- 代理服务器, 配置proxy_pass 写入sni
server {
listen 80;
listen 443 ssl;
server_name ~^([\w-]+)\.aaa\.cn$;
set $sub_name $1;
set $proxy_sub_name $1.bbb.cn;
ssl_certificate /certs/aaa.cn.crt;
ssl_certificate_key /certs/aaa.cn.key;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /certs/aaa.cn.crt;
location / {
proxy_pass https://43.12.80.34:443$request_uri;
proxy_read_timeout 300s;
proxy_ssl_name $proxy_sub_name;
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_session_reuse off;
}
}
- $ssl_server_name 获取sni, 如何判断进行响应
server {
listen 443 ssl;
location / {
set $backend_url "";
if ($ssl_server_name = "test1.aaa.cn") {
set $backend_url http://172.17.0.1:10000/;
}
if ($ssl_server_name = "test2.aaa.cn") {
set $backend_url http://172.17.0.1:9830/;
}
if ($ssl_server_name = "test3.aaa.cn") {
set $backend_url http://172.17.0.1:9820/;
}
if ($ssl_server_name = "test4.aaa.cn") {
set $backend_url http://172.17.0.1:9810/;
}
proxy_pass $backend_url$request_uri;
}
}
