With nginx it's quite simple, just ensure that your nginx is compiled
with stream_ssl_preread_module:
stream {
map $ssl_preread_server_name $upstream {
"app1.example.com" 127.0.0.1:5000;
"app2.example.com" 127.0.0.1:5001;
}
server {
listen 1965;
proxy_pass $upstream;
ssl_preread on;
}
}
On Tue, May 25, 2021 at 10:34 PM panda-roux <contact@panda-roux.dev> wrote:
>
> I just re-read your message and saw you're wanting SNI-based routing.
> Bear in mind that the configuration file I sent deals only with
> domain-name based filtering based on sub-string comparisons. I haven't
> tried anything else yet.
>
> Please let us know if you do get that working though!
>
> panda-roux
>
> On 5/25/2021 1:30 PM, panda-roux wrote:
> > I am using HAProxy. Here's my config for some inspiration:
> > https://gist.github.com/panda-roux-dev/9142cf01ad3b29aa86120c7cd90d5b95
> >
> > It was a headache to set up because I'd never used it before and 99%
> > of the search results online are concerning its HTTP usage, but
> > eventually figured out something that works in TCP-mode.
> >
> > Note that I'm using TLS passthrough rather than having HAProxy take
> > care of encryption. This is in order to let each back-end server use
> > certificates with its corresponding domain name listed in them.
> >
> > Good luck.
> >
> > panda-roux
> >
> > On 5/25/2021 1:05 PM, Michael Lazar wrote:
> >> Greetings,
> >>
> >> Has anyone gotten a reverse proxy server working with gemini?
> >> Specifically, I'm looking for something that can listen on port 1965
> >> and route encrypted traffic to other ports based on the TLS SNI. I
> >> don't want to do TLS termination at the proxy-layer because I need to
> >> support client certificates on the destination servers.
> >>
> >> From my research, it looks like Nginx and HAProxy both claim to
> >> support TLS routing like this, but I can't for the life of me figure
> >> out how to configure either of them :/
> >>
> >> Best,
> >> Michael
---
Previous in thread (3 of 8): 🗣️ panda-roux (contact (a) panda-roux.dev)
Next in thread (5 of 8): 🗣️ Nikolay Korotkiy (sikmir (a) gmail.com)