实现方法

原理大概是 nginx 的 stream 模块 tcp 直接转发 https. 服务器使用 ubuntu 20.04.1
编译安装nginx
sudo apt update sudo apt install -y build-essential libtool zlib1g-dev openssl libpcre3 libpcre3-dev libssl-dev libgeoip-dev wget https://nginx.org/download/nginx-1.19.4.tar.gz tar -zvxf nginx-1.19.4.tar.gz rm nginx-1.19.4.tar.gz cd nginx-1.19.4 ./configure --prefix=/usr --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --with-http_ssl_module --with-stream_ssl_preread_module --with-stream --with-stream_geoip_module sudo make && sudo make install sudo mkdir /usr/logs
创建 /usr/lib/systemd/system/nginx.service
[Unit] Description=nginx After=network.target [Service] Type=forking ExecStart=/usr/sbin/nginx ExecReload=/usr/sbin/nginx -s reload ExecStop=/usr/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target
修改 /etc/nginx/nginx.conf
# user nobody; worker_processes 1; pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; # 80端口重定向 return 301 https://$host$request_uri; } } stream { geoip_country /usr/share/GeoIP/GeoIP.dat; log_format proxy '$proxy_protocol_addr $geoip_country_code $remote_addr [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time "$upstream_addr" "$ssl_preread_server_name" ' '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"'; access_log /usr/logs/access.log proxy; error_log /usr/logs/error.log info; map_hash_bucket_size 64; map $ssl_preread_server_name $backend_pool { www.notion.so server_notion; s3.us-west-2.amazonaws.com server_s3; msgstore.www.notion.so server_msg; notion.so server_n; } upstream server_msg { server msgstore.www.notion.so:443 ; } upstream server_n { server notion.so:443; } upstream server_notion{ server www.notion.so:443; } upstream server_s3{ server s3.us-west-2.amazonaws.com:443; } #限速 map $ssl_preread_server_name $upspeed{ www.notion.so 1024k; s3.us-west-2.amazonaws.com 512k; msgstore.www.notion.so 256k; notion.so 256k; } map $ssl_preread_server_name $downspeed{ www.notion.so 1024k; s3.us-west-2.amazonaws.com 256k; msgstore.www.notion.so 256k; notion.so 256k; } server{ listen 443; ssl_preread on; proxy_pass $backend_pool; proxy_connect_timeout 15s; proxy_timeout 15s; proxy_next_upstream_timeout 15s; proxy_download_rate $downspeed; proxy_upload_rate $upspeed; #屏蔽中国大陆以外的连接 include geocn.conf; } }
启动nginx并设置开机自启
service nginx start systemctl enable nginx.service
开启bbr加速,开端口443