To configure Nginx to perform SSL/TLS passthrough with TCP load balancing, you will need to use the proxy_pass directive in the Nginx configuration.
First, you will need to define a server block for the backend servers that you want to load balance. In this block, you should specify the listen directive with the ssl parameter, and set the proxy_pass directive to the backend server's address:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/ssl/certificate.pem;
ssl_certificate_key /path/to/ssl/key.pem;
location / {
proxy_pass https://backend_server;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
}
This configuration will pass incoming SSL/TLS traffic through to the backend server, without terminating the SSL/TLS connection at Nginx.
To enable TCP load balancing, you can use the upstream directive to define a group of backend servers, and then set the proxy_pass directive to the name of the upstream group:
upstream backend_servers {
server backend1.example.com:443;
server backend2.example.com:443;
server backend3.example.com:443;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/ssl/certificate.pem;
ssl_certificate_key /path/to/ssl/key.pem;
location / {
proxy_pass https://backend_servers;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
}
This configuration will load balance incoming traffic across the backend servers in the backend_servers upstream group.
You may also want to consider adding additional configuration options, such as proxy_ssl_session_reuse and proxy_ssl_server_name, to optimize the SSL/TLS connection between Nginx and the backend servers.
Remember to reload Nginx after making any changes to the configuration.