nginx tcp模塊安裝
- nginx版本 選擇版本
- tcp_model https://github.com/yaoweibin/nginx_tcp_proxy_module
初始 nginx 1.12 版本安裝
需要安裝OpenSSl
- 有網絡:sudo apt-get install libssl-dev
- 下載OpenSSl https://www.openssl.org/source/
安裝過程
make 報錯
../libcrypto.a(eng_rsax.o): In function `e_rsax_bn_mod_exp': eng_rsax.c:(.text+0x132f): undefined reference to `mod_exp_512' ../libcrypto.a(eng_rsax.o): In function `e_rsax_rsa_mod_exp': eng_rsax.c:(.text+0x1c08): undefined reference to `mod_exp_512' eng_rsax.c:(.text+0x22a8): undefined reference to `mod_exp_512' ../libcrypto.a(e_rc4_hmac_md5.o): In function `rc4_hmac_md5_cipher': e_rc4_hmac_md5.c:(.text+0x44e): undefined reference to `rc4_md5_enc' e_rc4_hmac_md5.c:(.text+0x4f1): undefined reference to `rc4_md5_enc'
解決方案 需配置 ./Configure linux-x86_64
make install 報錯
cms.pod around line 457: Expected text after =item, not a number cms.pod around line 461: Expected text after =item, not a number cms.pod around line 465: Expected text after =item, not a number cms.pod around line 470: Expected text after =item, not a number cms.pod around line 474: Expected text after =item, not a number
make install_sw 解決錯誤。
安裝ngixn 1.12版本
make過程報錯
../nginx_tcp_proxy_module-master/ngx_tcp_core_module.c:33:40: error: ‘NGX_CONF_MULTI’ undeclared here (not in a function) NGX_TCP_MAIN_CONF|NGX_CONF_BLOCK|NGX_CONF_MULTI|NGX_CONF_NOARGS, ^ ../nginx_tcp_proxy_module-master/ngx_tcp_core_module.c: In function ‘ngx_tcp_core_listen’: ../nginx_tcp_proxy_module-master/ngx_tcp_core_module.c:484:9: error: cannot convert to a pointer type if (ngx_memcmp(ls[i].sockaddr + off, u.sockaddr + off, len) != 0) { ^ ../nginx_tcp_proxy_module-master/ngx_tcp_core_module.c:504:5: error: incompatible type for argument 2 of ‘memcpy’ ngx_memcpy(ls->sockaddr, u.sockaddr, u.socklen); ^ In file included from src/os/unix/ngx_linux_config.h:27:0, from src/core/ngx_config.h:26, from ../nginx_tcp_proxy_module-master/ngx_tcp_core_module.c:2: /usr/include/string.h:42:14: note: expected ‘const void * __restrict__’ but argument is of type ‘ngx_sockaddr_t’ extern void *memcpy (void *__restrict __dest, const void *__restrict __src, ^ make[1]: *** [objs/addon/nginx_tcp_proxy_module-master/ngx_tcp_core_module.o] Error 1 make[1]: Leaving directory `/app/build/nginx-1.11.2' make: *** [build] Error 2
官網好多人遇到這個問題,沒找到解決辦法。。
安裝1.8版本的nginx
重新解壓 nginx_tcp_proxy_module-master
sudo patch -p1 < /home/guo/Downloads/nginx_tcp_proxy_module-master/tcp_1_8.patch
sudo ./configure --add-module=/home/guo/Downloads/nginx_tcp_proxy_module-master --without-http_rewrite_module --with-openssl=/home/guo/Downloads/openssl-1.0.1f --without-http_gzip_module
Make 過程報錯
cms.pod around line 457: Expected text after =item, not a number
cms.pod around line 461: Expected text after =item, not a number
cms.pod around line 465: Expected text after =item, not a number
cms.pod around line 470: Expected text after =item, not a number
cms.pod around line 474: Expected text after =item, not a number
原因是nginx 調用了openssl的man包,而我們安裝openssl的過程中用的是make install_sw 命令,沒有安裝man包。報錯。
https://askubuntu.com/questions/454575/error-255-when-trying-to-install-openssl-1-0-1g-from-source
找到合適的openssl版本,重新安裝.
sudo patch -p1 < /home/guo/Downloads/nginx_tcp_proxy_module-master/tcp_1_8.patch
sudo ./configure --add-module=/home/guo/Downloads/nginx_tcp_proxy_module-master --without-http_rewrite_module --with-openssl=/home/guo/Downloads/openssl-1.0.2g --without-http_gzip_module
搞定!!
nginx tcp 配置和測試
tcp {
upstream cluster {
# simple round-robin
server localhost:9200;
#server 192.168.0.2:80;
check interval=3000 rise=2 fall=5 timeout=1000;
#check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello;
#check interval=3000 rise=2 fall=5 timeout=1000 type=http;
#check_http_send "GET / HTTP/1.0\r\n\r\n";
#check_http_expect_alive http_2xx http_3xx;
}
server {
listen 8888;
proxy_pass cluster;
}
}
通過9200端口可以訪問本地的ES系統:
curl -XGET 'localhost:9200/_cat/health?v&pretty'
正常訪問。
通過8888端口訪問本地的ES系統:
curl -XGET 'localhost:8888/_cat/health?v&pretty'
正常訪問。查看日誌文件,有一次端口轉發記錄。
其實從1.9版本開始,Nginx自帶Tcp反向代理處理模塊。
stream{
upstream backend{
hash $remote_addr consistent;
server 127.0.0.1:7397 max_fails=3 fail_timeout=10s;
server 127.0.0.1:7398 max_fails=3 fail_timeout=10s;
}
server{
listen 1268 ssl;
ssl_certificate /home/guogangj/certs/cert1268.pem;
ssl_certificate_key /home/guogangj/certs/key1268.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
proxy_connect_timeout 20s;
proxy_timeout 5m;
proxy_pass backend;
}
}