TCP connection limit on dynamic backend

R, Rajkumar (Raj) rajkumaradass at
Tue Mar 26 09:13:44 UTC 2019


Using nginx in TCP/Stream mode and would like to limit the number of active connection to my backend server whereas the backend is resolved dynamically based on the SNI header ($ssl_preread_server_name).  But this does not allow any connections to the backend with below config.  I see examples of limiting backend connections if the backend server block is pre configured.

Could you please confirm if this achievable or supported currently with Stream mode?

Below is the related config part.

map $ssl_preread_server_name $backend_svr {
      ~^(\w+) $1-tcp.default.svc.cluster.local;

limit_conn_zone $ssl_preread_server_name zone=perserver:10m;

server {
      listen      443 reuseport so_keepalive=30s:30s:3 backlog=64999;
      proxy_pass $backend_svr:443;
      limit_conn perserver 255;
      ssl_preread on;


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list