Ngx stream ssl preread module

From wikinotes
Revision as of 23:50, 15 July 2020 by Will (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This nginx module lets you reuse the same port to direct different types of traffic to different ports.
For example, you can handle HTTP/HTTPS/SSH all on the same port.

Documentation

official docs https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html?_ga=2.90395418.1439672844.1594778314-455635611.1594511515#var_ssl_preread_protocol

Tutorials

official intro/announcement https://www.nginx.com/blog/running-non-ssl-protocols-over-ssl-port-nginx-1-15-2/

Example

stream {
    # traffic types
    upstream ssh {
        server 192.0.2.1:22;
    }

    upstream web {
        server 192.0.2.2:443;
    }

    # map behaviour by protocol type
    map $ssl_preread_protocol $upstream {
        default ssh;
        "TLSv1.2" web;
    }

    # SSH and SSL on the same port
    server {
        listen 443;

        proxy_pass $upstream;
        ssl_preread on;
    }
}
Retrieved from "http://willpittman.net:8080/index.php?title=Ngx_stream_ssl_preread_module&oldid=19463"