23Eyl
How nginx proxy to communicate with remote softHSM for offloading?
I am setting up a nginx proxy. It requires to use HSM for TLS offloading. So I configure nginx that enables ssl_engine pkcs11;; instead of indicating ssl_certificate_key file path, I use pkcs11 URI to point to the private key in HSM. It is easy if I use a local hsm (physical hsm or softhsm). However in case I want to use remote HSM, how to configure the hsm host so that nginx can refer to.
With some specific physical HSM provider, for example Thales, or AWS cloud hsm, they will provide the API. In my case, it is different.
Specifically, I set up nginx proxy and softhsm in 2 separate docker containers, how to enable nginx to know which softhsm container it needs to contact to look up the URI.
Thank you for your help.
