initial public commit

2025-06-18 17:16:13 +00:00 · 2025-06-18 17:16:13 +00:00 · 6bd9323fed
commit 6bd9323fed
9 changed files with 645 additions and 0 deletions
--- a/stream.d/.example.conf
+++ b/stream.d/.example.conf
@ -0,0 +1,33 @@
+# ---------------------------------------------------------------------------
+# EXAMPLE: MySQL-over-TLS passthrough (or proxy-terminate) via Nginx stream
+# Copy to stream.d/, change port / target / cert paths to suit your setup.
+# ---------------------------------------------------------------------------
+
+# Simple TCP proxy — Nginx *forwards TLS untouched* (preferred)
+server {
+    # Listen on both IPv4 & IPv6; pick any external port you like
+    listen [::]:7777;          # :7777 → target:3306
+
+    # Upstream database host:port (container name, swarm service, or IP)
+    proxy_pass  db-primary:3306;
+
+    # Enable SSL preread so Nginx can handle SNI or peek at MySQL TLS handshake
+    ssl_preread on;
+}
+
+# ---------------------------------------------------------------------------
+# OPTIONAL: If you want Nginx to **terminate** TLS and talk plain TCP
+# to the backend (rare for MySQL but possible), uncomment this variant.
+#
+# server {
+#     listen [::]:7777 ssl;
+#
+#     ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
+#     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+#
+#     proxy_pass          db-primary:3306;
+#
+#     # Since Nginx ends TLS, no ssl_preread here
+# }
+# ---------------------------------------------------------------------------
+