Can nginx do TCP load balance with SSL termination
Nginx can act as L3/4 balancer with stream module: https://www.nginx.com/resources/admin-guide/tcp-load-balancing/
Because SSL still tcp - Nginx can proxy SSL traffic without termination.
Also stream module can terminate SSL traffic, but it's optional.
Example 1: TCP tunnel for IMAP over SSL without SSL termination
stream { upstream stream_backend { server backend1.example.com:993; server backend2.example.com:993; } server { listen 993; proxy_pass stream_backend; }}
In this case, SSL termination processed by backend1/2.
Example 2: TCP tunnel for IMAP with SSL termination.
stream { upstream stream_backend { server backend1.example.com:443; server backend2.example.com:443; } server { listen 993 ssl; proxy_pass stream_backend; ssl_certificate /etc/ssl/certs/server.crt; ssl_certificate_key /etc/ssl/certs/server.key; }}
In this case traffic between nginx and backend1/2 unencrypted (IMAP 443 port used).
Example 3: Receive unencrypted and encrypt it
stream { upstream stream_backend { server backend1.example.com:993; server backend2.example.com:993; } server { listen 443; proxy_pass stream_backend; proxy_ssl on; proxy_ssl_certificate /etc/ssl/certs/backend.crt; proxy_ssl_certificate_key /etc/ssl/certs/backend.key; }}
So, clients connect to our nginx without SSL and this traffic proxed to backend1/2 using SSL encryption.