SSL Passthrough with Nginx

0
votes

I have setup a Nginx Ingress to proxy traffic to a Kubernetes cluster I have setup with kubeadm. This seems to be working well.

On the host (where the Master node is setup) I have a number of other services running that are being proxied by another Nginx (publicly facing).

What I want to achieve is route all the traffic to a specific domain (pointing to the cluster) from the first Nginx (facing the public) to the Nginx running in the cluster.

Internet -----> Nginx Public -----> Nginx Ingress -----> Cluster

Nginx Ingress is listening on TLS/SSL traffic.

So I want to passthrough SSL traffic to it via the public Nginx.

I attempted it with the following which didnt seem to work.

upstream cluster {
    server 10.109.70.33:443 max_fails=10 fail_timeout=10s;
}

server {
    listen 80;
    listen [::]:80;

    listen 443;
    listen [::]:443;

    server_name *.dev-new.test.co;

    access_log /var/log/nginx/cluster-access.log;
    error_log  /var/log/nginx/cluster-error.log;

    location / {
        proxy_pass https://cluster;
    }
}
1
sslnginxkubernetes
Please explain what you mean by doesn't seems to work?Tarun Lalwani
Reaches the Nginx ingress default backend controller with 404 if i curl -iv https://foo.dev-new.test.conixgadget
However, I can curl -ivk https://10.109.70.33 --header Host: foo.dev-new.test.conixgadget
You need to add proxy_set_header Host $host; in your proxy_pass blockTarun Lalwani
Yup thats what was missing. Thanks man. Feel free to add it as an answer and il flag it.nixgadget

1 Answers

2
votes

You need to add 

proxy_set_header Host $host;

in your proxy_pass block. This is needed so the server knows which virtual host you are trying to look into