On 2014-09-03 at 09:21 +1200, Craig Miskell wrote: > Sadly, I think you'll find that nginx doesn't do HTTPS forward proxying (i.e > support CONNECT). > > http://forum.nginx.org/read.php?2,15124,15256#msg-15256
That thread is from 2009. CONNECT is for local proxies, not reverse proxies: if you're letting through CONNECT then you can't do anything sensible with the content , because then the client is negotiating TLS with the upstream and you're relegated to fairly dumb TLS frame passer. To do forward proxying, you end up wanting the front-end proxy to _terminate_ the HTTPS and handle the requests, then use HTTPS for the backend/upstream, with the proxy performing HTTPS identity validation, etc. nginx does that just fine. -Phil _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
