nginx根据客户端ip动态代理后端服务-TCP

1.安装nginx

1.1安装编译环境

yum install -y gcc gcc-c++

1.2安装依赖库

1.2.1 安装openssl, ssl 功能需要 openssl 库 ( 下载: http://www.openssl.org/ )

cd /usr/local

wget https://www.openssl.org/source/openssl-1.0.1t.tar.gz

tar -xvf openssl-1.0.1t.tar.gz

cd openssl-1.0.1t

./config

1.2.2 安装pcre, rewrite 模块需要 pcre 库 ( 下载: http://www.pcre.org/ )

cd /usr/local

wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.39.tar.gz

tar -xvf pcre-8.39.tar.gz

cd pcre-8.39

./configure

make && make install

1.2.3 安装zlib, gzip 模块需要 zlib 库 ( 下载: http://www.zlib.net/ )

cd /usr/local

wget http://zlib.net/zlib-1.2.8.tar.gz

tar -xvf zlib-1.2.8.tar.gz

cd zlib-1.2.8

./configure

make &&make install

1.3 安装nginx

安装位置： /usr/local/nginx

(注意--with-stream选项, nginx默认编译是不会编译stream模块的)

cd /usr/local

wget https://nginx.org/download/nginx-1.11.13.tar.gz

tar -xvf nginx-1.11.13.tar.gz

cd nginx-1.11.13

./configure \

--prefix=/usr/local/nginx \

--error-log-path=/var/log/nginx/error.log \

--http-log-path=/var/log/nginx/access.log \

--with-poll_module \

--with-threads \

--with-file-aio \

--with-http_ssl_module \

--with-http_v2_module \

--with-http_realip_module \

--with-http_addition_module \

--with-http_sub_module \

--with-http_dav_module \

--with-http_flv_module \

--with-http_mp4_module \

--with-http_gunzip_module \

--with-http_gzip_static_module \

--with-http_auth_request_module \

--with-http_random_index_module \

--with-http_secure_link_module \

--with-http_degradation_module \

--with-http_slice_module \

--with-http_stub_status_module \

--with-stream \

--with-stream_ssl_module \

--with-stream_realip_module \

--with-stream_ssl_preread_module \

--http-client-body-temp-path=/var/tmp/nginx/client/ \

--http-proxy-temp-path=/var/tmp/nginx/proxy/ \

--http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ \

--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \

--with-pcre=/usr/local/pcre-8.39 \

--with-zlib=/usr/local/zlib-1.2.8 \

--with-openssl=/usr/local/openssl-1.0.1t

make & make install

安装完后测试一下

cd /usr/local/nginx/sbin

./nginx -t

2.配置tcp代理

2.1在nginx顶层模块中添加stream模块如下

nginx.conf文件中:

stream {
        include tcp.conf;
}

注意: 只允许配置一个stream模块

2.2 新建配置文件tcp.conf,进行代理配置,如配置1931-1937端口对应转发到11931-11937端口

tcp.conf文件中:

   map $remote_addr $bakgrd {
		default 127.0.0.1; 
		171.212.113.246 120.132.14.176;
   }

   server {
		listen 1931;
		proxy_connect_timeout 1s;
		proxy_timeout 3s;
		proxy_pass $bakgrd:11931;
   }   
   server {
		listen 1932;
		proxy_connect_timeout 1s;
		proxy_timeout 3s;
		proxy_pass $bakgrd:11932;
   }   
   server {
		listen 1933;
		proxy_connect_timeout 1s;
		proxy_timeout 3s;
		proxy_pass $bakgrd:11933;
   }   
   server {
		listen 1934;
		proxy_connect_timeout 1s;
		proxy_timeout 3s;
		proxy_pass $bakgrd:11934;
   }   
   server {
		listen 1935;
		proxy_connect_timeout 1s;
		proxy_timeout 3s;
		proxy_pass $bakgrd:11935;
   }   
   server {
		listen 1936;
		proxy_connect_timeout 1s;
		proxy_timeout 3s;
		proxy_pass $bakgrd:11936;
   }
   server {
		listen 1937;
		proxy_connect_timeout 1s;
		proxy_timeout 3s;
		proxy_pass $bakgrd:11937;
   }

map用法和http中的map一样

3.重启nginx

cd /usr/local/nginx

nginx -s reload

nginx官方文档参考

ngx_stream_map_module: https://nginx.org/en/docs/stream/ngx_stream_map_module.html

ngx_stream_proxy_module: https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html