Nginx TCP转发

939次阅读

编译NGINX时加入 –with-stream选项

upstream backend {
   server xxxxxx.com:443 ;
}
server {
    listen 443;
    proxy_pass backend;
    proxy_connect_timeout 5s;
    proxy_timeout 15s;
    error_log /var/log/nginx/tcp_xxxxxx.com.log info;
}

问题:443端口只能被https://xxxxxx.com占用,无法给其他域名的代理提供作用

Nginx(1.11+),编译时加入:–with-stream 和 –with-stream_ssl_preread_module 两个选项

#$ssl_preread_server_name #通过SNI请求的服务器名称
map $ssl_preread_server_name $real_server {
    xxxxxx.com    xxx;
    yyyyyy.com    yyy;
}
upstream xxx{
    server xxxxxx.com:443;
}
upstream yyy{
    server yyyyyy.com:443;
}
server {
    listen 443;
    ssl_preread on;  #允许在预读阶段从ClientHello消息中提取信息
    resolver 8.8.8.8;
    proxy_pass $real_server;
    proxy_connect_timeout 5s;
    proxy_timeout 15s;
    error_log /var/log/nginx/stream_ssl_preread.log info;
}

多域名做tcp层的代理

正文完