ssl_preread_server_name not extracted
Brian
crazibri at gmail.com
Tue Sep 12 04:29:00 UTC 2017
I have the following file named test.stream which is being included via nginx.conf stream { include /etc/nginx/conf.d/*.stream; }
the ssl_preread_server_name variable is not being extracted and I’m running Nginx/1.13.5 (via centos 7 nginx repo). Any idea whats going on here? tcpdump shows the SNI field.
nginx -V
nginx version: nginx/1.13.5
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
map $ssl_preread_server_name $name {
cm.example.com cm;
ut.example.com ut;
}
upstream ut {
server 10.0.0.76:9000;
}
upstream cm {
server 10.0.0.61:9000;
}
log_format stream_routing '$remote_addr [$time_local] '
'with SNI name "$ssl_preread_server_name" '
'proxying to "$name" '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
server {
listen 443 ssl;
#Certificate & Key .PEM Format
ssl_certificate /etc/ssl/certs/internal_back.crt;
ssl_certificate_key /etc/ssl/certs/internal_back.key;
#CIPHERS
include /etc/nginx/conf.d/tcp.common;
proxy_pass $name;
ssl_preread on;
access_log /var/log/nginx/stream.log stream_routing;
error_log /var/log/nginx/stream-error.log debug;
}
stream.log shows:
107.0.0.186 [11/Sep/2017:20:30:22 -0700] with SNI name "" proxying to "" TCP 500 0 0 0.066
107.0.0.186 [11/Sep/2017:20:30:22 -0700] with SNI name "" proxying to "" TCP 500 0 0 0.048
Thank you,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170911/76750de4/attachment.html>
More information about the nginx
mailing list