This repository contains the Nginx TLS Random Module which is an extension for Nginx to extract and display the client_random
and server_random
used in the TLS protocol. These random values are key components in the encryption process and can be useful for debugging and analysis purposes.
The nginx-tls-random-module
hooks into the SSL handshake process and captures the client_random
and server_random
values. It provides several variables that can be used in the Nginx configuration to obtain the random keys:
tls_server_random
tls_client_random
After the module has been compiled and installed, you can enable it in your Nginx configuration file:
load_module /usr/local/nginx/modules/ngx_tls_random_module.so;
http {
server {
listen 443 ssl http2;
server_name my.org;
ssl_certificate /etc/nginx/ssl/my.pem;
ssl_certificate_key /etc/nginx/ssl/my.key;
location / {
proxy_pass http://backend:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-ServerRandom $tls_server_random;
proxy_set_header X-ClientRandom $tls_client_random;
}
}
}
Each time a TLS connection is established, the client_random
and server_random
values are passed to the backend program through the request headers.
This repository includes a Dockerfile which uses a multi-stage build process to compile and install Nginx along with the nginx-tls-random-module
.
To build the Docker image, navigate to the root directory of the repository and run:
docker build -t ngx:debian -f build/nginx-tls-random-module/debian/Dockerfile .
If you prefer Alpine, you can build an Alpine image with the following command:
docker build -t ngx:alpine -f build/nginx-tls-random-module/alpine/Dockerfile .
This will create a Docker image named ngx:debian
which you can run using:
docker run -p 80:80 ngx:debian
Please note that the Nginx image built by the Dockerfile is intended for development environments only. If you want to use it in a production environment, it is recommended to extract /usr/local/nginx/modules/ngx_tls_random_module.so
from the image, and dynamically load it in the production environment.
Contributions to this project are welcome. Please open a pull request or issue on the GitHub repository.