nginx端口复用

文档说明：只记录关键地方;

nginx端口例子

使用 $ssl_preread_protocol $ssl_preread_server_name $ssl_preread_alpn_protocols 三个变量的组合，来区分不同的服务

stream {
    log_format main '$remote_addr [$time_local] '
    '$protocol $status $bytes_sent $bytes_received '
    '$session_time "$upstream_addr" '
    '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';

    access_log      logs/access.log main;
    resolver  223.5.5.5 223.6.6.6 ;

    map $ssl_preread_protocol $upstream_name {
         "TLSv1.3" $name;
          default   https_default;
    }

     
    map "$ssl_preread_server_name$ssl_preread_alpn_protocols" $name {
          default                                     https_default;

          # 例子
          ~http-proxy.xiaoshuogeng.com               sync_chromium; ##
          ~http-proxy.xiaoshuogeng.comh2,http/1.1    https;  ## http 服务

    }

    ## 默认路由配置，全部返回444
    upstream https_default {
        server 127.0.0.1:8443;
    }
    ## 用于同步chromium 源代码
    upstream sync_chromium {
        server 127.0.0.1:8443;
    }
    ## 网页服务
    upstream https {
        server 127.0.0.1:443;
    }


    server {
        listen      443 reuseport;
        proxy_pass  $upstream_name;
        ssl_preread on;
    }

   include /etc/nginx/stream/*.conf;
}

参考文档

1. nginx 根据服务器名称选择上游 ngx_stream_ssl_preread_module
2. nginx tcp-udp-load-balancer
3. nginx http 通用配置
4. nginx features
5. nginx documentation
6. IP Transparency and Direct Server Return with NGINX
7. iptables四表五链
8. 四表五链
9. 过渡到 nftables

实践例子

1. 快速同步chromium源码以及拉取gcr.io容器镜像
2. 快速下载chromium源码