Nginx can be configured to route to a backend, based on the server's domain name, which is included in the SSL/TLS handshake (Server Name Indication, SNI).
This works for http upstream servers, but also for other protocols, that can be secured with TLS.
nginx -V for the following:
...
TLS SNI support enabled
| #Requires -RunAsAdministrator | |
| # Fix for https://github.com/microsoft/WSL/issues/4177 | |
| $MethodDefinition = @' | |
| [DllImport("ws2_32.dll", CharSet = CharSet.Unicode)] | |
| public static extern int WSCSetApplicationCategory([MarshalAs(UnmanagedType.LPWStr)] string Path, uint PathLength, [MarshalAs(UnmanagedType.LPWStr)] string Extra, uint ExtraLength, uint PermittedLspCategories, out uint pPrevPermLspCat, out int lpErrno); | |
| '@ | |
| $Ws2Spi = Add-Type -MemberDefinition $MethodDefinition -Name 'Ws2Spi' -PassThru |
| # Define where to store the generated certs and metadata. | |
| DIR="$(pwd)" | |
| # Create the openssl configuration file. This is used for both generating | |
| # the certificate as well as for specifying the extensions. It aims in favor | |
| # of automation, so the DN is encoding and not prompted. | |
| cat > "${DIR}/openssl.cnf" << EOF | |
| [req] | |
| default_bits = 2048 |
| import http.server | |
| from http.server import SimpleHTTPRequestHandler | |
| import socketserver | |
| import socket | |
| import sys | |
| class MyHandler(SimpleHTTPRequestHandler): | |
| def do_GET(self): | |
| if self.path == '/__ip__': | |
| self.send_response(200) |