Nginx reverse proxy failing with Stunnel and Mirth FHIR client

Solution 1:

In case somebody else stumbles across this obscure issue.

The Problem: The Mirth integration engine community version only supports http for FHIR, not https. Stunnel is an obvious choice to solve this problem. Install Stunnel on the source and destination servers and map http to https across the secure tunnel. However, if we wish the client Mirth instance to hit a Nginx reverse proxy Stunnel does not function correctly out of the box. To clarify the issue, consider the following Stunnel config:

[mirth]
client = yes
accept = 127.0.0.1:9080
connect = host.foo.bar:443

However, if Mirth connects the FHIR client to localhost which is then mapped to host.foo.bar, then only the 'localhost' host name is forwarded to the host.foo.bar server in the https request. This is an issue for the reverse proxy as it will try to forward a virtual host as 'localhost' rather than our internal Mirth server and port.

The Solution: The solution is cool. There are a bunch of DNS servers out there that return an embeded IP address from a hostname. For example, a look up on the host 'host.127.0.0.1.xip.io' will return '127.0.0.1'. This is useful as we can now tell the Mirth client to connect to host.127.0.0.1.xip.io. Stunnel will see this as 127.0.0.1, however our Nginx reverse proxy will read it as host.127.0.0.1.xip.io and be able to intelligently map it to the internal FHIR listener.