Hi Eduard, On Sat, May 13, 2023 at 10:43:59PM -0600, Eduard Vercaemer wrote: > for some context, I recently I tried configuring nginx as a tcp proxy that > routes > connections based on sni to multiple upstream services > > the server only exposes one tcp port, and receives all connections there, > for example > a connection to redis.example.com:1234 would be proxy_pass'ed to some port > in the > machine, a connection to www.example.com:1234 to another, etc. > > i used nginx itself to terminate the tls for all services for convenience > > the problem: > now here is the issue, 1: postgres does some weird custom ssl stuff, which > means I > cannot terminate the ssl from within nginx
In this case there must be an SSL error logged in nginx error log. Can you post it? > 2: doing a tcp pass through > without > the ssl termination, and attempting to use ssl_preread and > $ssl_preread_server_name > _does not_ work for postgres connections (the module fails to extract the > server name) > > what I attempted: > what I first thought of was to expand on the ssl_preread module to support > postgres > connections, I went into the source code and found that the module inserts > a handler into > the `NGX_STREAM_PREREAD_PHASE` > I tried looking into the buffer in this phase and no useful data showed up, Incoming data is written to c->buffer as long as the handler returns NGX_AGAIN. You just have to wait long enough and have large enough buffer (see directive preread_buffer_size). > I then tried to > insert a second handler into the `NGX_STREAM_CONTENT_PHASE` and first > noticed > it is never used or initialised to begin with, so I did that, but then it > looks like no buffer > is ever available in this phase > > any input, pointers, or suggestions are really welcomed If you want to register a content phase handler, assign it to cscf->handler. A good example is ngx_stream_return() in src/stream/ngx_stream_return_module.c. -- Roman Arutyunyan _______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx