Routing based on ALPN

Vladimir Homutov vl at nginx.com
Mon Feb 19 11:45:15 UTC 2018


On Mon, Feb 19, 2018 at 12:02:06PM +0100, Wiktor Kwapisiewicz via nginx wrote:
> Hello,
>
> I'm looking for a way to route traffic on port 443 based on ALPN value
> without SSL termination.
>
> ssl_preread_module [1] does something similar but the only exposed
> variable ($ssl_preread_server_name) is for SNI, not ALPN.
>
> A bit of context. I'd like to use nginx to host regular HTTPS server on port
> 443 but if the ALPN value is 'xmpp-client' transparently proxy the traffic
> to my local Jabber server. This feature [2] is already supported by several
> XMPP clients.
>
> Is there a way to access and save ALPN value to a variable?

Hello,

currently this is not possible; as you correctly noted, ssl_preread
module only processes SNI extension.
To achieve what you want, ssl_preread module needs to be extended to process
ALPN extension as well and export results as a variable, that could be
used to make routing decision.




More information about the nginx mailing list