Run workloads on the same IP using NGINX Stream and HTTP configurations in parallel
Daniel Nashed – 20 February 2026 19:53:53
Today I am working on a K8s lab environment where I only have one external IP.
That means I can only have one NGINX instance listening to the public IP on 443.
But what if I have different type of work-loads.
Some need TLS termination like the Rancher admin interface
Others would work well to send the traffic dispatched on TCP level like Domino requesting it's own certificates via CertMgr
Both are possible at the same time when thinking outside the box.
Every HTTPS request will first hit NGINX on the "stream" configuration
The stream configuration gets the SNI name using a SNI NGINX stream configuration
In case it matches a host that needs TLS termination the request is dispatched to a local port 8443 on the same NGINX instance
The NGINX instance on 8443 terminates the traffic and sends the request to the backend
The backend is still HTTPS but with a private certificate
Using this type of setup you can use a single NGINX DaemonSet to dispatch all your traffic.
The same kind of configuration would also work on Docker. But in my case this is sitting behind a K8s MetalLB to receive all the K8s cluster lab traffic.
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}