分类
Linux

nginx SNI 配置

Server Name Indication (SNI) ,也被称为TLS 服务器名称指示

本配置基于CentOS 8,且仅仅开启nginx的SNI功能。

1.新建用户

useradd -r -d /var/cache/nginx/ -s /sbin/nologin -U nginx
mkdir -p /var/cache/nginx/
chown -R nginx:nginx /var/cache/nginx/

2. 编译安装nginx,仅仅编译所需要的模块

cd /usr/local/src
wget https://nginx.org/download/nginx-1.19.10.tar.gz
tar -xzvf nginx-1.19.10.tar.gz
cd nginx-1.19.10
./configure --prefix=/etc/nginx --user=nginx --group=nginx --with-stream --with-stream_ssl_preread_module
make
make install

3. 测试nginx是否安装成功

nginx -t

4. 创建nginx服务(已CentOS为例)

cd /lib/systemd/system/
vim nginx.service

# [Unit]
# Description=nginx
# Documentation=https://nginx.org/en/docs/
# After=network-online.target remote-fs.target nss-lookup.target
# Wants=network-online.target
# [Service]
# Type=forking
# PIDFile=/etc/nginx/logs/nginx.pid
# ExecStartPre=/etc/nginx/sbin/nginx -t -c /etc/nginx/conf/nginx.conf
# ExecStart=/etc/nginx/sbin/nginx -c /etc/nginx/conf/nginx.conf
# ExecReload=/bin/kill -s HUP $MAINPID
# ExecStop=/bin/kill -s TERM $MAINPID
# [Install]
# WantedBy=multi-user.target

systemctl daemon-reload
#开机启动
systemctl enable nginx

5. nginx配置文件

user  nginx;
worker_processes  1;

error_log  /etc/nginx/logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        /etc/nginx/logs/nginx.pid;

events {
    worker_connections  1024;
}

stream {
    map $ssl_preread_server_name $backend_name {
        example.com web;
        test.example.com service1;

        default web;
    }

    upstream web {
        server 127.0.0.1:9999;
    }

    upstream service1 {
        server 127.0.0.1:9998;
    }
    
    server {
        listen 443 reuseport;
        listen [::]:443 reuseport;
        proxy_pass  $backend_name;
        ssl_preread on;
    }
}

6. 启动nginx

systemctl start nginx

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注

*

code