ingrees-nginx-controller的 nginx，offer拿到手软

    }

    # Reverse proxies can detect if a client provides a X-Request-ID header, and pass it on to the backend server.
    # If no such header is provided, it can provide a random value.
    map $http_x_request_id $req_id {
            default   $http_x_request_id;

            ""        $request_id;

    }

    # Create a variable that contains the literal $ character.
    # This works because the geo module will not resolve variables.
    geo $literal_dollar {
            default "$";
    }

    server_name_in_redirect off;
    port_in_redirect        off;

    ssl_protocols TLSv1.2 TLSv1.3;

    ssl_early_data off;

    # turn on session caching to drastically improve performance

    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    # allow configuring ssl session tickets
    ssl_session_tickets off;

    # slightly reduce the time-to-first-byte
    ssl_buffer_size 4k;

    # allow configuring custom ssl ciphers
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
    ssl_prefer_server_ciphers on;

    ssl_ecdh_curve auto;

    # PEM sha: 151504dfd3f4bc4a4644c3263f8175e262f2feb9
    ssl_certificate     /etc/ingress-controller/ssl/default-fake-certificate.pem;
    ssl_certificate_key /etc/ingress-controller/ssl/default-fake-certificate.pem;

    proxy_ssl_session_reuse on;

    upstream upstream_balancer {
            ### Attention!!!
            #
            # We no longer create "upstream" section for every backend.
            # Backends are handled dynamically using Lua. If you would like to debug
            # and see what backends ingress-nginx has in its memory you can
            # install our kubectl plugin https://kubernetes.github.io/ingress-nginx/kubectl-plugin.
            # Once you have the plugin you can use "kubectl ingress-nginx backends" command to
            # inspect current backends.
            #
            ###

            server 0.0.0.1; # placeholder

            balancer_by_lua_block {
                    balancer.balance()
            }

            keepalive 320;
            keepalive_time 1h;
            keepalive_timeout  60s;
            keepalive_requests 10000;

    }

    # Cache for internal auth checks
    proxy_cache_path /tmp/nginx/nginx-cache-auth levels=1:2 keys_zone=auth_cache:10m max_size=128m inactive=30m use_temp_path=off;

    # Global filters

    ## start server _
    server {
            server_name _ ;

            listen 80 default_server reuseport backlog=511 ;
            listen 443 default_server reuseport backlog=511 ssl http2 ;

            set $proxy_upstream_name "-";

            ssl_reject_handshake off;

            ssl_certificate_by_lua_block {
                    certificate.call()
            }

            location / {

                    set $namespace      "";
                    set $ingress_name   "";
                    set $service_name   "";
                    set $service_port   "";
                    set $location_path  "";
                    set $global_rate_limit_exceeding n;

                    rewrite_by_lua_block {
                            lua_ingress.rewrite({
                                    force_ssl_redirect = false,
                                    ssl_redirect = false,
                                    force_no_ssl_redirect = false,
                                    preserve_trailing_slash = false,