SSL over UDP - Nginx as reverse proxy

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL over UDP - Nginx as reverse proxy

vergil
Hi,

I would like to have SSL Termination on nginx for UDP connections. Can you
please share the instructions on how to do achieve it?

Thanks,
Siva

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288543,288543#msg-288543

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: SSL over UDP - Nginx as reverse proxy

Francis Daly
On Fri, Jul 03, 2020 at 12:50:09PM -0400, siva.pannier wrote:

Hi there,

> I would like to have SSL Termination on nginx for UDP connections. Can you
> please share the instructions on how to do achieve it?

The documentation for "stream" is at
http://nginx.org/en/docs/stream/ngx_stream_core_module.html

I would expect that the way to do it would be to put both "udp" and
"ssl" in the "listen" directive.

When I do that using one version of nginx, "nginx -t" reports:

[emerg] "listen" directive "ssl" parameter is incompatible with "udp"

That does match what is described at
https://www.nginx.com/blog/ask-nginx-april-2019/

Note that searching the list archives does point to
http://nginx.org/patches/dtls/ and an indication that that experiment
was paused owing to a lack of a use case.

I suspect that if you want to report on how that patch works for you --
being aware that it was written for an older version of nginx, so possibly
will not apply as-is to the current version -- and/or describe your
specific use case, then there may be someone willing to update the patch.

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: SSL over UDP - Nginx as reverse proxy

vergil
Thanks Francis..

I tried that DTLS patch on the version 1.15. It worked. It supported both
the SSL & UDP directive on the same stream.
I could do the SSL termination on Nginx with the Bouncy Castle Java API..

They should add it in the latest versions of Nginx as well.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288543,288659#msg-288659

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx