Have nginx decide rather to decrypt incoming traffic based off of source ip? The 2019 Stack...
How to notate time signature switching consistently every measure
What is the most efficient way to store a numeric range?
What do I do when my TA workload is more than expected?
Finding the area between two curves with Integrate
Why didn't the Event Horizon Telescope team mention Sagittarius A*?
How come people say “Would of”?
A word that means fill it to the required quantity
Is it ok to offer lower paid work as a trial period before negotiating for a full-time job?
Can a flute soloist sit?
Can there be female White Walkers?
Is an up-to-date browser secure on an out-of-date OS?
Did any laptop computers have a built-in 5 1/4 inch floppy drive?
How can I define good in a religion that claims no moral authority?
Are spiders unable to hurt humans, especially very small spiders?
How do PCB vias affect signal quality?
Does adding complexity mean a more secure cipher?
Old scifi movie from the 50s or 60s with men in solid red uniforms who interrogate a spy from the past
Can we generate random numbers using irrational numbers like π and e?
"as much details as you can remember"
Loose spokes after only a few rides
How to charge AirPods to keep battery healthy?
Why not take a picture of a closer black hole?
Why doesn't shell automatically fix "useless use of cat"?
writing variables above the numbers in tikz picture
Have nginx decide rather to decrypt incoming traffic based off of source ip?
The 2019 Stack Overflow Developer Survey Results Are InDistinct Proxying for any TCP-related ProtocolSSH reverse proxyMac proxifier to use with Transmission?Traffic Redirection for transparent proxyCan't seem to block Youtube using QustodioHow can I STunnel/multiplex RDP and HTTPS over the same ServerIP:443?Forwarding Traffic from Linux Debian Server to DynIP Windows HomeServerReverse proxy based on http header in Nginx returns 502 Bad GatewayBypassing a VPN for all SSL trafficNodeJS Server on Raspberry Pi not calling function
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I have an nginx currently decrypting ssl traffic determining where to proxy based off of url, then re-encrypting and proxying accordingly.
This is causing trouble with one specific location, due to code on the other end of nginx looking at the incoming certificate to decide who a user is, my re encrypting is changing the 'user' recognized and breaking the code. The code were working with has hardcoded ip addresses as well, which is really limiting my options for how to handle the issue. Were be fixing the code eventually, but in the meantime I'm looking for a stopgap solution to make things work using nginx.
Is it possible for me to have, on nginx not decrypt traffic from a specific source ip, and proxy it in as is to the appropriate server, while still decrypting all other traffic? All of this has to be on the same port, I can't move either traffic stream to a different port.
From quick scanning it looks as for a specific port nginx is listening on I need to either decrypt all traffic, or not decrypt any of it, without having an option to only decrypt some of it? is that true?
proxy ssl nginx
asked yesterday
dsollendsollen
154112
add a comment |
I have an nginx currently decrypting ssl traffic determining where to proxy based off of url, then re-encrypting and proxying accordingly.
This is causing trouble with one specific location, due to code on the other end of nginx looking at the incoming certificate to decide who a user is, my re encrypting is changing the 'user' recognized and breaking the code. The code were working with has hardcoded ip addresses as well, which is really limiting my options for how to handle the issue. Were be fixing the code eventually, but in the meantime I'm looking for a stopgap solution to make things work using nginx.
Is it possible for me to have, on nginx not decrypt traffic from a specific source ip, and proxy it in as is to the appropriate server, while still decrypting all other traffic? All of this has to be on the same port, I can't move either traffic stream to a different port.
From quick scanning it looks as for a specific port nginx is listening on I need to either decrypt all traffic, or not decrypt any of it, without having an option to only decrypt some of it? is that true?
proxy ssl nginx
asked yesterday
dsollendsollen
154112
add a comment |
I have an nginx currently decrypting ssl traffic determining where to proxy based off of url, then re-encrypting and proxying accordingly.
This is causing trouble with one specific location, due to code on the other end of nginx looking at the incoming certificate to decide who a user is, my re encrypting is changing the 'user' recognized and breaking the code. The code were working with has hardcoded ip addresses as well, which is really limiting my options for how to handle the issue. Were be fixing the code eventually, but in the meantime I'm looking for a stopgap solution to make things work using nginx.
Is it possible for me to have, on nginx not decrypt traffic from a specific source ip, and proxy it in as is to the appropriate server, while still decrypting all other traffic? All of this has to be on the same port, I can't move either traffic stream to a different port.
From quick scanning it looks as for a specific port nginx is listening on I need to either decrypt all traffic, or not decrypt any of it, without having an option to only decrypt some of it? is that true?
proxy ssl nginx
asked yesterday
dsollendsollen
154112
I have an nginx currently decrypting ssl traffic determining where to proxy based off of url, then re-encrypting and proxying accordingly.
This is causing trouble with one specific location, due to code on the other end of nginx looking at the incoming certificate to decide who a user is, my re encrypting is changing the 'user' recognized and breaking the code. The code were working with has hardcoded ip addresses as well, which is really limiting my options for how to handle the issue. Were be fixing the code eventually, but in the meantime I'm looking for a stopgap solution to make things work using nginx.
Is it possible for me to have, on nginx not decrypt traffic from a specific source ip, and proxy it in as is to the appropriate server, while still decrypting all other traffic? All of this has to be on the same port, I can't move either traffic stream to a different port.
From quick scanning it looks as for a specific port nginx is listening on I need to either decrypt all traffic, or not decrypt any of it, without having an option to only decrypt some of it? is that true?
proxy ssl nginx
proxy ssl nginx
asked yesterday
dsollendsollen
154112
asked yesterday
dsollendsollen
154112
asked yesterday
dsollendsollen
154112
asked yesterday
dsollendsollen
154112
asked yesterday
dsollendsollen
154112
154112
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1423804%2fhave-nginx-decide-rather-to-decrypt-incoming-traffic-based-off-of-source-ip%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1423804%2fhave-nginx-decide-rather-to-decrypt-incoming-traffic-based-off-of-source-ip%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
