Nginx TCP forwarding based on domain name

Question

i am trying to use nginx proxy in front of 2 different servers

example.com , example1.com >> nginx 10.0.0.1 >>>> 10.0.0.2 , 10.0.0.3

 stream {


server {
 listen 1935;
    proxy_pass 10.0.0.2:1936;
          proxy_protocol on;
}
server {
 listen 1935;
    proxy_pass 10.0.0.3:1936;
          proxy_protocol on;
}

}

i have check the tcp load balance guide but i could not find how to make it work

Answer 1

Although there is no server_name in TCP/UDP protocol, you can forward the traffic to different upstream based on $server_addr. My example is here: https://stackoverflow.com/a/44821204/5085270

Answer 2

I don't think that it's possible do this using nginx. However this can be done easily with HAproxy. HAProxy can pass-thru encrypted traffic based on the SNI (Server Name Indication), which is an extension of the TLS protocol.

./haproxy/haproxy.cfg

defaults
  maxconn 1000
  mode http
  log global
  option dontlognull
  timeout http-request 5s
  timeout connect 5000
  timeout client 2000000 # ddos protection
  timeout server 2000000 # stick-table type ip size 100k expire 30s store conn_cur

frontend https
  bind *:443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  tcp-request content accept if { req_ssl_hello_type 1 }
  use_backend app1-servers if { req.ssl_sni -i example1.com }  # <--- specify domain name here
  use_backend app2-servers if { req.ssl_sni -i example2.com }

backend app1-servers
  mode tcp
  balance roundrobin
  option ssl-hello-chk
  server server1 10.0.0.2:443     # <--- specify IP here

backend app2-servers
  mode tcp
  balance roundrobin
  option ssl-hello-chk
  server server1 10.0.0.3:443