nignx配置TCP转发
背景
有时候内网的服务器需要把服务提供给外网访问,但是这个内网的服务器没有公网ip,所以可以在一台有公网ip的nginx服务器配置TCP请求转发,把内网服务的端口映射出来到公网
编译安装 stream 组件
如果你的nginx为源码编译,需要增加一下编译参数
如果你的nginx为yum直接安装的,需要检查相关编译参数是否含有--with-stream
如下的 --with-stream=dynamic # /usr/sbin/nginx -V nginx version: nginx/1.20.1 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) built with OpenSSL 1.1.1g FIPS 21 Apr 2020 (running with OpenSSL 1.1.1k FIPS 25 Mar 2021) TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf ... --with-stream=dynamic ...
配置TCP转发
TCP转发主配置文件
添加与http同级配置
如下的 TCP请求转发
include /etc/nginx/tcp.d/*.conf;
# cat /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 51024;
}
#TCP请求转发
include /etc/nginx/tcp.d/*.conf;
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#log_format gitlab_access '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent" $gzip_ratio';
#log_format gitlab_mattermost_access '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent" $gzip_ratio';
access_log /var/log/nginx/access.log main;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/upstreams/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
return 404; #不存在的域名返回值
#rewrite ^.*$ http://www.baidu.com/ last;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
创建存放配置目录
mkdir -p /etc/nginc/tcp.d/
TCP转发子配置文件
# cat /etc/nginx/tcp.d/stream.conf
stream {
# 添加socket转发的代理
upstream socket_proxy {
hash $remote_addr consistent;
# 转发的目的地址和端口
server 10.40.0.103:5050 weight=5 max_fails=3 fail_timeout=30s;
}
# 提供转发的服务,即访问localhost:5050,会跳转至代理socket_proxy指定的转发地址
server {
listen 5050;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass socket_proxy;
}
}
在dynamic-modules.conf 这个文件中添加以下两行配置
load_module "/usr/local/nginx/modules/ngx_stream_module.so"; load_module "/usr/local/nginx/modules/ngx_stream_upsync_module.so";
浙公网安备 33010602011771号