Quartz 5

NGINX TLS Termination & Passthrough

Properties1
tagsinfrastructure/nginx

1 min read

NGINX TLS Termination & Passthrough

NGINX Termination

We can use NGINX to terminate our SSL & TLS Certificates traffic here are some ways

  • NGINX has TLS fronted, backend is not
  • NGINX terminates the TLS and decrypts and sends unencrypted data
  • NGINX is TLS and backend is also TLS
  • NGINX terminates the TLS, optionally rewrite and then re-encrypt the content to the backend
  • NGINX NGINX can look at the Layer 7 data, re-write the header, cache but needs to share the backend certificate or atleast has its own

NGINX Passthrough

  • the backend handles the TLS
  • NGINX proxies/streams the packets directly to the backend
  • the TLS handshake is forwarded all the way to the backend
  • like a tunnel
  • more secure, no caching, NGINX does not need to share the backend certificate, this is a Layer 4 proxy
  • needs to make a private connection for every request as it is L4, it is bit more resource intensive

Graph View

Backlinks