Use-case:
I have two servers running on my host instance.
The first, step-ca running on local port 1442.
The second, an ACL server running on local port 2443.
Each server terminates TLS directly.
I want both servers accessable from the public internet on port 443.
In this case, I have two DNS A records pointing to the same public IP address of the host instance.
I want requests to the CA @ https://ca.mydomain.io to be passed through to localhost:1443.
I want requests to the ACL @ https://acl.mydomain.io to be passed through to localhost:2443.
In the simpelest configuration, after the http{} block in the nginx.conf file, put a stream{} block that routes connections appropriately.
nginx.conf
http {
...
}
stream {
map $ssl_preread_server_name $name {
ca.mydomain.io stepca;
acl.mydomain.io acl;
}
upstream stepca {
server 127.0.0.1:1443;
}
upstream acl {
server 127.0.0.1:2443;
}
server{
listen 443;
listen [::]:443;
proxy_pass $name;
ssl_preread on;
}
}