Add a method to combine ssl_preread_protocol and ssl_preread_server_name in the stream configuration.
e.g. right now, I can handle SSL-SSH-Port-Multiplexing.
I can also handle SSL-SNI-Passthrough.
But I can't use SSL-SNI-Passthrough together with SSL-SSH-Port-Multiplexing.
This forces me to use haProxy instead, which can do this.
==> https://serverfault.com/questions/1049158
stream{.
upstream ssh
{
server 127.0.0.1:22;
}
upstream https_default_backend
{
server 127.0.0.1:443;
}
upstream daniel_backend
{
server 127.0.0.1:5005;
}
map $ssl_preread_protocol $upstream
{
default ssh;
"TLSv1.3" https_default_backend;
"TLSv1.2" https_default_backend;
"TLSv1.1" https_default_backend;
"TLSv1" https_default_backend;
}
map $ssl_preread_server_name $name
{
localhost daniel_backend;
prodesk daniel_backend;
daniel-steiger.ch daniel_backend;
www.daniel-steiger.ch daniel_backend;
default https_default_backend;
}
# SSH and SSL on the same port
server {
listen 443;
ssl_preread on;
#proxy_protocol on;
# proxy_pass $upstream;
proxy_pass $name;
}
}
Edited 1 time(s). Last edit at 01/10/2021 05:12AM by schmierfink.