Nginx - SSL Passthrough Reverse Proxy

Nginx 1.9.3+ allows TCP load balancing or SSL passthrough. What this means is you can reverse proxy or load balance web applications  without having to terminate SSL at the nginx.

Example Configuration for name based access:

stream {

    	map $ssl_preread_server_name $name {
        
        www.somesite.com some-server;
        www.someothersite.com other-server
        default https_default_backend;
    }

    upstream some-server {
        server 10.10.10.20:443;
    }
	
    upstream other-server{
    	server 10.10.10.21:443
    }
    server {
        listen 443;
        proxy_pass $name;
        ssl_preread on;
    }
}

In the above configuration, you have somesite.com and someothersite.com defined and with the upstream definitions you can send traffic to one or the other server.

Now if you needed to access the service by IP , below is the configuration:

Example Configuration for IP Based access:

stream {
    upstream server1{
        server 10.10.10.1:8080;
    }
    upstream server2{
        server 10.10.10.2:8080;
    }

    map $server_addr $x {
        172.16.11.5 server1;
        172.16.11.2 server2;
    }
    server {
        listen 8080;
        proxy_pass $x;
    }
}

So, with IP based access, you can basically route any application using Nginx. For example, you could route MySQL or other custom applications proxied via nginx.