Welcome! Log In Create A New Profile

Advanced

Add a method to combine ssl_preread_protocol and ssl_preread_server_name in the stream configuration

Posted by schmierfink 
Forum List Message List New Topic
schmierfink
Add a method to combine ssl_preread_protocol and ssl_preread_server_name in the stream configuration
January 10, 2021 05:11AM
Add a method to combine ssl_preread_protocol and ssl_preread_server_name in the stream configuration.

e.g. right now, I can handle SSL-SSH-Port-Multiplexing.
I can also handle SSL-SNI-Passthrough.
But I can't use SSL-SNI-Passthrough together with SSL-SSH-Port-Multiplexing.
This forces me to use haProxy instead, which can do this.
==> https://serverfault.com/questions/1049158


stream{.

upstream ssh
{
server 127.0.0.1:22;
}

upstream https_default_backend
{
server 127.0.0.1:443;
}

upstream daniel_backend
{
server 127.0.0.1:5005;
}


map $ssl_preread_protocol $upstream
{
default ssh;
"TLSv1.3" https_default_backend;
"TLSv1.2" https_default_backend;
"TLSv1.1" https_default_backend;
"TLSv1" https_default_backend;
}


map $ssl_preread_server_name $name
{
localhost daniel_backend;
prodesk daniel_backend;
daniel-steiger.ch daniel_backend;
www.daniel-steiger.ch daniel_backend;
default https_default_backend;
}


# SSH and SSL on the same port
server {
listen 443;

ssl_preread on;
#proxy_protocol on;

# proxy_pass $upstream;
proxy_pass $name;
}

}



Edited 1 time(s). Last edit at 01/10/2021 05:12AM by schmierfink.
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 133
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready