[+] update nginx multiplexing

d1/nginx_config.py

@@ -217,7 +217,8 @@ def ssl(input_json, output_conf):
         upstream_servers = []
         server_names = []
 
-        for k, v in ssl_nginx['stream_server'].items():
+        if 'by_server_name' in ssl_nginx['stream_server']:
+            for k, v in ssl_nginx['stream_server']['by_server_name'].items():
                 upstream_servers.append(
                     'upstream %s { server %s; }' % (
                         v['upstream_name'],
@@ -231,6 +232,14 @@ def ssl(input_json, output_conf):
                 )
             
 
+        if 'ssh' in ssl_nginx['stream_server']:
+            ssh_section = 'upstream ssh { server {ssh}; }'.replace(
+                '{ssh}',
+                ssl_nginx['stream_server']['ssh'],
+            )
+        else:
+            ssh_section = ''
+
         ssl_port = 444
         stream_server = r'''
 stream {
@@ -240,17 +249,15 @@ stream {
 
 {upstream_servers}
 
-    #upstream ssh {
+    {ssh_section}
-    #    server {ssh};
-    #}
 
-    #map $ssl_preread_protocol $upstream {
+    map $ssl_preread_protocol $upstream_protocol {
-    #    default ssh;
+        default ssh;
-    #    "TLSv1.2" web;
+        "TLSv1.2" $upstream_server_name;
-    #    "TLSv1.3" web;
+        "TLSv1.3" $upstream_server_name;
-    #}
+    }
 
-    map $ssl_preread_server_name $upstream {
+    map $ssl_preread_server_name $upstream_server_name {
         default web;
 {server_names}
     }
@@ -260,7 +267,7 @@ stream {
         listen 443;
 
         ssl_preread on;
-        proxy_pass $upstream;
+        proxy_pass $upstream_protocol;
     }
 }
         '''.replace(
@@ -268,6 +275,8 @@ stream {
                 '    ' + o + '\n'
                 for o in upstream_servers
             ]),
+        ).replace(
+            '{ssh_section}', ssh_section,
         ).replace(
             '{server_names}', ''.join([
                 '        ' + o + '\n'