Hshh's Cosmos

本页面只读。您可以查看源文件，但不能更改它。如果您觉得这是系统错误，请联系管理员。

====== Nginx Stream SSL Tunnel 精简配置 ======

仅 Stream* 模块作TLS Tunnel的精简配置, 范例对应版本1.9.12

需要编译有stream和stream_ssl模块

证书生成部分不作介绍

<code>
# nginx.conf
...
load_module modules/ngx_stream_module.so;
...
http {
...
}
stream {
	ssl_protocols			TLSv1.2 TLSv1.3;
	ssl_ciphers			"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
	ssl_prefer_server_ciphers	on;
	ssl_session_cache		shared:SSL:50m;
	ssl_session_timeout		1d;
	ssl_dhparam			/usr/local/etc/ssl/dh4096.pem;
	tcp_nodelay			on;

	server {		
		listen			50000 ssl reuseport so_keepalive=10m::10;
		listen			[::]:50000 ssl reuseport so_keepalive=10m::10;
		ssl_certificate		/usr/local/etc/nginx/ssl/fullchain.pem;
		ssl_certificate_key	/usr/local/etc/nginx/ssl/privkey.pem;
		proxy_pass		127.0.0.1:12345;
	}					   
}
</code>

{{tag>nginx tls stream}}