0
votes

I have a classic ELB configured for TCP load balancing. It accepts connection on port 443 and forwards the request to port 443 of ec2 where I have nginx listening for Tcp connection. I have configured TLS connection for both incoming and outgoing request.
My initial intention was to create pass through TCP-TLS communication.
I have two questions.

1) If this supposedly pass through TLS traffic then why ELB is forcing me to install TLS certificate? 2) Ok I have installed the ELB certificate on the load balancer and another certificate on the Nginx to terminate the TLS. How the communication will happen? If client send TCP stream to ELB will ELB first decrypt the data and then again encrypt the data with Nginx certificate?
The reason I am asking this because I am getting TCP reset error on the client side and the data never reach the Nginx server.

Appreciate if someone help me.

Thanks, Manoj

1

1 Answers

0
votes

If you want to pass-through TLS, you would not configure the balancer for TLS, because that is used for offload or bidirectional termination inside the balancer -- essentially the complete opposite of pass-through.

You'd simply configure the balancer for TCP.

Also, the recommended solution for your application is to use a Network Load Balancer (NLB), rather than a classic ELB.