Nginx TLS SNI 不一樣域名多443轉發

依賴html

yum -y install pcre-devel openssl openssl-devel library

編譯：python

mkdir /data/nginx/ -p
./configure --prefix=/data/nginx/ --with-http_stub_status_module --with-http_ssl_module --with-stream  --with-stream_ssl_module

版本信息nginx

[root@umout-verify sbin]# ./nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/data/nginx/ --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module

配置443多證書請求：web

[root@umout-verify conf]# cat nginx.conf
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /data/nginx/logs/access.log  main;

    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;


    upstream web_rel {
         server 127.0.0.1:8082;
         server 127.0.0.1:8083;
    }

    # 經過  web-vrf.umout.com 的請求轉發給靜態路徑 /data/wawa_web_verify/ROOT/
    server {
        listen                443 ssl;
        server_name           web-vrf.umout.com;
        root         /data/wawa_web_verify/ROOT/;
        ssl on; 
        ssl_certificate       /data/nginx/ssl/STAR_game.com.crt;
        ssl_certificate_key   /data/nginx/ssl/game.key;
        ssl_protocols         SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        #ssl_ciphers           HIGH:!aNULL:!MD5;
        ssl_session_cache     shared:SSL:20m;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

    location / {
         proxy_redirect off;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         index index.html index.htm;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
    
    # URL經過 web-rel.umout.com 的請求轉到後端動態請求 proxy_pass
    server {
        listen                443 ssl;
        server_name           web-rel.umout.com;
        ssl on;
        ssl_certificate       /data/nginx/ssl/STAR_umout_com.crt;
        ssl_certificate_key   /data/nginx/ssl/umoutcom.key;
        ssl_protocols         SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        #ssl_ciphers           HIGH:!aNULL:!MD5;
        ssl_session_cache     shared:SSL:20m;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

    location / {
     proxy_redirect off;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     index index.html index.htm;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_pass http://web_rel;
    }
  }
}