Nginx as Reverse Proxy and SSL Passthrough using Stream on Rocky Linux 8

In this example I will be putting an nginx reverse proxy in front of the three NSX-T Managers – as i am using multisite so cant use inbuilt VIP. I have built a Rocky Linux 8 machine with a minimal configuration.

NSX Managers will be on:

Install Nginx

dnf install nginx

Edit Nginx config and add include file

vi /etc/nginx/nginx.conf


include /etc/nginx/passthrough.conf;

Ensure it is outside of the http block or you may get this message:

nginx: [emerg] “stream” directive is not allowed here in /etc/nginx/passthrough.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed

Edit passthrough conf

vi /etc/nginx/passthrough.conf

stream {
    upstream nsx_managers {
        server max_fails=3 fail_timeout=5s;
        server max_fails=3 fail_timeout=5s;
        server max_fails=3 fail_timeout=5s;

log_format basic '$remote_addr [$time_local] '
                 '$protocol $status $bytes_sent $bytes_received '
                 '$session_time "$upstream_addr" '
                 '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';

    access_log /var/log/nginx/nsx_managers_access.log basic;
    error_log  /var/log/nginx/nsx_managers_error.log;

    server {
        listen 443;
        proxy_pass nsx_managers;
        proxy_next_upstream on;

Check nginx config

nginx -t

Start and enable nginx service

systemctl enable ---now nginx