Hello! On Sun, May 14, 2023 at 09:55:54AM +0400, Roman Arutyunyan wrote:
> Hi Eduard, > > On Sat, May 13, 2023 at 10:43:59PM -0600, Eduard Vercaemer wrote: > > for some context, I recently I tried configuring nginx as a tcp proxy that > > routes > > connections based on sni to multiple upstream services > > > > the server only exposes one tcp port, and receives all connections there, > > for example > > a connection to redis.example.com:1234 would be proxy_pass'ed to some port > > in the > > machine, a connection to www.example.com:1234 to another, etc. > > > > i used nginx itself to terminate the tls for all services for convenience > > > > the problem: > > now here is the issue, 1: postgres does some weird custom ssl stuff, which > > means I > > cannot terminate the ssl from within nginx > > In this case there must be an SSL error logged in nginx error log. > Can you post it? Postgres uses their own protocol with STARTTLS-like interface to initiate SSL handshake, see here: https://www.postgresql.org/docs/current/protocol-flow.html#id-1.10.6.7.12 That is, it's not going to work with neither SSL termination, nor SSL preread, and needs an implementation of the Postgres protocol. [...] -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx