01
10
25
 1 Comment

Nginx TCP proxy with SSL Termination

Posted by | Nginx, Ubuntu |

Obtaining the certificates

Obtain private and public keys from exported pfx file:

openssl pkcs12 -in ldaps.pfx -nocerts -nodes -out ldap.key
openssl pkcs12 -in ldaps.pfx -clcerts -nokeys -out ldap.crt

Nginx configuration

sudo nano /etc/nginx/nginx.conf

stream {

    upstream ldap_backend {
        server 192.168.0.123:389;
    }

    server {
        listen 12345;
        proxy_pass ldap_backend;
    }

    server {
        listen 12346 ssl;

        proxy_pass ldap_backend;

        ssl_certificate     /home/dmitriano/dev/ssl/ldap.crt;
        ssl_certificate_key /home/dmitriano/dev/ssl/ldap.key;

        # Optional:
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;
    }
}

Testing

export ad_ip="192.168.0.122"
export ad_user="administrator@my.local"
export ad_password="1234@abc"
 
export LDAPTLS_REQCERT=never
 
ldapsearch -H ldaps://$ad_ip:12346 -x -D $ad_user -w $ad_password -b "DC=my,DC=local" \
    -s sub -a always -z 1000 "(objectClass=user)" "serviceClassName" "serviceDNSName" "objectClass"

1 Response to Nginx TCP proxy with SSL Termination

  1. dmitriano says:
    October 1, 2025 at 10:29 am

    NGINX SSL Termination
    https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/

    Reply

Leave a Reply to dmitriano Cancel reply

Your email address will not be published. Required fields are marked *