_socket_keepalive on;
  }

  upstream testwebsocket {
    server serverip:5001;
    # add as many or as few of these as you need
  }

  server {
    listen [::]:5443 ssl;
    listen 5443 ssl;

    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
    proxy_pass testwebsocket;
    proxy_connect_timeout 1s; # detect failure quickly
    proxy_socket_keepalive on;
  }
}

This example proxies TLS to raw socket, good for TLS wrapping telnet

Clone this wiki locally