This is my Setup Below

Server2
Server1
Client


When the client sends a https request to server1 i want server 1 to forward the https connection to server 2 then on return i want server 2 to pass connection to server 1 then back to the client .
I also need server2 to see the ip off server1 and clent to see the ip off server 1 if possible

I have done a setup simular to this before with nginx however the problem that i had is that nginx could not just forward the https connection as i needed to self sign the certificates so it came up with a browser warning .

I do not reguire to log anything or anything like that i just need the https connection to go from client to diffrent ip to server2 and on path back all info sent to server1 is forwarded to client but server2 to must think that client is in the usa even if he is in the uk so server2 will see server 1 ip

Maybee there is a diffrent way maybee server1 could be some sort off rooter or ip tunnel any suggestions will be apreshiated aslong as server 2 thinks it is connected to server1 and not client as i am trying to bypass geo location with https .

Dont think anyone will be able to help with this but i know it can be done but i cant figure out how for the life off me

all traffic to my domain is linked through dnsmask to server 1 so everyone on my network when they type my web address will be sent to server1 then i need them sent to server2 then back .The https connection will be accepted as the domain in the browser and the security certificate on server2 will match

I have centos hope someone can help

Hi
I am sorry, but I think that your chances for success are quite small (if I understood what you want to do).
But: it might depend what you mean with "see the IP of..." => "what" is supposed to see the source IP address?

In any case, basically: I think that the only way that the incoming connection from "CLIENT" through httpS can be handled by your "SERVER2" going through "SERVER1" is for "SERVER1" to be a level 2 (or 3?) kind-of-loadbalancer => that way the contents of the public certificate that CLIENT sends would not be touched by SERVER1 and then SERVER2 would be able to perform the handshake the usual way that httpS works... .

Implementing a normal proxy on SERVER1 would terminate there the client's httpS connection and on SERVER2 you would get only informations/certificates that relate to SERVER1 and not to the CLIENT.

Is this more or less what you want to do?
If yes, I think that in the current linux kernels there is already a level2/3 loadbalancer/proxy available as module... (but I cannot remember how it's called ).

That has nothing to do with Nginx but with the way SSL, and particularly self-signed certificates, works.


The origin server probably uses GeoIP for good reason. I suggest you read the legal status of what you're trying to accomplish from their TOS or AUP first. If this is about a commercial service then you should be aware such circumvention is not a topic for LQ.