Tengine 四层代理:

houjinkai 2020-04-26

Tengine 四层代理:

1 ) 安装tengine ( nginx1.9 以上版本 编译以后要支持stream 模块)

1.1 ) tengine(nginx) 一定要是nginx-1.9.X 以上的版本,否则不支持stream功能:
/data/nginx/sbin/nginx -V
Tengine version: Tengine/2.3.2
nginx version: nginx/1.17.3
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
......

1.2 ) 编译安装tengine-2.3.2 开启的功能略有改变:
wget http://tengine.taobao.org/download/tengine-2.3.2.tar.gz && tar -zxf tengine-2.3.2.tar.gz 
cd tengine-2.3.2
./configure --prefix=/data/nginx  --user=fmw --group=fmw --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre   --with-stream --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module

# --with-http_concat_modul  这个参数可能因为是开发版本 还没有加入2.3.2版本,静待后面的正式版本.
# --with-stream   --with-stream=dynamic   --with-stream_ssl_module   --with-stream_realip_module
# 这三个开启的就是nginx的stream 功能.

make && make install

2 ) 配置 nginx 的stream 模块 来做TCP代理

2.1 ) 创建配置目录:
mkdir -p /data/nginx/{pid,temp,proxycache
mkdir -p /data/nginx/conf/tcp/ 
###########################  四层代理的配置 #####################################
##  注意: 1 ) nginx 版本要在1.9 以上, tengine 基于那个版本开发的 去官网查
##  注意: 2 )编译时要加入--with-stream --with-stream_ssl_module   --with-stream_realip_module
##            安装好的可以通过 nginx -V 来查看具体编译的参数. 没有加入的重新编译加入即可.
##  注意: 3 )主配置文件一定要引入  nginx_stream_modele.so;
vim tcp.conf

stream {
   upstream  redis_host {
    server 10.10.116.206:6379;
  }

  server {
    listen 10.10.4.209:6379;
    proxy_connect_timeout 5s;
    proxy_timeout 5s;
    proxy_pass  redis_host;
  }

}
####################################################################################

2.2 ) 主配置文件:
load_module /data/nginx/modules/ngx_stream_module.so; #这行一定要加上否则会出现stream模块找不到的错误.
user  nginx nginx;
worker_processes  auto;
worker_cpu_affinity 0001 0010;
pid       /data/nginx/pid/nginx.pid; 
events {
    worker_connections  65536;
    use epoll;
    accept_mutex on;
    multi_accept on;
}
include /data/nginx/conf/tcp/*.conf;
http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format access_json ‘{"@timestamp":"$time_iso8601",‘
        ‘"host":"$server_addr",‘
        ‘"clientip":"$remote_addr",‘
        ‘"size":$body_bytes_sent,‘
        ‘"responsetime":$request_time,‘
        ‘"upstreamtime":"$upstream_response_time",‘
        ‘"upstreamhost":"$upstream_addr",‘
        ‘"http_host":"$host",‘
        ‘"uri":"$uri",‘
        ‘"domain":"$host",‘
        ‘"xff":"$http_x_forwarded_for",‘
        ‘"referer":"$http_referer",‘
        ‘"tcp_xff":"$proxy_protocol_addr",‘
        ‘"http_user_agent":"$http_user_agent",‘
        ‘"status":"$status"}‘;
     access_log  /data/nginx/logs/access_json.log  access_json;
     proxy_cache_path /data/nginx/proxycache   levels=1:2:2  keys_zone=proxycache:512m inactive=10m  max_size=1g;
    sendfile        on;
    directio 2m;
    keepalive_timeout  65 65;
    keepalive_requests 3;
     client_max_body_size 10m;
     client_body_buffer_size 16k;
     client_body_temp_path   /data/nginx/temp 1 2 2;
    keepalive_disable msie6;
    open_file_cache          max=1000 inactive=20s;
    open_file_cache_valid    30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors   on;
    server_tokens off;
    gzip  on;
    gzip_comp_level 5;
    gzip_min_length 1k;
    gzip_types text/plain application/javascript application/x-javascript text/cssapplication/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;    
    gzip_vary on;
    
    server {
        listen       80;
        server_name  localhost default_server;
        charset utf-8;
        #access_log  logs/host.access.log  main;
        location / {
            root   html;
            index  index.html index.htm;
        }
    location  /nginx_status {
      stub_status on;
      allow 192.168.0.0/16;
      allow 127.0.0.1;
      allow 172.18.0.0/16;
      deny all;
  }
        error_page   500 502 503 504 404  /50x.html;
        location = /50x.html {
            root   html;
        }

        location ~ /\.password {
            deny  all;
        }
    }
}

官方文档:

https://nginx.org/en/docs/stream/ngx_stream_core_module.html

相关推荐