Esta configuração funciona, mas requer que o nginx seja compilado com ngx_stream_ssl_preread_module .
stream {
upstream yandex {
server 93.158.134.3:443;
}
upstream google {
server 64.233.164.113:443;
}
map $ssl_preread_server_name $upstream {
hostnames;
default yandex;
.google.com google;
}
server {
listen 12345;
ssl_preread on;
proxy_pass $upstream;
}
}
Teste:
$ openssl s_client -quiet -connect localhost:12345 -servername yandex.ru
depth=3 C = PL, O = Unizeto Sp. z o.o., CN = Certum CA
verify return:1
depth=2 C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
verify return:1
depth=1 C = RU, O = Yandex LLC, OU = Yandex Certification Authority, CN = Yandex CA
verify return:1
depth=0 C = RU, O = Yandex LLC, OU = ITO, L = Moscow, ST = Russian Federation, CN = *.wfarm.yandex.net
verify return:1
^C
$ openssl s_client -quiet -connect localhost:12345 -servername google.com
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = *.google.com
verify return:1
^C