Using SNI to route proxy_pass to upstream SSL host
David Mohl
dave at dave.cx
Sun Jun 23 03:35:43 UTC 2013
Hey guys,
I am trying to get the following setup running:
Nginx is listening to port 443. According to the users host (SNI), it should route the SSL requests to a upstream daemon / host which will take care of SSL certification, handshake and so on.
Nginx should not touch the request, just pass it.
Since SSL also encrypts the header, it makes this setup a little bit more difficult than expected. A hint on serverfault indicated that SNI might be useful for this?
My current experiment:
server { listen 443; server_name example01.com; location / { proxy_set_header Host $http_host; proxy_pass https://127.0.0.1:8001; } }
server { listen 443; server_name example02.com; location / { proxy_set_header Host $http_host; proxy_pass https://127.0.0.1:8002; } }
server { listen 443; server_name example03.com; location / { proxy_set_header Host $http_host; proxy_pass https://127.0.0.1:8003; } }
server { listen 443; server_name example04.com; location / { proxy_set_header Host $http_host; proxy_pass https://127.0.0.1:8004; } }
However, this doesn't seem to work.
Any ideas on this?
Cheers,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130623/5db444b0/attachment.html>
More information about the nginx
mailing list