I have bunch of Ubuntu servers, mostly running nginx for serving web pages. I want to be able to capture & dissect the traffic for analyzing or troubleshooting certain app and API issues.
I need this because we are having integration problems with 3rd parties, we need to be able to provide proof about issues when needed. (We have app logs, too of course.)
Despite having the private key, I'm unable to decrypt this traffic, due to elliptic curve I'm told.
At the moment I'm using a method which seems a bit hackish to me.
Suppose letters A and B are ports, X and Y are my linux boxes.
A: HTTPS /TCP 443
B: HTTP / TCP 8888
Incoming traffic flow is as below:
Public (Internet) --> FIREWALL --> A of X (nginx-rev-proxy with our ssl certs) ---> FIREWALL ---> B of Y
I'm able to capture traffic, bound for tcp 8888 on X or Y and dissect it. This allows me to export documents
POSTed to our API by 3rd parties and prove if there is anything wrong or if that document was
POSTed at all.
Security-wise, what would be the better way or what could I do to improve on this method?
Apologies for any wrong terminology. Please comment if you need more info.