Subj : nginx TLS proxy
To   : All
From : Oli
Date : Tue Nov 26 2019 07:22 pm

A simple example for using nginx as a TLS proxy in front of a binkp mailer. You
 can add it to your nginx.conf. Don't put it inside the http block. Put it
above or below the http block (if there is one):

stream {
  server {
    listen 24553 ssl;
    ssl_certificate /etc/nginx/ssl/snakeoil.crt;
    ssl_certificate_key /etc/nginx/ssl/snakeoil.key;
    proxy_pass 127.0.0.1:24554;
  }
}


This is an basic example for doing the same with alpn. It can be extended to
serve https, h2 or xmpps on the same port.

stream {
  map $ssl_preread_alpn_protocols $tls_proxy {
    "binkp" 127.0.0.1:55000;
  }

  server {
    listen 443;
    ssl_preread on;
    proxy_protocol on;
    proxy_pass $tls_proxy;
  }

  server {
    listen 127.0.0.1:55000 ssl proxy_protocol;
    ssl_certificate /etc/nginx/ssl/snakeoil.crt;
    ssl_certificate_key /etc/nginx/ssl/snakeoil.key;
    proxy_pass 127.0.0.1:24554;
  }
}

---
 * Origin:  (21:1/151)

.