nginx之支持TCP四层代理和负载均衡的stream模块

一、ngx_stream_core_module模块

nginx从1.9.0开始，新增加了一个stream模块，用来实现四层协议的转发、代理或者负载均衡等。

• 格式： listen address:port [ssl] [udp] [backlog=number] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
  监听的端口；
  默认为tcp协议；
  udp: 监听udp协议的端口；

二、ngx_stream_proxy_module代理模块

允许在TCP、UDP（1.9 13）和UNIX域套接字上代理数据流。

(1) proxy_pass address;

设置代理服务器的地址。该地址可以指定为域名或IP地址，以及端口或UNIX域套接字路径。

(2) proxy_timeout timeout;

在客户端或代理服务器连接上的两次连续读写操作之间设置超时。如果在此时间内没有发送数据，则连接被关闭。默认为10m;

(3) proxy_connect_timeout time;

设置nginx与被代理的服务器尝试建立连接的超时时长；默认为60s；

示例：
stream {
upstream sshsrvs {
server 192.168.10.130:22;
server 192.168.10.131:22;
hash $remote_addr consistent;
}

server {
listen 172.16.100.6:22202;
proxy_pass sshsrvs;
proxy_timeout 60s;
proxy_connect_timeout 10s;
}
}

三、应用示例

stream模块用法和http模块差不多，关键的是语法几乎一致。

• 后端服务器单台主机调度vs服务器代理设置：

[root@vs-110 ~]# vim /etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;

stream {
      server {
                 listen 22922;
                 proxy_pass 192.168.10.11:22;  #ssh请求反代到rs1服务器的22端口
               }
 server{
               listen 80;
                proxy_pass 192.168.10.12:80;#http反代到rs2服务器的80端口
               }

}
[root@vs-110 ~]# nginx -t#语法检查
[root@vs-110 ~]# systemctl start nginx #启动nginx
[root@vs-110 ~]# ss -tnlp#查询端口是否启动
State      Recv-Q Send-Q                       Local Address:Port                                      Peer Address:Port              
LISTEN     0      128                                      *:22922                                                *:*          

• 客户端测试ssh连接：

[root@kvm-100 ~]# ssh -p 22922 root@172.16.15.110
[root@rs1 ~]# ip addr
eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:4e:97:c0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.11/16 brd 192.168.255.255 scope global noprefixroute eth1#ssh连接已经反代到rs1服务器上了
 [root@rs1 ~]# curl http://172.16.15.110/
<h1>RS2 192.168.10.12</h1>  #http请求已经反代到rs2服务器上了

• 后端服务器组调度vs服务器代理设置：

[root@vs-110 ~]# vim /etc/nginx/nginx.conf

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}
stream {
           upstream sshsrvs{     #ssh请求反代到服务器组的22端口，启用轮询负载均衡
                     server 192.168.10.11:22;
                     server 192.168.10.12:22;
                }
                {
           upstream websrvs{     #ssh请求反代到服务器组的80端口，启用轮询负载均衡
                     server 192.168.10.11:80;
                     server 192.168.10.12:80;
                }
          upstream mysrvs{     #ssh请求反代到服务器组的3306端口，启用轮询负载均衡
                     server 192.168.10.11:3306;
                     server 192.168.10.12:3306;
                }
   server {
                 listen 22922;
                 proxy_pass sshsrvs;  #ssh请求反代到服务器组的22端口
               }
 server{
               listen 80;
                proxy_pass websrvs; #http请求反代到服务器组的80端口
               }
 server{
               listen 3306;
                proxy_pass mysrvs; #mysql请求反代到服务器组的3306端口
               }
 }
------------------------------------------