-1

I try to configure a vhost for my vdi (citrix) configuration. The conf makes me crazy! I must use ssl_preread to get working. Actually, my configuration of NGINX is made over CWP. I have a subdmain portal.xxx.net with a reverse to the citrix gateway, located in /etc/nginx/conf.d/vhosts/portal.xxx.conf. When I add ssl_preread=on; I have error like: directive is not allowed here After some research, I see that I must use "stream" directive. I add the stream configuration into the vhost configuration but same error: directive is not allowed here. I see that I must add the stream conf outside the http conf, but i'm using a vhost... Cannot do it in the nginx.conf. I'm completly lost...

Thx for your help

Improve this question
2
  • 1
    Your post reads like a rant, not a description of a problem, the desired outcome, supporting evidence and analysis
    – symcbean
    Nov 17 at 13:51
  • Also, see nginxconfig.io for all your nginx config needs. It's a tool by Digital Ocean that helps you customize nginx.conf for almost any case.
    – suchislife
    Nov 19 at 15:33

1 Answer 1

Reset to default
0

To configure NGINX with ssl_preread for your Citrix setup, you need to use the stream directive in a separate context from your regular HTTP server blocks. ssl_preread is used within the stream context for TCP load balancing with SSL/TLS SNI (Server Name Indication) awareness. Here's how you can structure it:

  • Create a New Stream Configuration File: Since you're using CWP and have your virtual hosts configured in /etc/nginx/conf.d, create a new file for your stream configuration, say /etc/nginx/conf.d/stream.conf.
  • Configure the Stream Block: In this file, define a stream block and use ssl_preread within a server block inside it.
  • Link to Your Citrix Gateway: Direct the traffic to your Citrix gateway based on the SNI.

Here's an example configuration:

stream {
    server {
        listen 443;
        ssl_preread on;

        # Use the SNI to route to the appropriate backend
        resolver 127.0.0.11 valid=30s; # Adjust the resolver as needed
        proxy_pass $ssl_preread_server_name:$server_port;

        # Additional configurations as needed
    }
}

Basically, you create a new configuration file in /etc/nginx/conf.d for the stream block, separate from your HTTP configurations. In this file, you define a stream server that listens on port 443, enables ssl_preread, and routes traffic based on SNI to your Citrix gateway.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .