We use an Application Load Balancer behind which we have an nginx server. Our client has asked us to implement mTLS but I don't think that works if the ALB terminates TLS connections.
I know that our ALB currently swaps out the self-signed certificate of our nginx server and replaces it with its own, which is a pretty good indication that it terminates TLS connections.
If we can't change that we'd have to switch to an NLB instead.
Can an ALB be configured to work without terminating TLS connections in AWS, or is that impossible?
CodePudding user response:
You are correct. ALB unfortunately does not support mTLS at this time, (I really wish AWS would add that feature). And since ALB needs to terminate the SSL connection in order to do all the things it does like path forwarding, etc.. there is no way for them to add TCP pass-through to the ALB. You will need to switch to an NLB, and handle all the SSL certificate stuff on your server.