udp stream example
stream {
upstream example {
server [ipv6]:port max_fails=0;
server [ipv6]:port max_fails=0;
}
server {
listen 127.0.0.1:port udp;
listen [::1]:port udp ipv6only=on;
proxy_pass example;
}
}
sni example
stream {
# non existent
map $ssl_preread_protocol $upstream {
"" 0.0.0.0:65535;
default 0.0.0.0:65535;
"TLSv1.3" $ssl_preread_server_name:443;
"TLSv1.2" $ssl_preread_server_name:443;
"TLSv1.1" $ssl_preread_server_name:443;
"TLSv1" 0.0.0.0:65535;
}
# try nat64/dns64 with newer nginx later (ipv4=off)
resolver [2a10:50c0::ad1:ff] ipv6=off valid=600s;
server {
# note: it may connect back to localhost:443 with adblock enabled
# add port forwarding rules on your firewall (443->5228)
listen 5228 so_keepalive=4m::10;
allow 192.168.0.0/16; deny all;
ssl_preread on;
proxy_pass $upstream;
}
}
resolver [2a10:50c0::ad1:ff] ipv6=off valid=600s; 这一行的作用是什么?域名只解析ipv4不解析ipv6?