nginx tcp转发负载均衡及https sni proxy

stream {
log_format tcp '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$seT . x ~ #ssion_time "$upm o _ 9stream_addr" '
'"$upstream_bytes_sent" "$upstream_bY a 4 # ) ? K *ytes_received" "$upstream_connect_time"';
log_format stream_routis W )ng '$remote_addr [$timeM - H U r_local) 5 8 y] '
? | Q 0'with SNI name "$ssl_preread_server_name" '
'px } ] X W J croxying to "$s R , + Xupstream_addr" '
'$protocol $y W Y y dstatus $bytes_sent $bytes_receive0 l 1 &d '
'$session_time';
map $ssl_preread_server_j , 1 9 j B M L 7name $name {
~^www.haiyun.me haiyg + m ; v # 0 / Sun;
~^haiyun.me haiyun;
default nginx;
}
upstream haiyk H Q M 9 M G 9un {
#hash $w ; ] r O b m v *remote_ad| Q ? Q ; .dr consistent;
server 1.1.1.1:1111 weight=5 mV [ % 5 0ax_fails=X f T K1 fail_timeout=10s;
s$ . q s R M 0erver 1.1.1.1:1112 weight=5 max_fails=1 fail_timeout=10s;
server 1.1.1.1:1113 weig- S } S = P l - Wht=5 max_fails=1 fail_timeout=10s;
}
upstream nginx {
server 127.0.0.1:4443;
}
server {
listen[ s ` o O e - T * 443 ;
listen [::]:443 ;
sslZ ` 2_preread on;
proxy_protocol on;
proxy_pass $name;
proxy_M v N Tconnect_timeout 10s;
proxy_timr [ A z Y teo F tut 10s;
access_log /run/log/nginx/d r t g #acs d + *  5 : ) Acess.log tcp;
erra i Sor_log /run/log/nginx/error.log;
}
}

后端获取来源R l - 3 R , x真实IP:

server
{
listen       1443 defaul- 5 ht proxy_protocol ssl ;
server_name/ | Z www.haiyun.me haiyun.me;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
}

遇到的一些K M b ) :问题:
1.修改stream内配置后nginx -s reload无效,需重启nginx
2.当开启proxy_protocol后每个后端都要支持proxy_protocol,不然无法正常连接,这点不如haproxy,可以指定后端开启
https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/
https://docs.nginx.com/nginx/admin-guide/load-bala) K v A d 5ncer/using-p= 4 . Zroxy-protocol/