Score:0

Nginx stream with upstream has same server but different port, get wired result

pe flag
stream {
    map $ssl_preread_server_name $backend_name {
        home-s1.frp.xxx.com frp-s1;
        home-s2.frp.xxx.com frp-s2;
        default web;
    }

    upstream web {
        server 127.0.0.1:8443;
    }

    upstream frp-s1 {
        server internal-frps-s1.xxx.com:5011;
    }

    upstream frp-s2 {
        server internal-frps-s2.xxx.com:5014;
    }

    server {
        listen 443 reuseport;
        listen [::]:443 reuseport;
        proxy_pass  $backend_name;
        ssl_preread on;
    }
}

this is my Nginx conf, home-s1.frp.xxx.com and home-s2.frp.xxx.com have the same DNS record to 12.x.x.x, internal-frps-s1.xxx.com and internal-frps-s2.xxx.com are the same docker container with a different network alias

When I visit home-s1.frp.xxx.com, sometimes will get the HTML of home-s2.frp.xxx.com

This is so wired, home-s1.frp.xxx.com should get the service at port 5011's result, home-s1.frp.xxx.com should get the service at port 5014's result, how to make it work? Or must I use a reverse proxy?

djdomi avatar
za flag
have you tried using the ips directly?
pe flag
no, with Docker, I have just try to assign a static IP to a container but failed
pe flag
someone has exactly same issue with me, he thinks it because HTTP/2 and Wildcard cert https://www.orzlee.com/proxy/2021/04/13/nginx-sni-offload-port-multiplexing-uses-xray-vless-xtls.html
djdomi avatar
za flag
I am sorry my Japanese seems a bit outdated due my first language is german and the second english. I meaned, home-s1.frp.xxx.com replace with the nativ ips of the docker ips instead using the hostnames - is this question business related?
pe flag
I understand what you're saying, but it shouldn't be related to this issue, I'm basically sure it's due to some feature of HTTP/2, probably different from the different client implementations of HTTP/2, here is an English blogger's post to explain same issue https://levelup.gitconnected.com/multiplex-tls-traffic-with-sni-routing-ece1e4e43e56
djdomi avatar
za flag
Reverse_proxy dont handle http2 only http 1.0 and 1.1 - so it doenst matter - the frontend can handle http2 requests- to take care that its not a resolving issue you should try ips.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.