Skip to main content
We’ve updated our Terms of Service. A new AI Addendum clarifies how Stack Overflow utilizes AI interactions.
Server Fault

Return to Question

added 126 characters in body
Source Link
Grant Curell
Grant Curell
  • 1.2k
  • 7
  • 21

I have the same scenario described in this question. I have a client connecting to an nginx reverse proxy with multiple backend services and need to set up certificates.

 client | nginx https://example1.com https://example2.com https://example3.com x.x.x.x | ----------------------------------------- | | | https://example1.com https://example2.com https://example3.com a.b.c.d:1234 e.f.g.h:5678 i.j.k.l:9012

What isn't clear to me from the answers there though is what the DNS names and IPs listed in each cert should be.

My understanding:

  • A reverse proxy isn't going to terminate the TLS connection so at no point will a client see the proxy's certificate
    • Edit: I realized that the reverse proxy could terminate the TLS connection, however in my case I need it to pass through
  • The proxy's certificates should list the hostname/IP address which the backend services example 1, 2, and 3 will see. Only the backend services will see those certificates

If the above two things are true what are the DNS names and IPs that should be listed in the certificates for the backend services? The client would need to see the proxy's hostname/IP in the certificates right? But the proxy should see their real IPs?

This is where I am confused.

I have the same scenario described in this question. I have a client connecting to an nginx reverse proxy with multiple backend services and need to set up certificates.

 client | nginx https://example1.com https://example2.com https://example3.com x.x.x.x | ----------------------------------------- | | | https://example1.com https://example2.com https://example3.com a.b.c.d:1234 e.f.g.h:5678 i.j.k.l:9012

What isn't clear to me from the answers there though is what the DNS names and IPs listed in each cert should be.

My understanding:

  • A reverse proxy isn't going to terminate the TLS connection so at no point will a client see the proxy's certificate
  • The proxy's certificates should list the hostname/IP address which the backend services example 1, 2, and 3 will see. Only the backend services will see those certificates

If the above two things are true what are the DNS names and IPs that should be listed in the certificates for the backend services? The client would need to see the proxy's hostname/IP in the certificates right? But the proxy should see their real IPs?

This is where I am confused.

I have the same scenario described in this question. I have a client connecting to an nginx reverse proxy with multiple backend services and need to set up certificates.

 client | nginx https://example1.com https://example2.com https://example3.com x.x.x.x | ----------------------------------------- | | | https://example1.com https://example2.com https://example3.com a.b.c.d:1234 e.f.g.h:5678 i.j.k.l:9012

What isn't clear to me from the answers there though is what the DNS names and IPs listed in each cert should be.

My understanding:

  • A reverse proxy isn't going to terminate the TLS connection so at no point will a client see the proxy's certificate
    • Edit: I realized that the reverse proxy could terminate the TLS connection, however in my case I need it to pass through
  • The proxy's certificates should list the hostname/IP address which the backend services example 1, 2, and 3 will see. Only the backend services will see those certificates

If the above two things are true what are the DNS names and IPs that should be listed in the certificates for the backend services? The client would need to see the proxy's hostname/IP in the certificates right? But the proxy should see their real IPs?

This is where I am confused.

Source Link
Grant Curell
Grant Curell
  • 1.2k
  • 7
  • 21

What are the DNS names and IP addresses used for a reverse proxy?

I have the same scenario described in this question. I have a client connecting to an nginx reverse proxy with multiple backend services and need to set up certificates.

 client | nginx https://example1.com https://example2.com https://example3.com x.x.x.x | ----------------------------------------- | | | https://example1.com https://example2.com https://example3.com a.b.c.d:1234 e.f.g.h:5678 i.j.k.l:9012

What isn't clear to me from the answers there though is what the DNS names and IPs listed in each cert should be.

My understanding:

  • A reverse proxy isn't going to terminate the TLS connection so at no point will a client see the proxy's certificate
  • The proxy's certificates should list the hostname/IP address which the backend services example 1, 2, and 3 will see. Only the backend services will see those certificates

If the above two things are true what are the DNS names and IPs that should be listed in the certificates for the backend services? The client would need to see the proxy's hostname/IP in the certificates right? But the proxy should see their real IPs?

This is where I am confused.