Have nginx decide rather to decrypt incoming traffic based off of source ip? The 2019 Stack...

How to notate time signature switching consistently every measure

What is the most efficient way to store a numeric range?

What do I do when my TA workload is more than expected?

Finding the area between two curves with Integrate

Why didn't the Event Horizon Telescope team mention Sagittarius A*?

How come people say “Would of”?

A word that means fill it to the required quantity

Is it ok to offer lower paid work as a trial period before negotiating for a full-time job?

Can a flute soloist sit?

Can there be female White Walkers?

Is an up-to-date browser secure on an out-of-date OS?

Did any laptop computers have a built-in 5 1/4 inch floppy drive?

How can I define good in a religion that claims no moral authority?

Are spiders unable to hurt humans, especially very small spiders?

How do PCB vias affect signal quality?

Does adding complexity mean a more secure cipher?

Old scifi movie from the 50s or 60s with men in solid red uniforms who interrogate a spy from the past

Can we generate random numbers using irrational numbers like π and e?

"as much details as you can remember"

Loose spokes after only a few rides

How to charge AirPods to keep battery healthy?

Why not take a picture of a closer black hole?

Why doesn't shell automatically fix "useless use of cat"?

writing variables above the numbers in tikz picture



Have nginx decide rather to decrypt incoming traffic based off of source ip?



The 2019 Stack Overflow Developer Survey Results Are InDistinct Proxying for any TCP-related ProtocolSSH reverse proxyMac proxifier to use with Transmission?Traffic Redirection for transparent proxyCan't seem to block Youtube using QustodioHow can I STunnel/multiplex RDP and HTTPS over the same ServerIP:443?Forwarding Traffic from Linux Debian Server to DynIP Windows HomeServerReverse proxy based on http header in Nginx returns 502 Bad GatewayBypassing a VPN for all SSL trafficNodeJS Server on Raspberry Pi not calling function





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I have an nginx currently decrypting ssl traffic determining where to proxy based off of url, then re-encrypting and proxying accordingly.



This is causing trouble with one specific location, due to code on the other end of nginx looking at the incoming certificate to decide who a user is, my re encrypting is changing the 'user' recognized and breaking the code. The code were working with has hardcoded ip addresses as well, which is really limiting my options for how to handle the issue. Were be fixing the code eventually, but in the meantime I'm looking for a stopgap solution to make things work using nginx.



Is it possible for me to have, on nginx not decrypt traffic from a specific source ip, and proxy it in as is to the appropriate server, while still decrypting all other traffic? All of this has to be on the same port, I can't move either traffic stream to a different port.



From quick scanning it looks as for a specific port nginx is listening on I need to either decrypt all traffic, or not decrypt any of it, without having an option to only decrypt some of it? is that true?










share|improve this question





























    0















    I have an nginx currently decrypting ssl traffic determining where to proxy based off of url, then re-encrypting and proxying accordingly.



    This is causing trouble with one specific location, due to code on the other end of nginx looking at the incoming certificate to decide who a user is, my re encrypting is changing the 'user' recognized and breaking the code. The code were working with has hardcoded ip addresses as well, which is really limiting my options for how to handle the issue. Were be fixing the code eventually, but in the meantime I'm looking for a stopgap solution to make things work using nginx.



    Is it possible for me to have, on nginx not decrypt traffic from a specific source ip, and proxy it in as is to the appropriate server, while still decrypting all other traffic? All of this has to be on the same port, I can't move either traffic stream to a different port.



    From quick scanning it looks as for a specific port nginx is listening on I need to either decrypt all traffic, or not decrypt any of it, without having an option to only decrypt some of it? is that true?










    share|improve this question

























      0












      0








      0








      I have an nginx currently decrypting ssl traffic determining where to proxy based off of url, then re-encrypting and proxying accordingly.



      This is causing trouble with one specific location, due to code on the other end of nginx looking at the incoming certificate to decide who a user is, my re encrypting is changing the 'user' recognized and breaking the code. The code were working with has hardcoded ip addresses as well, which is really limiting my options for how to handle the issue. Were be fixing the code eventually, but in the meantime I'm looking for a stopgap solution to make things work using nginx.



      Is it possible for me to have, on nginx not decrypt traffic from a specific source ip, and proxy it in as is to the appropriate server, while still decrypting all other traffic? All of this has to be on the same port, I can't move either traffic stream to a different port.



      From quick scanning it looks as for a specific port nginx is listening on I need to either decrypt all traffic, or not decrypt any of it, without having an option to only decrypt some of it? is that true?










      share|improve this question














      I have an nginx currently decrypting ssl traffic determining where to proxy based off of url, then re-encrypting and proxying accordingly.



      This is causing trouble with one specific location, due to code on the other end of nginx looking at the incoming certificate to decide who a user is, my re encrypting is changing the 'user' recognized and breaking the code. The code were working with has hardcoded ip addresses as well, which is really limiting my options for how to handle the issue. Were be fixing the code eventually, but in the meantime I'm looking for a stopgap solution to make things work using nginx.



      Is it possible for me to have, on nginx not decrypt traffic from a specific source ip, and proxy it in as is to the appropriate server, while still decrypting all other traffic? All of this has to be on the same port, I can't move either traffic stream to a different port.



      From quick scanning it looks as for a specific port nginx is listening on I need to either decrypt all traffic, or not decrypt any of it, without having an option to only decrypt some of it? is that true?







      proxy ssl nginx






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked yesterday









      dsollendsollen

      154112




      154112






















          0






          active

          oldest

          votes












          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1423804%2fhave-nginx-decide-rather-to-decrypt-incoming-traffic-based-off-of-source-ip%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1423804%2fhave-nginx-decide-rather-to-decrypt-incoming-traffic-based-off-of-source-ip%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

          Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

          VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...