1、編譯安裝
$ yum -y install proc* openssl* pcre*
$ tar zxvf nginx-1.12.2.tar.gz
$ cd nginx-1.12.2
$ ./configure --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module
$ make
$ make install
2 、配置stream模塊
stream模塊必需在nginx.conf中配置
worker_processes 1;
events {
worker_connections 1024;
}
# 此爲TCP轉發請求 stream
stream {
# 後端指向 server 的 8085 端口 stream_backend 組
upstream stream_backend {
server 10.50.2.11:8085;
server 10.50.2.19:8085;
}
upstream dns {
server 192.168.0.1:53;
server dns.example.com:53;
}
server {
listen 443 ssl;
proxy_pass stream_backend;
# 指定key 和 crt 地址
ssl_certificate /etc/ssl/certs/my.crt;
ssl_certificate_key /etc/ssl/certs/my.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
ssl_handshake_timeout 30s;
}
server {
listen 127.0.0.1:53 udp;
proxy_responses 1;
proxy_timeout 20s;
proxy_pass dns;
}
}
3、啓動Nginx
sbin/nginx -c conf/nginx.conf
4、查看端口是不是出於監聽中
netstat -anp|grep 53
5、轉發消息測試