nginx tls sni stream proxy

nginx-stream-install-raw.sh

#!/bin/bash
PACKAGE_NAME="nginx"
wget -O ${PACKAGE_NAME}.tar.gz https://nginx.org/download/nginx-1.24.0.tar.gz
tar -zxvf ${PACKAGE_NAME}.tar.gz
apt install build-essential libpcre3-dev libssl-dev zlib1g-dev -y
cd ${PACKAGE_NAME}-1.*
./configure --prefix=/usr/local/nginx  --with-http_ssl_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module
make
make install
cd ..
rm -rf ${PACKAGE_NAME}
echo '[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target
  
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
  
[Install]
WantedBy=multi-user.target' > /usr/lib/systemd/system/nginx.service
systemctl enable --now nginx

nginx-stream-install-simple.sh

#!/bin/bash
apt install nginx libnginx-mod-stream -y

nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	server {
		listen  400 ssl;
	        ssl_reject_handshake on;
	}
	
}

stream {
	map $ssl_preread_server_name $backend_name {
		hostnames;
		.fjj.sg p0;
		.nndroid.com p1;
		default bad;
	}
	upstream p0 {
		server 104.20.10.218:443;
	}
	upstream p1 {
		server 104.20.10.218:443;
	}
	upstream bad {
		server 127.0.0.1:400;
	}
	server {
		listen 443 reuseport;
	        listen [::]:443 reuseport;
		proxy_connect_timeout 5s;
		proxy_pass $backend_name;
	        ssl_preread on;
	}
}