免费资源网 – https://freexyz.cn/
目录前言简单的 Nginx stream 代理配置负载均衡配置一、编译安装支持stream 模块的Nginx1.安装必要的编译工具和依赖项2. 下载Nginx源代码3. 配置编译选项4. 编译和安装5. 启动 Nginx6. 验证安装二、Nginx命令1. 启动 Nginx2. 停止 Nginx3. 重新加载配置4. 测试配置文件的语法5. 显示版本信息6. 显示编译选项7. 其他常用命令三、Nginx stream配置3.1 编辑nginx.conf文件3.2检查配置文件是否正确3.3 使配置文件生效
前言
Nginx 的 socket 代理通常指的是 Nginx 通过 stream 模块来处理非 HTTP 的 TCP 流量,比如数据库连接、SSH 连接或其他 TCP 协议的流量。stream 模块允许 Nginx 作为一个反向代理来处理这些连接。
简单的 Nginx stream 代理配置
以下是一个简单的 Nginx stream 代理配置示例,用于代理 TCP 连接:
events { worker_connections 1024; } stream { server { listen <local_port>; # Nginx 监听的本地端口 proxy_pass <backend_server>:<backend_port>; # 后端服务器的地址和端口 # 可选配置项 # proxy_connect_timeout 1s; # 连接超时时间 # proxy_timeout 10m; # 代理超时时间 } }在这个配置中,你需要替换 <local_port> 为 Nginx 将要监听的本地端口,以及 <backend_server> 和 <backend_port> 为实际的后端服务器地址和端口。
负载均衡配置
stream 模块还支持负载均衡。你可以使用 upstream 块来定义一组后端服务器,然后在 server 块中引用这个 upstream 块。
stream { upstream backend_servers { server backend1.example.com:12345; server backend2.example.com:12345; # 可以添加更多服务器 # 可选配置项 # hash $remote_addr; # 根据客户端 IP 进行哈希负载均衡 # least_conn; # 使用最少连接数的服务器 } server { listen <local_port>; proxy_pass backend_servers; } }注意几点:
stream 模块:确保你的 Nginx 版本支持 stream 模块。较新版本的 Nginx 默认包含这个模块。非 HTTP 流量:stream 模块处理的是 TCP 流量,不是 HTTP 流量。因此,它不适合代理 web 请求。安全性:当你代理敏感数据(如数据库连接)时,请确保使用加密连接(如 SSL/TLS),并在 Nginx 配置中启用相应的加密选项。负载均衡:除了简单的代理功能外,你还可以使用 stream 模块来实现 TCP 连接的负载均衡。这可以通过在 upstream 块中定义多个后端服务器来实现。日志和监控:与 HTTP 代理一样,你也可以为 stream 代理配置日志和监控功能,以便跟踪和调试连接问题。一、编译安装支持stream 模块的Nginx
1.安装必要的编译工具和依赖项
在 CentOS 7 上,您可以使用以下命令安装这些工具:
sudo yum install gcc-c++ pcre-devel zlib-devel make2. 下载Nginx源代码
下载 Nginx 1.24.0 的源代码压缩包,并解压缩:
wget http://nginx.org/download/nginx-1.24.0.tar.gz tar -zxvf nginx-1.24.0.tar.gz改名
mv nginx-1.24.0 nginxSrc3. 配置编译选项
进入 Nginx 源代码目录并运行configure脚本,指定所需的stream功能模块。
[root@td66 nginxSrc]# ./configure –prefix=/usr/local/nginx –with-stream checking for OS + Linux 3.10.0-957.el7.x86_64 x86_64 checking for C compiler … found + using GNU C compiler + gcc version: 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) checking for gcc -pipe switch … found checking for -Wl,-E switch … found checking for gcc builtin atomic operations … found checking for C99 variadic macros … found checking for gcc variadic macros … found checking for gcc builtin 64 bit byteswap … found checking for unistd.h … found checking for inttypes.h … found checking for limits.h … found checking for sys/filio.h … not found checking for sys/param.h … found checking for sys/mount.h … found checking for sys/statvfs.h … found checking for crypt.h … found checking for Linux specific features checking for epoll … found checking for EPOLLRDHUP … found checking for EPOLLEXCLUSIVE … not found checking for eventfd() … found checking for O_PATH … found checking for sendfile() … found checking for sendfile64() … found checking for sys/prctl.h … found checking for prctl(PR_SET_DUMPABLE) … found checking for prctl(PR_SET_KEEPCAPS) … found checking for capabilities … found checking for crypt_r() … found checking for sys/vfs.h … found checking for UDP_SEGMENT … not found checking for nobody group … found checking for poll() … found checking for /dev/poll … not found checking for kqueue … not found checking for crypt() … not found checking for crypt() in libcrypt … found checking for F_READAHEAD … not found checking for posix_fadvise() … found checking for O_DIRECT … found checking for F_NOCACHE … not found checking for directio() … not found checking for statfs() … found checking for statvfs() … found checking for dlopen() … not found checking for dlopen() in libdl … found checking for sched_yield() … found checking for sched_setaffinity() … found checking for SO_SETFIB … not found checking for SO_REUSEPORT … found checking for SO_ACCEPTFILTER … not found checking for SO_BINDANY … not found checking for IP_TRANSPARENT … found checking for IP_BINDANY … not found checking for IP_BIND_ADDRESS_NO_PORT … found checking for IP_RECVDSTADDR … not found checking for IP_SENDSRCADDR … not found checking for IP_PKTINFO … found checking for IPV6_RECVPKTINFO … found checking for TCP_DEFER_ACCEPT … found checking for TCP_KEEPIDLE … found checking for TCP_FASTOPEN … found checking for TCP_INFO … found checking for accept4() … found checking for int size … 4 bytes checking for long size … 8 bytes checking for long long size … 8 bytes checking for void * size … 8 bytes checking for uint32_t … found checking for uint64_t … found checking for sig_atomic_t … found checking for sig_atomic_t size … 4 bytes checking for socklen_t … found checking for in_addr_t … found checking for in_port_t … found checking for rlim_t … found checking for uintptr_t … uintptr_t found checking for system byte ordering … little endian checking for size_t size … 8 bytes checking for off_t size … 8 bytes checking for time_t size … 8 bytes checking for AF_INET6 … found checking for setproctitle() … not found checking for pread() … found checking for pwrite() … found checking for pwritev() … found checking for strerrordesc_np() … not found checking for sys_nerr … found checking for localtime_r() … found checking for clock_gettime(CLOCK_MONOTONIC) … found checking for posix_memalign() … found checking for memalign() … found checking for mmap(MAP_ANON|MAP_SHARED) … found checking for mmap(“/dev/zero”, MAP_SHARED) … found checking for System V shared memory … found checking for POSIX semaphores … not found checking for POSIX semaphores in libpthread … found checking for struct msghdr.msg_control … found checking for ioctl(FIONBIO) … found checking for ioctl(FIONREAD) … found checking for struct tm.tm_gmtoff … found checking for struct dirent.d_namlen … not found checking for struct dirent.d_type … found checking for sysconf(_SC_NPROCESSORS_ONLN) … found checking for sysconf(_SC_LEVEL1_DCACHE_LINESIZE) … found checking for openat(), fstatat() … found checking for getaddrinfo() … found checking for PCRE2 library … not found checking for PCRE library … found checking for PCRE JIT support … found checking for zlib library … found creating objs/Makefile Configuration summary + using system PCRE library + OpenSSL library is not used + using system zlib library nginx path prefix: “/usr/local/nginx” nginx binary file: “/usr/local/nginx/sbin/nginx” nginx modules path: “/usr/local/nginx/modules” nginx configuration prefix: “/usr/local/nginx/conf” nginx configuration file: “/usr/local/nginx/conf/nginx.conf” nginx pid file: “/usr/local/nginx/logs/nginx.pid” nginx error log file: “/usr/local/nginx/logs/error.log” nginx http access log file: “/usr/local/nginx/logs/access.log” nginx http client request body temporary files: “client_body_temp” nginx http proxy temporary files: “proxy_temp” nginx http fastcgi temporary files: “fastcgi_temp” nginx http uwsgi temporary files: “uwsgi_temp” nginx http scgi temporary files: “scgi_temp”这将配置Nginx以使用”/usr/local/nginx”作为安装目录。
4. 编译和安装
[root@td66 nginxSrc]# make && make install make -f objs/Makefile make[1]: 进入目录“/usr/local/nginxSrc” cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs -o objs/src/core/nginx.o src/core/nginx.c cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs -o objs/src/core/ngx_log.o src/core/ngx_log.c5. 启动 Nginx
cd /usr/local/nginx/sbin/ ./nginx6. 验证安装
打开您的 Web 浏览器并访问服务器的 IP 地址或域名,您应该能够看到 Nginx 的欢迎页面。
二、Nginx命令
nginx 命令用于控制 Nginx 服务器的启动、停止、重新加载配置文件等操作。以下是一些常用的 nginx 命令及其说明:
1. 启动 Nginx
nginx这个命令将启动 Nginx 服务器。如果配置文件(通常是 /etc/nginx/nginx.conf 或 /usr/local/nginx/conf/nginx.conf)存在且没有语法错误,Nginx 将开始监听配置的端口,并处理请求。
2. 停止 Nginx
nginx -s stop或者
sudo service nginx stop或者在某些系统上
sudo systemctl stop nginx这些命令将停止正在运行的 Nginx 服务器。-s stop 选项发送一个信号给 Nginx 主进程,让它立即停止。
3. 重新加载配置
nginx -s reload或者
sudo service nginx reload或者在某些系统上
sudo systemctl reload nginx这个命令将重新加载 Nginx 的配置文件。如果配置文件有变动,这个命令将应用新的配置,而不需要停止和重新启动 Nginx。重新加载配置通常不会导致正在处理的请求中断。
4. 测试配置文件的语法
nginx -t这个命令将检查 Nginx 配置文件的语法是否正确,并返回结果。如果配置文件有语法错误,nginx -t 会指出错误的位置,但不会实际加载配置。
5. 显示版本信息
nginx -v这个命令将显示当前安装的 Nginx 的版本信息。
6. 显示编译选项
nginx -V这个命令将显示 Nginx 在编译时使用的选项和包含的模块。这对于诊断问题或了解特定模块是否已编译非常有用。
7. 其他常用命令
查看帮助信息:nginx -h 或 nginx –help平滑升级 Nginx:可以使用 nginx -s quit 来优雅地关闭旧版本的 Nginx,然后启动新版本。请注意,上述命令可能需要使用 sudo 来获取管理员权限,具体取决于你的系统设置和 Nginx 的安装方式。此外,不同系统或安装方式可能会使用不同的服务管理器(如 systemctl、service 或 /etc/init.d/nginx 脚本),所以停止和启动服务的命令可能有所不同。
三、Nginx stream配置
3.1 编辑nginx.conf文件
vim nginx.conf
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } stream { server { listen 6666; # Nginx 监听的端口 proxy_pass 10.68.8.70:6666; # 后端服务器的地址和端口 } }3.2检查配置文件是否正确
nginx -t -c nginx.conf如果报如下错误说明没有成功安装stream模块
nginx: [emerg] unknown directive “stream” in /usr/local/nginx/conf/nginx.conf:163.3 使配置文件生效
nginx -s reload© 版权声明
THE END
暂无评论内容