Nginx proxy_pass to IP but use HTTPS

2

I have a legacy server that is secured via SSL certificate for example.com. I want to put another server infront of this one to proxy_pass certain (legacy) traffic. The new server must be exposed on example.com too.

If these were on separate domains (legacy.example.com and example.com), I would simply be able to proxy_pass https://legacy.example.com. However, the legacy app is littered with hardcoded example.com URLs (and it only has a SSL certificate for example.com). Any other URL (the IP for example) will redirect to example.com.

What I want to do, is proxy_pass <legacy IP>, set the host header with proxy_set_header Host example.com. But the issue is, this does not use HTTPS.

I did something a while back with curl, I was able to connect to a server by it's IP, but specify the domain to use for the certificate. Even though there was no A record for example.com mapping to this IP, I was able to trick it into thinking it was being connected by that domain.

curl https://example.com/path --resolve example.com:<IP>

Is there anything like this in Nginx?

Chris Smith

Posted 2017-08-31T18:08:29.243

Reputation: 157

Have you tried using the proxy_ssl_name directive? – Richard Smith – 2017-08-31T19:22:57.063

@RichardSmith No, but that is exactly what I was looking for. Thanks! – Chris Smith – 2017-08-31T19:25:11.937

Answers

3

I haven't used it myself, but it looks like proxy_ssl_name might be what you are looking for:

For example:

proxy_set_header Host example.com;
proxy_ssl_name        example.com;
proxy_pass            https://1.2.3.4;

See this document for details.

Richard Smith

Posted 2017-08-31T18:08:29.243

Reputation: 727

Asked: 2017-08-31T18:08:29.243

Viewed: 5 158 times

Active: 2017-08-31T19:30:31.813