早期nginx tcp代理(基于patch实现)

时间:2021-07-21 05:32:27

nginx tcp代理功能由nginx_tcp_proxy_module模块提供,同时监测后端主机状态。该模块包括的模块有: ngx_tcp_module, ngx_tcp_core_module, ngx_tcp_upstream_module, ngx_tcp_proxy_module, ngx_tcp_upstream_ip_hash_module。

1. 安装

 
3
4
5
6
# wget http://nginx.org/download/nginx-1.4.4.tar.gz
# tar zxvf nginx-1.4.4.tar.gz
# cd nginx-1.4.4
# ./configure --add-module=/path/to/nginx_tcp_proxy_module
# make
# make install

2. 配置

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
http {
    listen 80;
    location /status {
        check_status;
    }
}
tcp {
    upstream cluster_www_ttlsa_com {
        # simple round-robin
        server 127.0.0.1:1234;
        check interval=3000 rise=2 fall=5 timeout=1000;
        #check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello;
        #check interval=3000 rise=2 fall=5 timeout=1000 type=http;
        #check_http_send "GET / HTTP/1.0\r\n\r\n";
        #check_http_expect_alive http_2xx http_3xx;
    }
    server {
        listen 8888;
        proxy_pass cluster_www_ttlsa_com;
    }
}

这会出现一个问题,就是tcp连接会掉线。原因在于当服务端关闭连接的时候,客户端不可能立刻发觉连接已经被关闭,需要等到当Nginx在执行check规则时认为服务端链接关闭,此时nginx会关闭与客户端的连接。

3. 保持连接配置

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
http {
    listen 80;
    location /status {
        check_status;
    }
}
tcp {
timeout 1d;
    proxy_read_timeout 10d;
    proxy_send_timeout 10d;
    proxy_connect_timeout 30;
    upstream cluster_www_ttlsa_com {
        # simple round-robin
        server 127.0.0.1:1234;
        check interval=3000 rise=2 fall=5 timeout=1000;
        #check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello;
        #check interval=3000 rise=2 fall=5 timeout=1000 type=http;
        #check_http_send "GET / HTTP/1.0\r\n\r\n";
        #check_http_expect_alive http_2xx http_3xx;
    }
    server {
        listen 8888;
        proxy_pass cluster_www_ttlsa_com;
so_keepalive on;
        tcp_nodelay on;
    }
}

nginx_tcp_proxy_module模块指令具体参见: http://yaoweibin.github.io/nginx_tcp_proxy_module/README.html