Nginx stream with upstream has same server but different port, get wired result

EkkoG

10/24/22, 4:25 PM

stream {
    map $ssl_preread_server_name $backend_name {
        home-s1.frp.xxx.com frp-s1;
        home-s2.frp.xxx.com frp-s2;
        default web;
    }

    upstream web {
        server 127.0.0.1:8443;
    }

    upstream frp-s1 {
        server internal-frps-s1.xxx.com:5011;
    }

    upstream frp-s2 {
        server internal-frps-s2.xxx.com:5014;
    }

    server {
        listen 443 reuseport;
        listen [::]:443 reuseport;
        proxy_pass  $backend_name;
        ssl_preread on;
    }
}

this is my Nginx conf, home-s1.frp.xxx.com and home-s2.frp.xxx.com have the same DNS record to 12.x.x.x, internal-frps-s1.xxx.com and internal-frps-s2.xxx.com are the same docker container with a different network alias

When I visit home-s1.frp.xxx.com, sometimes will get the HTML of home-s2.frp.xxx.com

This is so wired, home-s1.frp.xxx.com should get the service at port 5011's result, home-s1.frp.xxx.com should get the service at port 5014's result, how to make it work? Or must I use a reverse proxy?

104

0 + 6

nginx

load-balancing

djdomi

10/24/22, 7:36 PM

have you tried using the ips directly?

EkkoG

10/25/22, 4:01 AM

no, with Docker, I have just try to assign a static IP to a container but failed

EkkoG

10/25/22, 4:25 AM

someone has exactly same issue with me, he thinks it because HTTP/2 and Wildcard cert https://www.orzlee.com/proxy/2021/04/13/nginx-sni-offload-port-multiplexing-uses-xray-vless-xtls.html

djdomi

10/25/22, 4:27 AM

I am sorry my Japanese seems a bit outdated due my first language is german and the second english. I meaned, home-s1.frp.xxx.com replace with the nativ ips of the docker ips instead using the hostnames - is this question business related?

EkkoG

10/25/22, 5:31 AM

I understand what you're saying, but it shouldn't be related to this issue, I'm basically sure it's due to some feature of HTTP/2, probably different from the different client implementations of HTTP/2, here is an English blogger's post to explain same issue https://levelup.gitconnected.com/multiplex-tls-traffic-with-sni-routing-ece1e4e43e56

djdomi

10/25/22, 8:39 AM

Reverse_proxy dont handle http2 only http 1.0 and 1.1 - so it doenst matter - the frontend can handle http2 requests- to take care that its not a resolving issue you should try ips.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Nginx stream with upstream has same server but different port, get wired result

TH: สตรีม Nginx ที่มีอัปสตรีมมีเซิร์ฟเวอร์เดียวกัน แต่พอร์ตต่างกัน รับผลลัพธ์แบบมีสาย

RO: Fluxul Nginx cu amonte are același server, dar port diferit, obțineți rezultatul prin cablu

RU: Поток Nginx с восходящим потоком имеет тот же сервер, но другой порт, получить проводной результат

VI: Luồng Nginx ngược dòng có cùng máy chủ nhưng khác cổng, nhận kết quả có dây

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.