Forward HTTPS traffic thru Nginx without SSL certificate

8
votes

I want to use Nginx to expose my NodeJS server listening on port 443.

I don't want to manage the SSL certificate with Nginx. I would rather do that on the NodeJS server using the SNICallback option of https.createServer.

How do I setup the nginx.conf to support this?

2
node.jssslnginxtls1.2
Did you take a look at serverfault.com/questions/583374/…? - fragmentedreality

2 Answers

7
votes

You're looking for ssl pass-through. You'll set up your nginx to use TCP load balancing (even if you only have one server it's still thought of as load balancing) and ssl passthrough. Note that nginx will be unable to access any of the content and that you will lose almost all of the advantages of using a proxy other than the ability to do load balancing. See these instructions for a specific configuration example.

1
votes

You can configure nginx to pass the encrypted traffic to the node.js server.

stream {
  server {
    listen     443;
    proxy_pass your.node.js:443;
  }
}

Note that you will have no access-log or any other means of access to the data.