Nginx不仅可以作为HTTP反向代理,还可以作为TCP和UDP流量的代理服务器。以下是实现Nginx TCP/UDP代理的详细配置方法。
--with-stream模块(可通过nginx -V查看)# 主配置文件nginx.conf中
events {
worker_connections 1024;
}
# 添加stream块,与http块同级
stream {
include /etc/nginx/conf.d/*.stream;
}
/etc/nginx/conf.d/mysql.stream):# MySQL TCP代理示例
server {
listen 3306; # 代理监听端口
proxy_pass db_server:3306; # 后端服务器地址
proxy_connect_timeout 1s;
proxy_timeout 3s;
}
stream {
# 定义上游服务器组
upstream backend {
server backend1.example.com:12345;
server backend2.example.com:12345;
}
server {
listen 12345;
proxy_pass backend;
# 连接超时设置
proxy_connect_timeout 5s;
# 代理超时设置
proxy_timeout 30s;
# 缓冲区大小
proxy_buffer_size 16k;
}
}
stream {
server {
listen 53 udp; # DNS服务示例
proxy_pass dns_servers;
proxy_timeout 1s;
proxy_responses 1; # 期望的响应数
}
upstream dns_servers {
server 8.8.8.8:53;
server 8.8.4.4:53;
}
}
stream {
server {
listen 443 ssl;
proxy_pass backend;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
}
upstream backend {
server backend.example.com:443;
}
}
Nginx stream模块支持多种负载均衡方式:
upstream backend {
# 默认轮询
server backend1.example.com:12345;
server backend2.example.com:12345;
# 最少连接数
least_conn;
# 哈希算法
hash $remote_addr consistent;
# 权重分配
server backend3.example.com:12345 weight=2;
}
upstream backend {
zone backend 64k;
server backend1.example.com:12345 max_fails=2 fail_timeout=30s;
server backend2.example.com:12345 max_fails=2 fail_timeout=30s;
}
stream {
log_format basic '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
access_log /var/log/nginx/stream-access.log basic;
error_log /var/log/nginx/stream-error.log;
}
--with-stream模块proxy_connect_timeout和proxy_timeout值worker_processes和worker_connections# 检查配置语法
nginx -t
# 重新加载配置
nginx -s reload
通过以上配置,您可以灵活地实现各种TCP/UDP代理场景,包括数据库代理、DNS代理、游戏服务器代理等。