Nginx TCP forwarding based on domain name

Question

i am trying to use nginx proxy in front of 2 different servers

example.com , example1.com >> nginx 10.0.0.1 >>>> 10.0.0.2 , 10.0.0.3

 stream {


server {
 listen 1935;
    proxy_pass 10.0.0.2:1936;
          proxy_protocol on;
}
server {
 listen 1935;
    proxy_pass 10.0.0.3:1936;
          proxy_protocol on;
}

}

i have check the tcp load balance guide but i could not find how to make it work

as a reminder this [load balance guide](https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/) is for NGINX PLUS which is commercial version of NGINX. — iedmrc, Nov 20 '18 at 14:12
Which Protocol are you forwarding? TLS? TCP itself doesn't include a server-name. — Thomas131, Jul 18 '22 at 19:05

score 9 · Answer 1 · answered Jun 29 '17 at 09:39

9

Although there is no server_name in TCP/UDP protocol, you can forward the traffic to different upstream based on $server_addr. My example is here: https://stackoverflow.com/a/44821204/5085270

answered Jun 29 '17 at 09:39

aloisio

318
4
11

num8er · Answer 2 · 2023-02-22T19:59:48.477

1

According examples in tcp load balancing page of nginx

Try this example:

stream {
  upstream rtmp_servers {
    least_conn;
    server  10.0.0.2:1935;
    server  10.0.0.3:1935;
  }

  server {
    listen     1935;
    proxy_pass rtmp_servers;
  }
}

P.S. Put it outside of http {} block, edit /etc/nginx/nginx.conf add it after closing } (at end of file)

edited Feb 22 '23 at 19:59

answered Nov 29 '16 at 05:51

num8er

18,604
3
43
57

6

thanks, but not working "server" directive is not allowed here, and i can not add it inside http { – Lolak Nov 30 '16 at 01:03
Could You explain where You are putting this code part? – num8er Nov 30 '16 at 01:05
in nginx.conf, i have there http { server proxy port 80 etc } then stream { code } , trying to proxy port 80 http and port 1935 1936 rtmp – Lolak Nov 30 '16 at 03:37
https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/#configuring-reverse-proxy the server directive should be located in stream directive. – Linuxea Feb 22 '23 at 15:49
@Linuxea checked, fixed, thank YOU (; – num8er Feb 22 '23 at 20:00

score 0 · Answer 3 · answered May 22 '19 at 17:49

I don't think that it's possible do this using nginx. However this can be done easily with HAproxy. HAProxy can pass-thru encrypted traffic based on the SNI (Server Name Indication), which is an extension of the TLS protocol.

./haproxy/haproxy.cfg

defaults
  maxconn 1000
  mode http
  log global
  option dontlognull
  timeout http-request 5s
  timeout connect 5000
  timeout client 2000000 # ddos protection
  timeout server 2000000 # stick-table type ip size 100k expire 30s store conn_cur

frontend https
  bind *:443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  tcp-request content accept if { req_ssl_hello_type 1 }
  use_backend app1-servers if { req.ssl_sni -i example1.com }  # <--- specify domain name here
  use_backend app2-servers if { req.ssl_sni -i example2.com }

backend app1-servers
  mode tcp
  balance roundrobin
  option ssl-hello-chk
  server server1 10.0.0.2:443     # <--- specify IP here

backend app2-servers
  mode tcp
  balance roundrobin
  option ssl-hello-chk
  server server1 10.0.0.3:443

score -2 · Answer 4 · answered Oct 15 '19 at 00:00

We are using tcp forward to back-end docker swarm cluster using below simple configuration in haproxy.cfg using ha-proxy

global
    log 127.0.0.1 local0 debug

defaults
    log     global
listen l1
    bind 0.0.0.0:443
    mode tcp
    timeout connect  4000
    timeout client   180000
    timeout server   180000
    server swarm_node1 x.x.1.167:443
    server swarm_node2 x.x.1.168:443
    server swarm_node3 x.x.1.169:443

score -3 · Answer 5 · answered Nov 29 '16 at 05:42

-3

Use the server_name directive to determine which server block is used for a given request.

server {
    listen 1935;
    server_name example.com;
    location / {
        proxy_pass 10.0.0.1:1936;

        # the usual proxy_* stuff
    }
}
server {
    listen 1935;
    server_name example1.com;
    location / {
        proxy_pass 10.0.0.2:1936;

        # the usual proxy_* stuff
    }
}

Source: http://nginx.org/en/docs/http/server_names.html

answered Nov 29 '16 at 05:42

Tan Hong Tat

6,671
2
27
25

i am already using this for port 80, and the stream is for rtmp, it will give duplicated no ? – Lolak Nov 29 '16 at 06:28
4

@Tan Hong Tat, correct me if I'm wrong, but `server_name` only works in the `http` block, not the `stream` block, which it would seem @Lolak would need to proxy rtmp connections. – Michael Jan 06 '18 at 00:39
This example will never work because the server_name directive is only allowed for http blocks. – teuber789 Jun 14 '19 at 18:05

Nginx TCP forwarding based on domain name

5 Answers5

We are using tcp forward to back-end docker swarm cluster using below simple configuration in haproxy.cfg using ha-proxy