编译NGINX时加入 –with-stream选项
upstream backend {
server xxxxxx.com:443 ;
}
server {
listen 443;
proxy_pass backend;
proxy_connect_timeout 5s;
proxy_timeout 15s;
error_log /var/log/nginx/tcp_xxxxxx.com.log info;
}问题:443端口只能被https://xxxxxx.com占用,无法给其他域名的代理提供作用
Nginx(1.11+),编译时加入:–with-stream 和 –with-stream_ssl_preread_module 两个选项
#$ssl_preread_server_name #通过SNI请求的服务器名称
map $ssl_preread_server_name $real_server {
xxxxxx.com xxx;
yyyyyy.com yyy;
}
upstream xxx{
server xxxxxx.com:443;
}
upstream yyy{
server yyyyyy.com:443;
}
server {
listen 443;
ssl_preread on; #允许在预读阶段从ClientHello消息中提取信息
resolver 8.8.8.8;
proxy_pass $real_server;
proxy_connect_timeout 5s;
proxy_timeout 15s;
error_log /var/log/nginx/stream_ssl_preread.log info;
}
多域名做tcp层的代理
正文完