兩個(gè)程序都要用同一個(gè)端口，怎么解？

更多奇技淫巧歡迎訂閱博客：https://fuckcloudnative.io

你可能會(huì)碰到這個(gè)程序要用 443 端口，那個(gè)程序也要使用 443 的情況。這時(shí)候就要用到 nginx 的 stream 進(jìn)行分流了。

假設(shè)有 web1，web2 兩個(gè)都要用到 443 端口。則配置方法如下：

nginx.conf 配置文件

在 nginx 的末尾加上下面代碼即可：

stream {
    map $ssl_preread_server_name $upstream {
        web1.moeelf.com web1;
        web2.moeelf.com web2;
        default web;
    }

    log_format stream '$remote_addr [$time_local] [$ssl_preread_server_name] [$upstream] $status $bytes_sent $bytes_received $session_time';
    access_log /var/log/nginx/stream.log stream;

    upstream web1 {
        server web1:65531;
    }
    upstream web2 {
        server web2:65532;
    }
    upstream web {
        server nginx:4433;
    }
    server {
        listen 443 reuseport;
        listen [::]:443 reuseport;
        proxy_pass $upstream;
        ssl_preread on;
    }
}

虛擬主機(jī)配置文件

將下面代碼保存為 sni.conf 文件，放到虛擬主機(jī)目錄。nginx 安裝方式不一樣，放的位置會(huì)不一樣。一般位于 /etc/nginx/conf.d/ 或 /usr/local/nginx/conf/vhost/ 下面。

server {
    listen 65531 ssl http2 reuseport;
    server_name web1.moeelf.com;

    ssl_certificate       /etc/nginx/ssl/web1.moeelf.com/fullchain.cer;
    ssl_certificate_key   /etc/nginx/ssl/web1.moeelf.com/web1.moeelf.com.key;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
    ssl_prefer_server_ciphers on;

    #log_format stream '$remote_addr [$time_local] [$ssl_preread_server_name] [$route] $status $bytes_sent $bytes_received $session_time';
    access_log /var/log/nginx/web1.moeelf.com.log;
}
server {
    listen 65532 ssl http2 reuseport;
    server_name web2.moeelf.com;

    ssl_certificate       /etc/nginx/ssl/web2.moeelf.com/fullchain.cer;
    ssl_certificate_key   /etc/nginx/ssl/web2.moeelf.com/web2.moeelf.com.key;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
    ssl_prefer_server_ciphers on;

    #log_format stream '$remote_addr [$time_local] [$ssl_preread_server_name] [$route] $status $bytes_sent $bytes_received $session_time';
    access_log /var/log/nginx/web2.moeelf.com.log;
}

你可能還喜歡

點(diǎn)擊下方圖片即可閱讀

云原生是一種信仰???

掃碼關(guān)注公眾號(hào)

后臺(tái)回復(fù)?k8s?獲取史上最方便快捷的 Kubernetes 高可用部署工具，只需一條命令，連 ssh 都不需要！