ssl_preread_server_name not extracted

Brian crazibri at gmail.com
Tue Sep 12 04:29:00 UTC 2017


I have the following file named test.stream which is being included via nginx.conf  stream { include /etc/nginx/conf.d/*.stream; }

the ssl_preread_server_name variable is not being extracted and I’m running Nginx/1.13.5 (via centos 7 nginx repo).  Any idea whats going on here?  tcpdump shows the SNI field. 

nginx -V
nginx version: nginx/1.13.5
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled


   map $ssl_preread_server_name $name {
       cm.example.com cm;
       ut.example.com ut;
   }
   upstream ut {
       server 10.0.0.76:9000;
   }
   upstream cm {
       server 10.0.0.61:9000;
   }

   log_format stream_routing '$remote_addr [$time_local] '
                         'with SNI name "$ssl_preread_server_name" '
                         'proxying to "$name" '
                         '$protocol $status $bytes_sent $bytes_received '
                         '$session_time';

   server {
        listen 443 ssl;

        #Certificate & Key .PEM Format
        ssl_certificate /etc/ssl/certs/internal_back.crt;
        ssl_certificate_key /etc/ssl/certs/internal_back.key;
        #CIPHERS
        include /etc/nginx/conf.d/tcp.common;

        proxy_pass $name;
        ssl_preread on;
        access_log /var/log/nginx/stream.log stream_routing;
        error_log /var/log/nginx/stream-error.log debug;
   }


stream.log shows:
107.0.0.186 [11/Sep/2017:20:30:22 -0700] with SNI name "" proxying to "" TCP 500 0 0 0.066
107.0.0.186 [11/Sep/2017:20:30:22 -0700] with SNI name "" proxying to "" TCP 500 0 0 0.048



Thank you,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170911/76750de4/attachment.html>


More information about the nginx mailing list