proxy_ssl
The proxy_ssl directive in NGINX Stream Core enables SSL proxying for upstream connections.
Description
The proxy_ssl directive is utilized within the stream context of NGINX to enable Secure Sockets Layer (SSL) for connections to upstream servers. By setting this directive to 'on', NGINX will establish SSL connections when proxying TCP or UDP traffic, providing an encrypted channel between the NGINX server and the upstream server. It is especially useful for securing communications, such as when interfacing with secure backend services.
This directive can be declared within a stream server block, and its value can be either 'on' or 'off'. When set to 'on', NGINX expects the upstream server to present an SSL certificate which matches its hostname, and will perform necessary handshakes to establish a secure connection. Additional parameters related to SSL configuration, such as proxy_ssl_certificate and proxy_ssl_password_file, may need to be specified to successfully validate and manage the SSL certificates utilized in the communication process.
Config Example
stream {
server {
listen 443;
proxy_pass backend_server;
proxy_ssl on;
}
}Ensure that your upstream server is configured with a valid SSL certificate; otherwise, NGINX will fail to establish a connection.
Setting proxy_ssl on; without proper SSL configurations (like proxy_ssl_certificate) may lead to runtime errors.
Remember that enabling SSL adds overhead; ensure your NGINX server has sufficient resources to handle this.