nginx http代理、负载均衡、tcp代理转发 配置

一、nginx http 代理

nginx http 代理

通过proxy_set_header，返回客户端真实IP地址及端口，而不是代理主机ip，

#proxy  ngx 代理不支持 https，有https需求可以用squid
server {
listen 9998;

allow 192.168.0.0/24;
deny all;

location / {
access_log /data/logs/proxy_access.log main;
proxy_redirect off;
proxy_pass http://$http_host$request_uri; 
proxy_set_header Host $host:$server_port;  # 设置请求头：代理IP：port
proxy_set_header X-Real-IP $remote_addr;   # 真实客户端地址IP
proxy_set_header X-Real-PORT $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;

proxy_http_version 1.1;
}
}

nginx http转发

server {
listen 21000;
server_name 127.0.0.1;

location / {
proxy_read_timeout 1800;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://10.10.20.34:21000; }
}

nginx 负载均衡

cat vhosts/down_fdfs_19080.conf
server {
listen 19080;
server_name 127.0.0.1;

location / {
proxy_read_timeout 1800;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://down_fdfs; }
}
cat upstream/down_fdfs.conf
upstream down_fdfs{
server    10.10.20.54:80   max_fails=2 fail_timeout=30s weight=10;
server    10.10.20.55:80   max_fails=2 fail_timeout=30s weight=10;

keepalive 64;
}

匹配url，转发到不同主机

这里对url的转换稍微难理解一点，比如多个”//”等。

对于proxy_pass的值，去掉主机，就剩了”/”, 这里就是将 “/api_test/” 替换为 “/” 。这样就很清楚匹配url到底需不需要将”/”了。

location /api_test/ {
default_type 'text/plain';
proxy_buffering    off;
proxy_set_header            Host $host;
proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect              off;
proxy_connect_timeout       10;
proxy_send_timeout          30;
proxy_read_timeout          30;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass                  http://api.system/; }

upstream api.system{
server    192.168.6.119:8901   max_fails=2  weight=1;
keepalive 64;
}

二、nginx TCP 反向代理

1、编译相关模块

支持TCP代理和负载均衡的stream模块

ngx_stream_core_module

，在1.90版本后将被启用。但是并不会默认安装，需要在编译时通过指定 –with-stream 参数来激活这个模块。

对于低版本nginx

下面操作步骤只让nginx支持tcp_proxy，没有加入prce、gzip、ssl等功能，如需要，可自行在编译时加上相关参数。

wget https://github.com/yaoweibin/nginx_tcp_proxy_module/archive/master.zip unzip master.zip
cd nginx-1.8.1
patch -p1 <../nginx_tcp_proxy_module-master/tcp.patch
./configure  --add-module=../nginx_tcp_proxy_module-master
make
make install

2、配置 nginx tcp 代理

==注意：新版本关键字为stream，低版本为tcp==

新版本nginx

stream {
upstream backend {
hash $remote_addr consistent;
server backend1.example.com:12345 weight=5;
server 127.0.0.1:12345 max_fails=3 fail_timeout=30s;
server unix:/tmp/backend3;
}

server {
listen 12345;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass backend;
}

server {
listen [::1]:12345;
proxy_pass unix:/tmp/stream.socket;
}
}

低版本nginx

events { ...
}
http { ...
}
tcp {
upstream backend {
server 127.0.0.1:12345 max_fails=3 fail_timeout=30s;
}
server {
listen 2345;
proxy_pass backend;
}
}

3、nginx tcp proxy 转发超时问题

==nginx tcp proxy 连接保持设置==

根据前文

Nginx tcp proxy module

试用的设置，在测试环境中发现tcp连接经常掉线。

其实就是少了几个设置，README的配置不能用于生产环境。

配置如下，现在工作正常了：

tcp {
timeout 1d;
proxy_read_timeout 10d;
proxy_send_timeout 10d;
proxy_connect_timeout 30;

# rsync
upstream proxy_rsync {
server 10.10.20.42:30873 max_fails=3;
}
server {
listen 30888;
proxy_pass proxy_rsync;
}
}

转载请务必保留此出处：http://blog.csdn.net/fgf00/article/details/79276127

附：nginx 优化 配置文件参考

注：最后几行的tcp部分，如果没有编译，可以注释掉

user  nginx nginx;
worker_processes  24;
worker_cpu_affinity auto;

worker_rlimit_nofile 65535;

error_log  /data/logs/nginx/error.log  notice;

pid        logs/nginx.pid;

events {
use epoll;
multi_accept on;
worker_connections  65535;
}

http {
include       mime.types;
default_type  application/octet-stream;

charset  UTF-8;

server_names_hash_bucket_size 128;
client_header_buffer_size 128k;
large_client_header_buffers 8 128k;
client_max_body_size 20g;

sendfile        on;
tcp_nopush     on;
open_file_cache max=51200 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;

keepalive_timeout  60;

tcp_nodelay on;

server_tokens off;
server_tag off;
server_info off;

fastcgi_connect_timeout 600;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
fastcgi_buffer_size 512k;
fastcgi_buffers 16 256k;
fastcgi_busy_buffers_size 512k;
fastcgi_temp_file_write_size 512k;
fastcgi_intercept_errors on;

client_header_timeout  6m;
client_body_timeout    6m;
send_timeout           6m;
connection_pool_size        256;
request_pool_size        8k;
output_buffers   8 64k;
postpone_output  1460;
client_body_buffer_size    1024k;

gzip  on;
gzip_min_length  1k;
gzip_buffers     4 16k;
gzip_http_version 1.0;
gzip_comp_level 3;
gzip_proxied    any;
gzip_types       text/plain application/x-javascript application/json text/css application/xml;
gzip_vary on;

proxy_connect_timeout       600;
proxy_read_timeout          600;
proxy_send_timeout          600;
proxy_buffers               4 64k;
proxy_busy_buffers_size     128k;
proxy_temp_file_write_size  128k;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_ignore_client_abort on;
proxy_next_upstream error;
proxy_buffer_size 64k;
proxy_temp_path   /dev/shm/nginx_proxy_temp;
proxy_cache_path  /dev/shm/proxy_cps_cache levels=1:2 keys_zone=cache_cps:1024m inactive=2d max_size=8g;
proxy_cache_path  /dev/shm/proxy_cpsSimhash_cache levels=1:2 keys_zone=cache_cpsSimhash:1024m inactive=2d max_size=8g;
proxy_cache_path  /dev/shm/proxy_search_cache levels=1:2 keys_zone=cache_search:1024m inactive=2d max_size=8g;
proxy_pass_header  Set-Cookie;

log_format main '$http_host $remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" "$http_user_agent" '
'"$http_x_forwarded_for" "$upstream_cache_status" $request_time $host';

include upstream/*.conf;
include vhosts/*.conf;
}

tcp {
timeout 1d;
proxy_read_timeout 10d;
proxy_send_timeout 10d;
proxy_connect_timeout 30;

include tcp_proxy/*.conf;
}

转载请务必保留此出处：http://blog.csdn.net/fgf00/article/details/79276127