0
点赞
收藏
分享

微信扫一扫

Nginx 使用sni进行反代, 已经通过sni判断

_铁马冰河_ 2023-12-19 阅读 32


  1. 代理服务器, 配置proxy_pass 写入sni

server {
    listen       80;
    listen       443 ssl;
    server_name  ~^([\w-]+)\.aaa\.cn$;
    
    set $sub_name $1;
    set $proxy_sub_name $1.bbb.cn;

    ssl_certificate     /certs/aaa.cn.crt;
    ssl_certificate_key /certs/aaa.cn.key;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /certs/aaa.cn.crt;

    location / {
        proxy_pass                       https://43.12.80.34:443$request_uri;
        proxy_read_timeout               300s;
	      proxy_ssl_name $proxy_sub_name;
        proxy_ssl_server_name on;
        proxy_ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        proxy_ssl_session_reuse off;
     }
   }

  1. $ssl_server_name 获取sni, 如何判断进行响应

server {
        listen       443 ssl;
        location / {
          	set $backend_url "";    

            if ($ssl_server_name = "test1.aaa.cn") {
                set $backend_url   http://172.17.0.1:10000/;
            }
            if ($ssl_server_name = "test2.aaa.cn") {
                set $backend_url   http://172.17.0.1:9830/;
            }
            if ($ssl_server_name = "test3.aaa.cn") {
                set $backend_url    http://172.17.0.1:9820/;
            }
            if ($ssl_server_name = "test4.aaa.cn") {
                set $backend_url     http://172.17.0.1:9810/;
            }
            proxy_pass $backend_url$request_uri;
        }
    }


举报

相关推荐

0 条评论