目录
一:Nginx TCP反向代理
Nginx使用proxy_bind负载tcp socket,解决代理端口耗尽。 当nginx用作代理服务器时,对于客户端身份属于Server,对于服务端身份属于Client,则ip是固定的,服务器的ip:port也固定,因此连接数限制为Nginx服务器本身的端口数 ,即65536。实际上,它可以是Nginx服务器的一个网卡配置了多个ip,并且通过增加客户端的ip数量来打破限制。 借助Nginx的proxy_bind和split_client函数,它突破了单机外部65535和负载平衡的影响。
二:Nginx TCP反向代理安装与配置
2.1 Nginx下载和安装
1.下载Nginx安装包
wget https://nginx.org/download/nginx-1.16.1.tar.gz
2.解压安装包
tar -zxvf nginx-1.16.1.tar.gz
3.配置
stream模块主要负责功能服务分流负载,还能解决某些特定的网络问题。nginx默认安装的时候无法加载流stream模块,需要在启动参数里加上–with-stream,需要通过以下操作:
./configure --with-stream --with-stream_ssl_module
4.编译
make
5.安装
make install
2.2 Nginx的基本操作
1.启动Nginx服务
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
2.停止Nginx服务
cd /usr/local/nginx/sbin
./nginx -s stop
3.重启Nginx服务cd /usr/local/nginx/sbin
./nginx -s reload
4.单网卡绑定多IP
ifconfig ens192:1 10.8.20.137 netmask 255.255.255.0 up
ifconfig ens192:2 10.8.20.138 netmask 255.255.255.0 up
5.查看那些IP连接本机
netstat -a
6.查看nginx进程
ps -ef | grep nginx
7.检查端口开放
cat /proc/sys/net/ipv4/ip_local_port_range
2.3 Nginx TCP反向代理的基础配置
- worker_processes 2;
- 来指定了Nginx要开启的子进程数,每个Nginx进程平均耗费10M~12M内存。
- 根据经验,一般指定一个进程就足够了;如果是多核CPU,建议指定和CPU一样的进程即可。我这里写2,那么就会开启2个子进程,总共3个进程。
- include /usr/local/nginx/tcp.d/*.conf; tcp反向代理配置文件目录。
#user nobody;
worker_processes 2;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
include /usr/local/nginx/tcp.d/*.conf;
events {
worker_connections 200000;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
2.4 Nginx Stream配置
- stream配置不能放到http内,即不能放到nginx.conf中,因为stream是通过tcp层转发,而不是http转发。
- 可以为Nginx服务器一个网卡配置多个ip,通过增加client端的ip数量来突破限制,配合Nginx的proxy_bind和split_client功能突破单机对外65535以及负载均衡的效果。
- log_format:设置日志格式。
stream {
log_format proxy '$remote_addr:$remote_port [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /usr/local/nginx/logs/tcp-access.log proxy ;
# 添加socket转发的代理
upstream socket_proxy {
hash $remote_addr consistent;
# 转发的目的地址和端口
#server 10.8.20.42:1883 weight=5 max_fails=3 fail_timeout=30s;
#server 10.8.20.43:1883 weight=5 max_fails=3 fail_timeout=30s;
server 10.8.20.139:1883 weight=10 max_fails=5 fail_timeout=30s;
}
split_clients "$remote_addr$remote_port" $split_ip {
20% 10.8.20.138;
20% 10.8.20.137;
* 10.8.20.43;
}
# 提供转发的服务,即访问localhost:1888,会跳转至代理socket_proxy指定的转发地址
server {
proxy_bind $split_ip;
listen 1888;
proxy_connect_timeout 5s;
proxy_timeout 10s;
proxy_pass socket_proxy;
}
}