Advice in regards to configuration

Brandon Mallory brandonm at medent.com
Wed Mar 6 20:49:15 UTC 2019


Good Advice, After doing some further research. Can you give me your opinion in regards to using the ssl_preread_server_name. So as long as I can get a SNI and then filter TCP connection to the proper server with that information. Does this sound doable ? 

My plan was to use TLS SNI to to identify and route TCP traffic based in SNI 


map $ssl_preread_server_name $name { 
X.X.X.X:11001/12345 12345; 
X.X.X.X:11001/56789 56789; 
} 

upstream 12345 { 
server 10.45.2.1:11001; 
} 

upstream 56789 { 
server 10.45.2.5:11001; 
} 

server { 
listen 11001; 
proxy_pass $ssl_preread_server_name; 
proxy_timeout 1440m; 
proxy_connect_timeout 1440m; 
ssl_preread on; 
} 







Best Regards, 
Brandon Mallory 
Network & Systems Engineer 
MEDENT EMR/EHR 
15 Hulbert Street 
Auburn, NY 13021 
Phone: [ callto:(315)-255-0900 | (315)-255-0900 ] 
Fax: [ callto:(315)-255-3539 | (315)-255-3539 ] 
Web: [ http://www.medent.com/ | www.medent.com ] 



This message and any attachments may contain information that is protected by law as privileged and confidential, and is transmitted for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any use, dissemination, copying or retention of this e-mail or the information contained herein is strictly prohibited. If you received this e-mail in error, please immediately notify the sender by e-mail, and permanently delete this e-mail. 




From: "Francis Daly" <francis at daoine.org> 
To: "nginx" <nginx at nginx.org> 
Sent: Tuesday, March 5, 2019 6:52:12 PM 
Subject: Re: Advice in regards to configuration 

On Mon, Mar 04, 2019 at 04:30:00PM -0500, Brandon Mallory wrote: 

Hi there, 

> I was thinking I could have the windows client point to a public ip and then a location maybe account number. So it would look like 
> 
> Client 1 
> public ip/12345 forward to private IP 10.45.2.1 (linux server) 
> Client 2 
> Public ip/54321 forward to private IP 10.45.2.2 (linux server) 
> 
> Similar to how http uses the location 
> Www.domain.com/test you can forward to a location 

If your application makes http requests, then you can use nginx's http 
system to proxy_pass each request to a suitable upstream. You can, 
for example, use different upstreams for different requests (location). 

If you application does not make http requests, then you can use nginx's 
stream system to proxy_pass each connection to a suitable upstream. There 
is no http request, so there is no location block to use. You need to find 
some way of determining the correct upstream for each incoming connection. 

One way is to have nginx listen on multiple ports, so that anyone 
connecting to nginx:10001 has the connection proxied to 10.45.2.1:10101, 
and anyone connecting to nginx:10002 has the connection proxied to 
10.45.2.2:10101. 

f 
-- 
Francis Daly francis at daoine.org 
_______________________________________________ 
nginx mailing list 
nginx at nginx.org 
http://mailman.nginx.org/mailman/listinfo/nginx 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190306/2a56abb1/attachment.html>


More information about the nginx mailing list