据我所知,TCP 转发 SSL 流量完全可行,但由于未知原因失败。我的 nginx 配置:
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
stream {
server {
listen 80;
proxy_pass mediapop.co:80;
}
server {
listen 443;
proxy_pass mediapop.co:443;
ssl_preread on;
}
}
然后在同一台服务器上运行:
$ curl -v -H "Host: mediapop.co" https://localhost
* Rebuilt URL to: https://localhost/
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: Handshake failed
* Closing connection 0
curl: (35) gnutls_handshake() failed: Handshake failed
我可以卷曲https://mediapop.co直接。同时,端口 80 转发工作正常。我使用的是最新版 nginx 1.14.0。