Nginx Socket代理

前言

Nginx 的 socket 代理通常指的是 Nginx 通过 stream 模块来处理非 HTTP 的 TCP 流量，比如数据库连接、SSH 连接或其他 TCP 协议的流量。stream 模块允许 Nginx 作为一个反向代理来处理这些连接。

简单的 Nginx stream 代理配置

以下是一个简单的 Nginx stream 代理配置示例，用于代理 TCP 连接：

events {  
    worker_connections  1024;  
}  
  
stream {  
    server {  
        listen <local_port>;  # Nginx 监听的本地端口  
        proxy_pass <backend_server>:<backend_port>;  # 后端服务器的地址和端口  
  
        # 可选配置项  
        # proxy_connect_timeout 1s;  # 连接超时时间  
        # proxy_timeout 10m;        # 代理超时时间  
    }  
}

在这个配置中，你需要替换 <local_port> 为 Nginx 将要监听的本地端口，以及 <backend_server> 和 <backend_port> 为实际的后端服务器地址和端口。

负载均衡配置

stream 模块还支持负载均衡。你可以使用 upstream 块来定义一组后端服务器，然后在 server 块中引用这个 upstream 块。

stream {  
    upstream backend_servers {  
        server backend1.example.com:12345;  
        server backend2.example.com:12345;  
        # 可以添加更多服务器  
  
        # 可选配置项  
        # hash $remote_addr;  # 根据客户端 IP 进行哈希负载均衡  
        # least_conn;         # 使用最少连接数的服务器  
    }  
  
    server {  
        listen <local_port>;  
        proxy_pass backend_servers;  
    }  
}

注意几点：

1. stream 模块：确保你的 Nginx 版本支持 stream 模块。较新版本的 Nginx 默认包含这个模块。
2. 非 HTTP 流量：stream 模块处理的是 TCP 流量，不是 HTTP 流量。因此，它不适合代理 web 请求。
3. 安全性：当你代理敏感数据（如数据库连接）时，请确保使用加密连接（如 SSL/TLS），并在 Nginx 配置中启用相应的加密选项。
4. 负载均衡：除了简单的代理功能外，你还可以使用 stream 模块来实现 TCP 连接的负载均衡。这可以通过在 upstream 块中定义多个后端服务器来实现。
5. 日志和监控：与 HTTP 代理一样，你也可以为 stream 代理配置日志和监控功能，以便跟踪和调试连接问题。

一、编译安装支持stream 模块的Nginx

1.安装必要的编译工具和依赖项

在 CentOS 7 上，您可以使用以下命令安装这些工具：

sudo yum install gcc-c++ pcre-devel zlib-devel make

2. 下载Nginx源代码

下载 Nginx 1.24.0 的源代码压缩包，并解压缩：

wget http://nginx.org/download/nginx-1.24.0.tar.gz
tar -zxvf nginx-1.24.0.tar.gz

改名
mv nginx-1.24.0 nginxSrc

3. 配置编译选项

进入 Nginx 源代码目录并运行configure脚本，指定所需的stream功能模块。

[root@td66 nginxSrc]# ./configure --prefix=/usr/local/nginx --with-stream
checking for OS
 + Linux 3.10.0-957.el7.x86_64 x86_64
checking for C compiler ... found
 + using GNU C compiler
 + gcc version: 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
checking for gcc -pipe switch ... found
checking for -Wl,-E switch ... found
checking for gcc builtin atomic operations ... found
checking for C99 variadic macros ... found
checking for gcc variadic macros ... found
checking for gcc builtin 64 bit byteswap ... found
checking for unistd.h ... found
checking for inttypes.h ... found
checking for limits.h ... found
checking for sys/filio.h ... not found
checking for sys/param.h ... found
checking for sys/mount.h ... found
checking for sys/statvfs.h ... found
checking for crypt.h ... found
checking for Linux specific features
checking for epoll ... found
checking for EPOLLRDHUP ... found
checking for EPOLLEXCLUSIVE ... not found
checking for eventfd() ... found
checking for O_PATH ... found
checking for sendfile() ... found
checking for sendfile64() ... found
checking for sys/prctl.h ... found
checking for prctl(PR_SET_DUMPABLE) ... found
checking for prctl(PR_SET_KEEPCAPS) ... found
checking for capabilities ... found
checking for crypt_r() ... found
checking for sys/vfs.h ... found
checking for UDP_SEGMENT ... not found
checking for nobody group ... found
checking for poll() ... found
checking for /dev/poll ... not found
checking for kqueue ... not found
checking for crypt() ... not found
checking for crypt() in libcrypt ... found
checking for F_READAHEAD ... not found
checking for posix_fadvise() ... found
checking for O_DIRECT ... found
checking for F_NOCACHE ... not found
checking for directio() ... not found
checking for statfs() ... found
checking for statvfs() ... found
checking for dlopen() ... not found
checking for dlopen() in libdl ... found
checking for sched_yield() ... found
checking for sched_setaffinity() ... found
checking for SO_SETFIB ... not found
checking for SO_REUSEPORT ... found
checking for SO_ACCEPTFILTER ... not found
checking for SO_BINDANY ... not found
checking for IP_TRANSPARENT ... found
checking for IP_BINDANY ... not found
checking for IP_BIND_ADDRESS_NO_PORT ... found
checking for IP_RECVDSTADDR ... not found
checking for IP_SENDSRCADDR ... not found
checking for IP_PKTINFO ... found
checking for IPV6_RECVPKTINFO ... found
checking for TCP_DEFER_ACCEPT ... found
checking for TCP_KEEPIDLE ... found
checking for TCP_FASTOPEN ... found
checking for TCP_INFO ... found
checking for accept4() ... found
checking for int size ... 4 bytes
checking for long size ... 8 bytes
checking for long long size ... 8 bytes
checking for void * size ... 8 bytes
checking for uint32_t ... found
checking for uint64_t ... found
checking for sig_atomic_t ... found
checking for sig_atomic_t size ... 4 bytes
checking for socklen_t ... found
checking for in_addr_t ... found
checking for in_port_t ... found
checking for rlim_t ... found
checking for uintptr_t ... uintptr_t found
checking for system byte ordering ... little endian
checking for size_t size ... 8 bytes
checking for off_t size ... 8 bytes
checking for time_t size ... 8 bytes
checking for AF_INET6 ... found
checking for setproctitle() ... not found
checking for pread() ... found
checking for pwrite() ... found
checking for pwritev() ... found
checking for strerrordesc_np() ... not found
checking for sys_nerr ... found
checking for localtime_r() ... found
checking for clock_gettime(CLOCK_MONOTONIC) ... found
checking for posix_memalign() ... found
checking for memalign() ... found
checking for mmap(MAP_ANON|MAP_SHARED) ... found
checking for mmap("/dev/zero", MAP_SHARED) ... found
checking for System V shared memory ... found
checking for POSIX semaphores ... not found
checking for POSIX semaphores in libpthread ... found
checking for struct msghdr.msg_control ... found
checking for ioctl(FIONBIO) ... found
checking for ioctl(FIONREAD) ... found
checking for struct tm.tm_gmtoff ... found
checking for struct dirent.d_namlen ... not found
checking for struct dirent.d_type ... found
checking for sysconf(_SC_NPROCESSORS_ONLN) ... found
checking for sysconf(_SC_LEVEL1_DCACHE_LINESIZE) ... found
checking for openat(), fstatat() ... found
checking for getaddrinfo() ... found
checking for PCRE2 library ... not found
checking for PCRE library ... found
checking for PCRE JIT support ... found
checking for zlib library ... found
creating objs/Makefile

Configuration summary
  + using system PCRE library
  + OpenSSL library is not used
  + using system zlib library

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

这将配置Nginx以使用"/usr/local/nginx"作为安装目录。

4. 编译和安装

[root@td66 nginxSrc]# make && make install
make -f objs/Makefile
make[1]: 进入目录“/usr/local/nginxSrc”
cc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g  -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs \
	-o objs/src/core/nginx.o \
	src/core/nginx.c
cc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g  -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs \
	-o objs/src/core/ngx_log.o \
	src/core/ngx_log.c

5. 启动 Nginx

cd /usr/local/nginx/sbin/
./nginx

6. 验证安装

打开您的 Web 浏览器并访问服务器的 IP 地址或域名，您应该能够看到 Nginx 的欢迎页面。

二、Nginx命令

nginx 命令用于控制 Nginx 服务器的启动、停止、重新加载配置文件等操作。以下是一些常用的 nginx 命令及其说明：

1. 启动 Nginx

nginx

这个命令将启动 Nginx 服务器。如果配置文件（通常是 /etc/nginx/nginx.conf 或 /usr/local/nginx/conf/nginx.conf）存在且没有语法错误，Nginx 将开始监听配置的端口，并处理请求。

2. 停止 Nginx

nginx -s stop

或者

sudo service nginx stop

或者在某些系统上

sudo systemctl stop nginx

这些命令将停止正在运行的 Nginx 服务器。-s stop 选项发送一个信号给 Nginx 主进程，让它立即停止。

3. 重新加载配置

nginx -s reload

或者

sudo service nginx reload

或者在某些系统上

sudo systemctl reload nginx

这个命令将重新加载 Nginx 的配置文件。如果配置文件有变动，这个命令将应用新的配置，而不需要停止和重新启动 Nginx。重新加载配置通常不会导致正在处理的请求中断。

4. 测试配置文件的语法

nginx -t

这个命令将检查 Nginx 配置文件的语法是否正确，并返回结果。如果配置文件有语法错误，nginx -t 会指出错误的位置，但不会实际加载配置。

5. 显示版本信息

nginx -v

这个命令将显示当前安装的 Nginx 的版本信息。

6. 显示编译选项

nginx -V

这个命令将显示 Nginx 在编译时使用的选项和包含的模块。这对于诊断问题或了解特定模块是否已编译非常有用。

7. 其他常用命令

• 查看帮助信息：nginx -h 或 nginx --help
• 平滑升级 Nginx：可以使用 nginx -s quit 来优雅地关闭旧版本的 Nginx，然后启动新版本。

请注意，上述命令可能需要使用 sudo 来获取管理员权限，具体取决于你的系统设置和 Nginx 的安装方式。此外，不同系统或安装方式可能会使用不同的服务管理器（如 systemctl、service 或 /etc/init.d/nginx 脚本），所以停止和启动服务的命令可能有所不同。

三、Nginx stream配置

3.1 编辑nginx.conf文件

• vim nginx.conf

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}

stream {  
    server {  
        listen 6666;  # Nginx 监听的端口  
        proxy_pass 10.68.8.70:6666;  # 后端服务器的地址和端口  
    }  
}

3.2检查配置文件是否正确

nginx -t -c nginx.conf

如果报如下错误说明没有成功安装stream模块文章来源地址https://www.toymoban.com/news/detail-850156.html

nginx: [emerg] unknown directive "stream" in /usr/local/nginx/conf/nginx.conf:16

3.3 使配置文件生效

• nginx -s reload

到了这里，关于Nginx Socket代理的文章就介绍完了。如果您还想了解更多内容，请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章，希望大家以后多多支持TOY模板网！