ssl_preread on quic connections #784
Description
Describe the feature you'd like to add to nginx
- implement
ssl_prereadon udp/quic connections
Describe the problem this feature solves
redirect quic connection to according upstream foo.example.org or bar.example.org
example
#=== reverse proxy config ===
stream {
map $ssl_preread_server_name $upstream {
foo.example.org 127.0.0.1:8443;
bar.example.org 10.11.12.13:8443;
# ...
}
server {
listen 443;
proxy_pass $upstream;
ssl_preread on;
proxy_protocol on;
}
server {
listen 443 udp reuseport;
# proxy_pass $upstream;
# ssl_preread on;
### BUG: ssl_preread is broken
### WORKAROUND: disable until implemented, only pass to single upstream works
proxy_pass 127.0.0.1:8443;
# proxy_protocol on;
### BUG: proxy_protocol on quic is broken
### WORKAROUND: disable until implemented
}
}
#=== server config ===
http {
server {
server_name foo.example.org;
listen 127.0.0.1:8443 ssl proxy_protocol;
listen 127.0.0.1:8443 quic;
add_header Alt-Svc 'h3=":443"; ma=86400';
# ...
}
}Additional context
see also #146