A couple weeks ago, I added some stuff to my #Nginx config to multiplex SSH and TLS on port 443. Turns out, this FUBARs the downstream TLS logging pretty badly.
Anybody have a working config for this use case? #lazyWeb
@feld thanks — that's pretty similar to what I've got (I'm using `$ssl_preread_protocol` instead of `$ssl_preread_alpn_protocol`, is the only diff).
The problem I'm having is the access logs for the HTTPS upstream record 127.0.0.1 as the remote_addr in the log — which, I understand _why_, that's where the request looks like it's coming from at that point — but I'm not sure how to get the actual remote_addr logged.
yeah that is strange because I thought that it was passing through the connection pretty much transparently and not terminating it / proxying so the source IP isn't lost ... 🧐
feld
in reply to genehack • • •this is how we do it for Chatmail (ignore the template markup)
github.com/feld/chatmail-cookb…
chatmail-cookbook/templates/default/nginx.conf.erb at master · feld/chatmail-cookbook
GitHubgenehack
in reply to feld • • •@feld thanks — that's pretty similar to what I've got (I'm using `$ssl_preread_protocol` instead of `$ssl_preread_alpn_protocol`, is the only diff).
The problem I'm having is the access logs for the HTTPS upstream record 127.0.0.1 as the remote_addr in the log — which, I understand _why_, that's where the request looks like it's coming from at that point — but I'm not sure how to get the actual remote_addr logged.
feld
in reply to genehack • • •