Good Advice, After doing some further research. Can you give me your opinion in regards to using the ssl_preread_server_name. So as long as I can get a SNI and then filter TCP connection to the proper server with that information. Does this sound doable ?
My plan was to use TLS SNI to to identify and route TCP traffic based in SNI
map $ssl_preread_server_name $name {
X.X.X.X:11001/12345 12345;
X.X.X.X:11001/56789 56789;
}
upstream 12345 {
server 10.45.2.1:11001;
}
upstream 56789 {
server 10.45.2.5:11001;
}
server {
listen 11001;
proxy_pass $ssl_preread_server_name;
proxy_timeout 1440m;
proxy_connect_timeout 1440m;
ssl_preread on;
}
Best Regards,
Brandon Mallory
Network & Systems Engineer
MEDENT EMR/EHR
15 Hulbert Street
Auburn, NY 13021
Phone: [ callto:(315)-255-0900 | (315)-255-0900 ]
Fax: [ callto:(315)-255-3539 | (315)-255-3539 ]
Web: [ http://www.medent.com/ | www.medent.com ]
This message and any attachments may contain information that is protected by law as privileged and confidential, and is transmitted for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any use, dissemination, copying or retention of this e-mail or the information contained herein is strictly prohibited. If you received this e-mail in error, please immediately notify the sender by e-mail, and permanently delete this e-mail.
From: "Francis Daly" <francis@daoine.org>
To: "nginx" <nginx@nginx.org>
Sent: Tuesday, March 5, 2019 6:52:12 PM
Subject: Re: Advice in regards to configuration
On Mon, Mar 04, 2019 at 04:30:00PM -0500, Brandon Mallory wrote:
Hi there,
> I was thinking I could have the windows client point to a public ip and then a location maybe account number. So it would look like
>
> Client 1
> public ip/12345 forward to private IP 10.45.2.1 (linux server)
> Client 2
> Public ip/54321 forward to private IP 10.45.2.2 (linux server)
>
> Similar to how http uses the location
> Www.domain.com/test you can forward to a location
If your application makes http requests, then you can use nginx's http
system to proxy_pass each request to a suitable upstream. You can,
for example, use different upstreams for different requests (location).
If you application does not make http requests, then you can use nginx's
stream system to proxy_pass each connection to a suitable upstream. There
is no http request, so there is no location block to use. You need to find
some way of determining the correct upstream for each incoming connection.
One way is to have nginx listen on multiple ports, so that anyone
connecting to nginx:10001 has the connection proxied to 10.45.2.1:10101,
and anyone connecting to nginx:10002 has the connection proxied to
10.45.2.2:10101.
f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
