Nginx on 443, but node handling ssl certificates

0
votes

We have nginx running two servers (port 80 and 443). These proxy_pass our upstreams:

   upstream app_nodes {
       ip_hash;
       server 127.0.0.1:3000;
       server 127.0.0.1:3001;
    }

    upstream app_nodes_https {
      ip_hash;
      server 127.0.0.1:8000;
      server 127.0.0.1:8001;
    }

For port 80, this is fine. However, for 443 this fails because we don't have ssl certs defined within nginx. We need our node.js app (listening on port 8000/8001) to handle the certificates to support many domains dynamically.

Is there a way to have nginx simply proxy our upstream servers and let them handle ssl?

Thank you

EDIT: Here's our server block for 443

server {
       listen 443;

       gzip on;
       gzip_types text/plain application/json application/ocet-stream;

       location / {
          proxy_pass      https://app_nodes_https;    
          add_header      X-Upstream  $upstream_addr;
          add_header      X-Real-IP $remote_addr;       
          include         /etc/nginx/proxy_params;
       }

}

Doing nginx -t actually gives the error that https protocol requires SSL support

1
node.jssslnginx
Since you cannot look into the HTTP part of the traffic if nginx is not the SSL endpoint you need to use plain TCP for load balancing instead. See nginx load balancing – tcp and udp load balancer.Steffen Ullrich
It says that TCP is the default, presumably just listen 443; which we use is TCPdzm

1 Answers

0
votes

The solution is to use streams:

stream {
        upstream https_stream {
          hash $remote_addr;
          server 127.0.0.1:8000;
          server 127.0.0.1:8001;
        }
        server {
          listen 443;
          proxy_pass https_stream;
        }
}

This is assuming your running your app instances on 8000/8001.