On Mon, Feb 19, 2018 at 12:02:06PM +0100, Wiktor Kwapisiewicz via nginx wrote: > Hello, > > I'm looking for a way to route traffic on port 443 based on ALPN value > without SSL termination. > > ssl_preread_module [1] does something similar but the only exposed > variable ($ssl_preread_server_name) is for SNI, not ALPN. > > A bit of context. I'd like to use nginx to host regular HTTPS server on port > 443 but if the ALPN value is 'xmpp-client' transparently proxy the traffic > to my local Jabber server. This feature [2] is already supported by several > XMPP clients. > > Is there a way to access and save ALPN value to a variable?
Hello, currently this is not possible; as you correctly noted, ssl_preread module only processes SNI extension. To achieve what you want, ssl_preread module needs to be extended to process ALPN extension as well and export results as a variable, that could be used to make routing decision. _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
