W3cubDocs

/nginx

Module ngx_stream_ssl_preread_module

Example Configuration
Directives
ssl_preread
Embedded Variables

The ngx_stream_ssl_preread_module module (1.11.5) allows extracting information from the ClientHello message without terminating SSL/TLS, for example, the sever name requested through SNI. This module is not built by default, it should be enabled with the --with-stream_ssl_preread_module configuration parameter.

Example Configuration

map $ssl_preread_server_name $name {
    backend.example.com      backend;
    default                  backend2;
}

upstream backend {
    server 192.168.0.1:12345;
    server 192.168.0.2:12345;
}

upstream backend2 {
    server 192.168.0.3:12345;
    server 192.168.0.4:12345;
}

server {
    listen      12346;
    proxy_pass  $name;
    ssl_preread on;
}

Directives

Syntax:	`ssl_preread on \| off;`
Default:	`ssl_preread off;`
Context:	`stream`, `server`

Enables extracting information from the ClientHello message at the preread phase.

Embedded Variables

$ssl_preread_server_name: returns the server name requested through SNI

© 2002-2017 Igor Sysoev
© 2011-2017 Nginx, Inc.
Licensed under the BSD License.
https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html