Nginx配置TCP请求转发

Nginx配置TCP请求转发

1.TCP请求转发基于stream在1.9版本前,需要单独编译安装该组建:

# 依赖服务
[root@baolin conf]#yum -y install pcre-devel openssl openssl-devel library

# 用户
[root@baolin conf]#useradd nginx -u 1000

# 编译安装 stream 组建
./configure --user=nginx --group=nginx  --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module --with-stream  --with-stream_ssl_module 

2.配置nginx.conf 实现TCP得请求转发

[root@baolin conf]# cat /usr/local/nginx/nginx.conf
worker_processes  1;

events {
    worker_connections  1024;
}

# 此为TCP转发请求 stream 
stream {
    # 后端指向 server 的 8085 端口 stream_backend 组
    upstream stream_backend {
         server 10.50.2.11:8085;
         server 10.50.2.19:8085;
    }
    
    # 后端指向 server 的 8090 端口 cns组
    upstream cns {
         server 10.50.2.11:8090;
         server 10.50.2.19:8090;
    }
     server {
        listen                443 ssl;
        proxy_pass            stream_backend;
        # 指定key 和 crt 地址
        ssl_certificate       /etc/ssl/certs/my.crt;
        ssl_certificate_key   /etc/ssl/certs/my.key;
        ssl_protocols         SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers           HIGH:!aNULL:!MD5;
        ssl_session_cache     shared:SSL:20m;
        ssl_session_timeout   4h;
        ssl_handshake_timeout 30s;
    }
  server {
        # 本机监听端口 8080 
        listen                8080;
        
        # 请求抛给 stream_backend 组
        proxy_pass            stream_backend;
	   }
  server {
        # 本机监听端口 8090 
        listen                8090;
        
        # 请求抛给 cns 组
        proxy_pass            cns;
	   }	   
	}

    # 此为HTTP 转发请求 http
	http {
		log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
						  '$status $body_bytes_sent "$http_referer" '
						  '"$http_user_agent" "$http_x_forwarded_for"';

		access_log  /var/log/nginx/access.log  main;

		sendfile            on;
		tcp_nopush          on;
		gzip_comp_level 9;
		gzip_types  text/css text/xml  application/javascript;
		gzip_vary on;

		include             /etc/nginx/mime.types;
		default_type        application/octet-stream;
		
      # 后端指向 server 的 8585 端口 cns_node 组
	  upstream  cns_node {
			 server 10.50.2.51:8585 weight=3;
			 server 10.50.2.59:8585 weight=3;
		}
	   
	   server {
		listen       8585;
		server_name umout.com;

		access_log  /etc/nginx/logs/server02_access.log main;

		location /{
		  index index.html index.htm index.jsp;
		  proxy_pass http://cns_node1;
		  include /etc/nginx/proxy.conf; 
		}
	  }
	}
posted @ 2017-11-08 12:57  叨客厨子  阅读(34353)  评论(0编辑  收藏  举报