<html><body><div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: #000000"><div>Good Advice, After doing some further research. Can you give me your opinion in regards to using the ssl_preread_server_name. So as long as I can get a SNI and then filter TCP connection to the proper server with that information. Does this sound doable ? </div><div><br data-mce-bogus="1"></div><div>My plan was to use TLS SNI to to identify and route TCP traffic based in SNI </div><div><br data-mce-bogus="1"></div><div><div><br data-mce-bogus="1"></div><div><div>map $ssl_preread_server_name $name {</div><div> X.X.X.X:11001/12345 12345;</div><div> X.X.X.X:11001/56789 56789;</div><div>}</div><div><br></div><div>upstream 12345 {</div><div> server 10.45.2.1:11001;</div><div>}</div><div><br></div><div>upstream 56789 {</div><div> server 10.45.2.5:11001;</div><div>}</div><div><br></div><div>server {</div><div> listen 11001;</div><div> proxy_pass $ssl_preread_server_name;</div><div> proxy_timeout 1440m;</div><div> proxy_connect_timeout 1440m;</div><div> ssl_preread on;</div><div>}</div></div></div><div><br></div><div><br></div><div><br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div><br></div><div data-marker="__SIG_PRE__"><div><span></span><div><span style="font-size: medium;"><strong>Best Regards,</strong> <br>
</span> <span style="color: #666666;"><b><span style="font-family: arial, helvetica, sans-serif;">
Brandon Mallory</span><br>
Network & Systems Engineer<br>
<span style="color: #339999;"><b>MEDENT EMR/EHR</b><br>
</span> <span style="color: #666666;"><b>
15 Hulbert Street<br>
Auburn, NY 13021<br>
Phone: <span class="Object" id="OBJ_PREFIX _DWT174_com_zimbra_phone"><a href="callto:(315)-255-0900" target="_blank">(315)-255-0900</a></span><br>
Fax: <span class="Object" id="OBJ_PREFIX_DWT175_com_zimbra_phone"><a href="callto:(315)-255-3539" target="_blank">(315)-255-3539</a></span><a><br>
Web: <span class="Object" id="OBJ_PREFIX_DWT177_com_zimbra_url"></span></a><a target="_blank" href="http://www.medent.com">www.medent.com</a></b></span></b></span><b><b><br><br>
<img src="https://webmail.medent.com/zimbra/sigs/defmailsig_nocchit.jpg" style="border: 0pt none;"><br><br>
This message and any attachments may contain information that is protected by law as privileged and confidential, and is transmitted for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any use, dissemination, copying or retention of this e-mail or the information contained herein is strictly prohibited. If you received this e-mail in error, please immediately notify the sender by e-mail, and permanently delete this e-mail.<br></b></b></div><div><b><b><br><span></span><br></b></b></div></div></div><div><br></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><b>From: </b>"Francis Daly" <francis@daoine.org><br><b>To: </b>"nginx" <nginx@nginx.org><br><b>Sent: </b>Tuesday, March 5, 2019 6:52:12 PM<br><b>Subject: </b>Re: Advice in regards to configuration<br></div><div><br></div><div data-marker="__QUOTED_TEXT__">On Mon, Mar 04, 2019 at 04:30:00PM -0500, Brandon Mallory wrote:<br><br>Hi there,<br><br>> I was thinking I could have the windows client point to a public ip and then a location maybe account number. So it would look like <br>> <br>> Client 1<br>> public ip/12345 forward to private IP 10.45.2.1 (linux server)<br>> Client 2<br>> Public ip/54321 forward to private IP 10.45.2.2 (linux server)<br>> <br>> Similar to how http uses the location <br>> Www.domain.com/test you can forward to a location <br><br>If your application makes http requests, then you can use nginx's http<br>system to proxy_pass each request to a suitable upstream. You can,<br>for example, use different upstreams for different requests (location).<br><br>If you application does not make http requests, then you can use nginx's<br>stream system to proxy_pass each connection to a suitable upstream. There<br>is no http request, so there is no location block to use. You need to find<br>some way of determining the correct upstream for each incoming connection.<br><br>One way is to have nginx listen on multiple ports, so that anyone<br>connecting to nginx:10001 has the connection proxied to 10.45.2.1:10101,<br>and anyone connecting to nginx:10002 has the connection proxied to<br>10.45.2.2:10101.<br><br> f<br>-- <br>Francis Daly francis@daoine.org<br>_______________________________________________<br>nginx mailing list<br>nginx@nginx.org<br>http://mailman.nginx.org/mailman/listinfo/nginx<br></div></div></body></html>