问题
I’ve been trying to use NGINX as a TLS terminator for my PostgreSQL database but without success.
When I try to connect to the database I get the following error:
server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request.
When I remove the ssl option in listen I can connect without any errors. I’ve tried running another service(Eclipse Mosquitto) with the same NGINX settings, TLS enabled, and it works fine.
I’m using Postico as DB tool.
Here are the NGINX settings I'm using.
# nginx.conf
stream {
server {
listen 20000 ssl; # Can’t connect with postgre but with mosquito
# listen 20000; # Can connect with postgre and mosquitto
proxy_pass 192.168.1.123:30000;
include /home/custom/ssl_conf.conf;
}
}
# ssl_conf.conf
ssl_certificate /etc/nginx/fullchain.pem;
ssl_certificate_key /etc/nginx/privkey.pem;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
回答1:
As described in that similar question, the problem is probably that Postgres uses application-level protocol negotation, so a simple proxy will probably not work. See also
https://github.com/envoyproxy/envoy/issues/10942
来源:https://stackoverflow.com/questions/45542830/nginx-tls-termination-for-postgresql