Nginx TCP反向代理突破端口限制

目录

一：Nginx TCP反向代理

二：Nginx TCP反向代理安装与配置

2.1 Nginx下载和安装

2.2 Nginx的基本操作

2.3 Nginx TCP反向代理的基础配置

2.4 Nginx Stream配置

---

一：Nginx TCP反向代理

        Nginx使用proxy_bind负载tcp socket，解决代理端口耗尽。 当nginx用作代理服务器时，对于客户端身份属于Server，对于服务端身份属于Client，则ip是固定的，服务器的ip:port也固定，因此连接数限制为Nginx服务器本身的端口数 ，即65536。实际上，它可以是Nginx服务器的一个网卡配置了多个ip，并且通过增加客户端的ip数量来打破限制。 借助Nginx的proxy_bind和split_client函数，它突破了单机外部65535和负载平衡的影响。

二：Nginx TCP反向代理安装与配置

2.1 Nginx下载和安装

1.下载Nginx安装包

wget https://nginx.org/download/nginx-1.16.1.tar.gz

2.解压安装包

tar -zxvf nginx-1.16.1.tar.gz

3.配置

stream模块主要负责功能服务分流负载，还能解决某些特定的网络问题。nginx默认安装的时候无法加载流stream模块，需要在启动参数里加上–with-stream，需要通过以下操作：

./configure --with-stream --with-stream_ssl_module

4.编译

make

5.安装

make install

2.2 Nginx的基本操作

1.启动Nginx服务

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

2.停止Nginx服务

cd /usr/local/nginx/sbin
./nginx -s stop

3.重启Nginx服务cd /usr/local/nginx/sbin

./nginx -s reload

4.单网卡绑定多IP

ifconfig ens192:1 10.8.20.137 netmask 255.255.255.0 up
ifconfig ens192:2 10.8.20.138 netmask 255.255.255.0 up

5.查看那些IP连接本机

netstat -a

6.查看nginx进程

ps -ef | grep nginx

7.检查端口开放

cat /proc/sys/net/ipv4/ip_local_port_range

2.3 Nginx TCP反向代理的基础配置

1. worker_processes  2；
2. 来指定了Nginx要开启的子进程数，每个Nginx进程平均耗费10M~12M内存。
3. 根据经验，一般指定一个进程就足够了；如果是多核CPU，建议指定和CPU一样的进程即可。我这里写2，那么就会开启2个子进程，总共3个进程。
4. include /usr/local/nginx/tcp.d/*.conf; tcp反向代理配置文件目录。

#user  nobody;
worker_processes  2;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

include /usr/local/nginx/tcp.d/*.conf;
events {
    worker_connections  200000;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
}

2.4 Nginx Stream配置

1. stream配置不能放到http内，即不能放到nginx.conf中，因为stream是通过tcp层转发，而不是http转发。
2. 可以为Nginx服务器一个网卡配置多个ip，通过增加client端的ip数量来突破限制，配合Nginx的proxy_bind和split_client功能突破单机对外65535以及负载均衡的效果。
3. log_format：设置日志格式。

stream {

	log_format proxy '$remote_addr:$remote_port [$time_local] '
                 '$protocol $status $bytes_sent $bytes_received '
                 '$session_time "$upstream_addr" '
                 '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
				 
	
	access_log /usr/local/nginx/logs/tcp-access.log proxy ;
	
    # 添加socket转发的代理
    upstream socket_proxy {
        hash $remote_addr consistent;
        # 转发的目的地址和端口
        #server 10.8.20.42:1883 weight=5 max_fails=3 fail_timeout=30s;
		#server 10.8.20.43:1883 weight=5 max_fails=3 fail_timeout=30s;
		server 10.8.20.139:1883 weight=10 max_fails=5 fail_timeout=30s;
    }
	
	split_clients "$remote_addr$remote_port" $split_ip {
	   20% 10.8.20.138;
       20% 10.8.20.137;
		*  10.8.20.43;
    }

    # 提供转发的服务，即访问localhost:1888，会跳转至代理socket_proxy指定的转发地址
    server {
	   proxy_bind $split_ip;
       listen 1888;
       proxy_connect_timeout 5s;
       proxy_timeout 10s;
       proxy_pass socket_proxy;
    }
		
}