使用Nginx实现TCP/UDP调度器功能,实现如下功能:
- 后端SSH服务器两台
- Nginx编译安装时需要使用--with-stream,开启ngx_stream_core_module模块
- Nginx采用轮询的方式调用后端SSH服务器
UDP 协议是应用层:http DNS nginx
TCP 协议是传输层
2.2 方案
使用4台RHEL7虚拟机,其中一台作为Nginx代理服务器,该服务器需要配置两块网卡,IP地址分别为192.168.4.5和192.168.2.5,两台SSH服务器IP地址分别为192.168.2.100和192.168.2.200。客户端测试主机IP地址为192.168.4.100。如图-2所示。
部署nginx服务器:
[root@proxy conf]# nginx -s stop
[root@proxy conf]# rm -rf /usr/local/nginx/
[root@proxy nginx-1.12.2]# ./configure --user=nginx --group=nginx --with-http_ssl_module --with-stream //开启SSL加密功能 //开启4层反向代理功能
[root@proxy nginx-1.12.2]# make && make install //编译并安装
修改配置文件:必须在http上面
15 stream {
16 upstream backend {
17 server 192.168.2.100:22;
18 server 192.168.2.200:22;
19 }
20 server {
21 listen 12345;
22 proxy_connect_timeout 1s;
23 proxy_timeout 3s;
24 proxy_pass backend;
25 }
26 }
27
28 http {
[root@proxy nginx-1.12.2]# nginx -s reload
[root@proxy nginx-1.12.2]# ss -ntulp | grep nginx
tcp LISTEN 0 128 *:80 *:* users:(("nginx",pid=5718,fd=7),("nginx",pid=5717,fd=7))
tcp LISTEN 0 128 *:12345 *:* users:(("nginx",pid=5718,fd=6),("nginx",pid=5717,fd=6))
客户端访问:
[root@clent ~]# ssh 192.168.4.5 -p 12345
root@192.168.4.5's password:
Last login: Tue Jul 31 18:59:12 2018 from 192.168.2.254
[root@web2 ~]# Connection to 192.168.4.5 closed by remote host.
Connection to 192.168.4.5 closed.
[root@clent ~]# ssh 192.168.4.5 -p 12345
root@192.168.4.5's password:
Last login: Tue Jul 31 18:58:57 2018 from 192.168.2.254
[root@web1 ~]# Connection to 192.168.4.5 closed by remote host.
Connection to 192.168.4.5 closed.
优化Nginx并发量
[root@proxy ~]# ab -n 2000 -c 2000 http://192.168.4.5/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.4.5 (be patient) ////提示打开文件数量过多
socket: Too many open files (24)
2)修改Nginx配置文件,增加并发量
[root@proxy ~]# vim /usr/local/nginx/conf/nginx.conf
worker_processes 2; //与CPU核心数量一致
events {
worker_connections 65535; //每个worker最大并发连接数
use epoll;
}
2.优化Linux内核参数(最大文件数量)
[root@proxy ~]# ulimit -a //查看所有属性值
[root@proxy ~]# ulimit -Hn 100000 //设置硬限制(临时规则)
[root@proxy ~]# ulimit -Sn 100000 //设置软限制(临时规则)
[root@proxy ~]# vim /etc/security/limits.conf
4)优化后测试服务器并发量(因为客户端没调内核参数,所以在proxy测试)
[root@proxy ~]# ab -n 2000 -c 2000 http://192.168.4.5/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.4.5 (be patient)
Completed 200 requests
Completed 400 requests
Completed 600 requests
Completed 800 requests
Completed 1000 requests
Completed 1200 requests
Completed 1400 requests
Completed 1600 requests
Completed 1800 requests
Completed 2000 requests
Finished 2000 requests
Server Software: nginx/1.12.2
Server Hostname: 192.168.4.5
Server Port: 80
Document Path: /
Document Length: 612 bytes
Concurrency Level: 2000
Time taken for tests: 0.298 seconds
Complete requests: 2000
Failed requests: 0
Write errors: 0
Total transferred: 1690000 bytes
HTML transferred: 1224000 bytes
Requests per second: 6715.42 [#/sec] (mean)
Time per request: 297.822 [ms] (mean)
Time per request: 0.149 [ms] (mean, across all concurrent requests)
Transfer rate: 5541.53 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 13 15.5 4 55
Processing: 2 14 11.9 8 202
Waiting: 0 10 9.8 5 202
Total: 5 27 24.3 12 215
Percentage of the requests served within a certain time (ms)
50% 12
66% 31
75% 53
80% 56
90% 65
95% 70
98% 73
99% 74
100% 215 (longest request)