Is it possible to configure nginx to use a certificate from another server?

N

Nikolai Savelyev2021-01-04 09:33:48

Nginx

Nikolai Savelyev, 2021-01-04 09:33:48

I'm testing one thing written in node.js.
It has built-in cerbot functionality from letsencrypt. The problem is that there is no direct access to the virtual machine on which I run all this from the Internet, only through the nginx reverse proxy. Is it possible to configure nginx in such a way that it simply sticks out the certificate already in the application, and does not encrypt anything itself?
At the same time, other sites with their certificates are already hanging on the proxy.
My knowledge says it's impossible, but you never know...

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Anton Solomonov, 2021-01-04
@Wendor

No. This will already turn out MITM (Man in the Middle).
Actually, in addition to encryption, certificates are needed to prevent this.
Most likely you will be able to proxy via streams. This is a simple redirect of tcp traffic, but it is not compatible with your option with a bunch of sites on the host.

A

Alexey Dmitriev, 2021-01-04
@SignFinder

Create a virtualhost with the name you need on nginx, copy the certificate from your "thing" to the server, attach it to nginx, and proxy requests to your thing from nginx - either via https or http

C

CityCat4, 2021-01-04
@CityCat4

A certificate from another server (different name) can be used if you give your server the same name and have the private key of this certificate. A certificate is in the full sense a certificate that is issued to a given name and confirms by the authority of the CA that issued it (in the case of LE, I would be careful) that this is really the site that it claims to be.