-
Notifications
You must be signed in to change notification settings - Fork 1
/
load-balancer-tcp.conf
58 lines (47 loc) · 1.57 KB
/
load-balancer-tcp.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
stream {
server {
listen 12345;
#TCP traffic will be forwarded to the "stream_backend" upstream group
proxy_pass stream_backend;
}
server {
listen 12346;
#TCP traffic will be forwarded to the specified server
proxy_pass backend.example.com:12346;
}
server {
listen 53 udp;
#UDP traffic will be forwarded to the "dns_servers" upstream group
proxy_pass dns_servers;
}
}
###
# stream {
# server { listen 172.31.49.97:2023; proxy_pass 10.0.3.4:21; }
# server { listen 172.31.14.47:2024; proxy_pass 10.0.3.4:22; }
# server { listen 172.31.49.97:20; proxy_pass 10.0.3.4:20; }
# }
###
Example with SSL Certificate
stream {
upstream backend {
server backend1.example.com:12345;
server backend2.example.com:12345;
server backend3.example.com:12345;
}
server {
listen 12345;
proxy_pass backend;
proxy_ssl on;
proxy_ssl_certificate /etc/ssl/certs/backend.crt;
proxy_ssl_certificate_key /etc/ssl/certs/backend.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_trusted_certificate /etc/ssl/certs/trusted_ca_cert.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
}
}
# https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/
# https://docs.nginx.com/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream/