nginx proxy_pass请求到fqdn而不转换为IP

Question

我正在尝试使用nginx对公共fqdn进行proxy_pass请求。所述服务器具有LB，其配置仅用于在使用fqdn访问时响应请求，并在使用IP访问时获得ssl握手错误。

我的问题是，nginx正在隐式地将fqdn转换为一组IP，然后一个一个地尝试它们，结果失败了。有没有一种不将fqdn转换为IP并将请求路由到fqdn上游的nginx proxy_pass的方法？

        location /public/api {
            proxy_pass https://public.server.com/api;
            proxy_set_header Host $host;
    }

2022/04/24 23:10:20 [error] 912419#912419: *5 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxxxxxx, server: _, request: "POST /<api> HTTP/1.1", upstream: "https://<ip1>:443/<api>", host: "<ip>"
2022/04/24 23:10:20 [error] 912419#912419: *5 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxxxxxx, server: _, request: "POST /<api> HTTP/1.1", upstream: "https://<ip2>43/<api>", host: "<ip>"
2022/04/24 23:10:20 [error] 912419#912419: *5 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxxxxxx, server: _, request: "POST /<api> HTTP/1.1", upstream: "https://<ip3>:443/<api>", host: "<ip>"

Answer 1

添加客户端证书和私钥来验证nginx和每个后端服务器。使用proxy_ssl_certificate和proxy_ssl_certificate_key指令：

location /public/api {
   proxy_pass https://public.server.com/api;
   proxy_set_header Host $host;
   proxy_ssl_certificate     /etc/nginx/client.pem;  
   proxy_ssl_certificate_key /etc/nginx/client.key  
}