https - route transparently, do not terminate ssl?

[Boran]

Hi,

I have a apache website container...
Would it be possible to forward port 443/ssl in the same way as 80, but allow the target container to terminate SSL, i.e. certificates and so would be installed in the container?

Or that a limitation in reverse https proxing?

Also it would be nice if requests on port 80 were forwarded to port 80, not automatically forwarded to 443. Otherwise one have pages with mixed htt/s which causes browsers issues.
As maybe not all pages need https (performance)

[jwilder]

To forward SSL traffic and terminate it on your backend container, nginx would need to proxy TCP sockets which I don't think the stock nginx package supports out of the box. I believe there are some plugins that might do that if they are compiled in but it might be easier to just use haproxy in that case.

It is possible to have host port 80 forward to the container port 80 and not redirect but I think it would be better to run a custom template in that case. There are some good online resources for TLS performance as well if you're interested. I'd recommend taking a look at https://istlsfastyet.com/.

[Boran]

I suspected as much.
I'll start experimenting with a custom template.
That site is interesting, hadn't come across it before thanks!