Have nginx decide rather to decrypt incoming traffic based off of source ip? The 2019 Stack...

How to notate time signature switching consistently every measure

What is the most efficient way to store a numeric range?

What do I do when my TA workload is more than expected?

Finding the area between two curves with Integrate

Why didn't the Event Horizon Telescope team mention Sagittarius A*?

How come people say “Would of”?

A word that means fill it to the required quantity

Is it ok to offer lower paid work as a trial period before negotiating for a full-time job?

Can a flute soloist sit?

Can there be female White Walkers?

Is an up-to-date browser secure on an out-of-date OS?

Did any laptop computers have a built-in 5 1/4 inch floppy drive?

How can I define good in a religion that claims no moral authority?

Are spiders unable to hurt humans, especially very small spiders?

How do PCB vias affect signal quality?

Does adding complexity mean a more secure cipher?

Old scifi movie from the 50s or 60s with men in solid red uniforms who interrogate a spy from the past

Can we generate random numbers using irrational numbers like π and e?

"as much details as you can remember"

Loose spokes after only a few rides

How to charge AirPods to keep battery healthy?

Why not take a picture of a closer black hole?

Why doesn't shell automatically fix "useless use of cat"?

writing variables above the numbers in tikz picture



Have nginx decide rather to decrypt incoming traffic based off of source ip?



The 2019 Stack Overflow Developer Survey Results Are InDistinct Proxying for any TCP-related ProtocolSSH reverse proxyMac proxifier to use with Transmission?Traffic Redirection for transparent proxyCan't seem to block Youtube using QustodioHow can I STunnel/multiplex RDP and HTTPS over the same ServerIP:443?Forwarding Traffic from Linux Debian Server to DynIP Windows HomeServerReverse proxy based on http header in Nginx returns 502 Bad GatewayBypassing a VPN for all SSL trafficNodeJS Server on Raspberry Pi not calling function





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I have an nginx currently decrypting ssl traffic determining where to proxy based off of url, then re-encrypting and proxying accordingly.



This is causing trouble with one specific location, due to code on the other end of nginx looking at the incoming certificate to decide who a user is, my re encrypting is changing the 'user' recognized and breaking the code. The code were working with has hardcoded ip addresses as well, which is really limiting my options for how to handle the issue. Were be fixing the code eventually, but in the meantime I'm looking for a stopgap solution to make things work using nginx.



Is it possible for me to have, on nginx not decrypt traffic from a specific source ip, and proxy it in as is to the appropriate server, while still decrypting all other traffic? All of this has to be on the same port, I can't move either traffic stream to a different port.



From quick scanning it looks as for a specific port nginx is listening on I need to either decrypt all traffic, or not decrypt any of it, without having an option to only decrypt some of it? is that true?






proxy ssl nginx







share|improve this question





























    0















    I have an nginx currently decrypting ssl traffic determining where to proxy based off of url, then re-encrypting and proxying accordingly.



    This is causing trouble with one specific location, due to code on the other end of nginx looking at the incoming certificate to decide who a user is, my re encrypting is changing the 'user' recognized and breaking the code. The code were working with has hardcoded ip addresses as well, which is really limiting my options for how to handle the issue. Were be fixing the code eventually, but in the meantime I'm looking for a stopgap solution to make things work using nginx.



    Is it possible for me to have, on nginx not decrypt traffic from a specific source ip, and proxy it in as is to the appropriate server, while still decrypting all other traffic? All of this has to be on the same port, I can't move either traffic stream to a different port.



    From quick scanning it looks as for a specific port nginx is listening on I need to either decrypt all traffic, or not decrypt any of it, without having an option to only decrypt some of it? is that true?






    proxy ssl nginx







    share|improve this question

























      0












      0








      0








      I have an nginx currently decrypting ssl traffic determining where to proxy based off of url, then re-encrypting and proxying accordingly.



      This is causing trouble with one specific location, due to code on the other end of nginx looking at the incoming certificate to decide who a user is, my re encrypting is changing the 'user' recognized and breaking the code. The code were working with has hardcoded ip addresses as well, which is really limiting my options for how to handle the issue. Were be fixing the code eventually, but in the meantime I'm looking for a stopgap solution to make things work using nginx.



      Is it possible for me to have, on nginx not decrypt traffic from a specific source ip, and proxy it in as is to the appropriate server, while still decrypting all other traffic? All of this has to be on the same port, I can't move either traffic stream to a different port.



      From quick scanning it looks as for a specific port nginx is listening on I need to either decrypt all traffic, or not decrypt any of it, without having an option to only decrypt some of it? is that true?






      proxy ssl nginx







      share|improve this question














      I have an nginx currently decrypting ssl traffic determining where to proxy based off of url, then re-encrypting and proxying accordingly.



      This is causing trouble with one specific location, due to code on the other end of nginx looking at the incoming certificate to decide who a user is, my re encrypting is changing the 'user' recognized and breaking the code. The code were working with has hardcoded ip addresses as well, which is really limiting my options for how to handle the issue. Were be fixing the code eventually, but in the meantime I'm looking for a stopgap solution to make things work using nginx.



      Is it possible for me to have, on nginx not decrypt traffic from a specific source ip, and proxy it in as is to the appropriate server, while still decrypting all other traffic? All of this has to be on the same port, I can't move either traffic stream to a different port.



      From quick scanning it looks as for a specific port nginx is listening on I need to either decrypt all traffic, or not decrypt any of it, without having an option to only decrypt some of it? is that true?






      proxy ssl nginx




      proxy ssl nginx






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked yesterday









      dsollendsollen

      154112




      154112






















          0






          active

          oldest

          votes












          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1423804%2fhave-nginx-decide-rather-to-decrypt-incoming-traffic-based-off-of-source-ip%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1423804%2fhave-nginx-decide-rather-to-decrypt-incoming-traffic-based-off-of-source-ip%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

          Image
          Why didn't Boeing produce its own regional jet? What is the most common color to indicate the input-field is disabled? Theorists sure want true answers to this! What is the opposite of "eschatology"? What do you call someone who asks many questions? Is there a hemisphere-neutral way of specifying a season? Is this draw by repetition? Bug? String.split chopping off empty trailing value Is it inappropriate for a student to attend their mentor's dissertation defense? How dangerous is XSS Why do I get negative height? Is it possible to map
          Read more

          VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...

          Image
          risk of flooding in petra in november How to get directions in deep space? How could a planet have erratic days? 15% tax on $7.5k earnings. Is that right? Did the UK lift the requirement for registering SIM cards? Is it allowed to activate the ability of multiple planeswalkers in a single turn? Stack Interview Code methods made from class Node and Smart Pointers Non-trope happy ending? What is the highest possible scrabble score for placing a single tile Open a doc from terminal, but not by its name The IT department bottlenecks progress, how should I handle this?
          Read more

          Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

          Image
          Does the Mueller report show a conspiracy between Russia and the Trump Campaign? Relating to the President and obstruction, were Mueller's conclusions preordained? How much damage would a cupful of neutron star matter do to the Earth? Nose gear failure in single prop aircraft: belly landing or nose landing? Should a wizard buy fine inks every time he want to copy spells into his spellbook? Can you force honesty by using the Speak with Dead and Zone of Truth spells together? A trigonometry question from STEP examination Special flights What is the "studentd" process? systemd and copy (/bin/cp): no such file or directory
          Read more