Since mysql connections don't have HTTP headers to "lookup the correct backend server group" based on, I doubt it can do #1 FWIW...I actually know little about nginx though. Maybe if you have it listen on various different ports (or different IP addresses coming in?)
For #2 maybe need "listen..ssl"? https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-tcp/ but I have no expertise, good luck! On Wed, Nov 20, 2019 at 7:11 AM kev jr <[email protected]> wrote: > > Hi all, > > Question 1 > Is it possible to have NGINX reverse proxy to multiple MySQL servers > listening on the same port using different names like you can with http? We > don't want to perform any load balancing operation on them, we just want to > be able to redirect to MySQL instances based on a logical name, same as on > http. > > Question 2 > When I try to implement TLS encryption between NGINX and MYSQL Database > server, I have the following error on my MySQL Client : ERROR 2013 (HY000): > Lost connection to MySQL server at 'reading initial communication packet', > system error > > I have the following configuration : Ubuntu server with the MySQL Client // > NGINX (with the configuration below) // MYSQL Database (with SSL activated) > stream { > upstream mysql1 { > server 172.31.39.168:3306; > } > server { > listen 3306; > proxy_pass mysql1; > proxy_ssl on; > proxy_ssl_certificate /etc/ssl/client-cert.pem; > proxy_ssl_certificate_key /etc/ssl/client-key.pem; > #proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > #proxy_ssl_ciphers HIGH:!aNULL:!MD5; > proxy_ssl_trusted_certificate /etc/ssl/ca-cert.pem; > proxy_ssl_verify on; > proxy_ssl_verify_depth 2; > proxy_ssl_session_reuse on; > } > } > > If I comment proxy_ssl* parameters on NGINX, the connection works between > "Ubuntu server (with the MySQL Client)" and "MYSQL Database (with SSL > activated)" throught "NGINX". > > Thanks all > > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
