Nginx 使用sni进行反代, 已经通过sni判断

Posted on by hackdl

  1. 代理服务器, 配置proxy_pass 写入sni
server {
    listen       80;
    listen       443 ssl;
    server_name  ~^([w-]+).aaa.cn$;
    
    set $sub_name $1;
    set $proxy_sub_name $1.bbb.cn;

    ssl_certificate     /certs/aaa.cn.crt;
    ssl_certificate_key /certs/aaa.cn.key;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /certs/aaa.cn.crt;

    location / {
        proxy_pass                       https://43.12.80.34:443$request_uri;
        proxy_read_timeout               300s;
	      proxy_ssl_name $proxy_sub_name;
        proxy_ssl_server_name on;
        proxy_ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        proxy_ssl_session_reuse off;
     }
   }
  1. $ssl_server_name 获取sni, 如何判断进行响应
server {
        listen       443 ssl;
        location / {
          	set $backend_url "";    

            if ($ssl_server_name = "test1.aaa.cn") {
                set $backend_url   http://172.17.0.1:10000/;
            }
            if ($ssl_server_name = "test2.aaa.cn") {
                set $backend_url   http://172.17.0.1:9830/;
            }
            if ($ssl_server_name = "test3.aaa.cn") {
                set $backend_url    http://172.17.0.1:9820/;
            }
            if ($ssl_server_name = "test4.aaa.cn") {
                set $backend_url     http://172.17.0.1:9810/;
            }
            proxy_pass $backend_url$request_uri;
        }
    }

服务器托管,北京服务器托管,服务器租用,机房机柜带宽租用

服务器托管

咨询:董先生

电话13051898268 QQ/微信93663045!

上一篇:
下一篇: