最近公司搞socket代理,並對其壓力測試。我對LVS配置了之後,效果還可以。後來尋找其他代理軟件時,發現Nginx添加對於tcp反向代理支持的模塊並支持對後端服務進行健康檢查。所以簡單的翻譯了下,並對配置整理下。以作備用!
Nginx的安裝與配置(http反向代理這裏就不贅述了)
直接敷上tcp反向代理模塊的配置,並附註釋:
Name
nginx_tcp_proxy_module - support TCP proxy with Nginx
下載該模塊:
https://github.com/yaoweibin/nginx_tcp_proxy_module/downloads
安裝須安裝nginx_tcp_proxy_module這個模塊:
$ tar -xzvf nginx-1.2.1.tar.gz
$ cd nginx-1.2.1/
$ patch -p1 < /path/to/nginx_tcp_proxy_module/tcp.patch##打補丁讓其支持tcp_proxy
$ ./configure --add-module=/path/to/nginx_tcp_proxy_module
$ make
$ make install
Nginx.conf文件中的配置內容如下(主要包含兩大塊http和tcp。其中,http支持web應用反向代理,tcp支持tcp反向代理):
http {
server {
listen 80;
location /status {
check_status;
}
}
}
############上半部分是對於http反向代理服務器的配置,下面是對tcp反向代理的配置############
tcp {
upstream cluster {
# simple round-robin(這裏應該是一個調度算法吧,和lvs裏面的rr一個作用)
server 192.168.0.1:80;
server 192.168.0.2:80;
check interval=3000 rise=2 fall=5 timeout=1000;(健康檢查,這個下面有具體解釋)
#check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello;
#check interval=3000 rise=2 fall=5 timeout=1000 type=http;
#check_http_send "GET / HTTP/1.0\r\n\r\n";
#check_http_expect_alive http_2xx http_3xx;
}
server {
listen 8888;(tcp反向代理監聽端口,注意不能和http共用一個端口)
proxy_pass cluster;
}
}
到此就配置完畢,以下是解說:
Description
This module actually include many modules: ngx_tcp_module,
ngx_tcp_core_module, ngx_tcp_upstream_module, ngx_tcp_proxy_module,
ngx_tcp_websocket_module, ngx_tcp_ssl_module,
ngx_tcp_upstream_ip_hash_module. All these modules work together to
support TCP proxy with Nginx. I also added other features: ip_hash,
upstream server health check, status monitor.
The motivation of writing these modules is Nginx's high performance and
robustness. At first, I developed this module just for general TCP
proxy. And now, this module is frequently used in websocket reverse
proxying.
Note, You can't use the same listening port with HTTP modules!
針對tcp反向代理,後端各服務器的健康檢查:
check
syntax: *check interval=milliseconds [fall=count] [rise=count]
[timeout=milliseconds] [type=tcp|ssl_hello|smtp|mysql|pop3|imap]*
default: *none, if parameters omitted, default parameters are
interval=30000 fall=5 rise=2 timeout=1000*
context: *upstream*
description: Add the health check for the upstream servers. At present,
the check method is a simple tcp connect.
The parameters' meanings are:
* *interval*: the check request's interval time.
* *fall*(fall_count): After fall_count check failures, the server is
marked down.#在檢查失效fall_count次數後,纔將後端服務器標識爲失效的服務器
* *rise*(rise_count): After rise_count check success, the server is
marked up.#同理,檢查rise_count次數之後,纔將後端服務器列爲失效服務器
* *timeout*: the check request's timeout.#檢查請求超時時間
* *type*: the check protocol type:#檢查協議類型
1. *tcp* is a simple tcp socket connect and peek one byte.
2. *ssl_hello* sends a client ssl hello packet and receives the
server ssl hello packet.
3. *http* sends a http request packet, receives and parses the http
response to diagnose if the upstream server is alive.
4. *smtp* sends a smtp request packet, receives and parses the smtp
response to diagnose if the upstream server is alive. The
response begins with '2' should be an OK response.
5. *mysql* connects to the mysql server, receives the greeting
response to diagnose if the upstream server is alive.
6. *pop3* receives and parses the pop3 response to diagnose if the
upstream server is alive. The response begins with '+' should be
an OK response.
7. *imap* connects to the imap server, receives the greeting
response to diagnose if the upstream server is alive
上述信息,是從模塊開發者網站轉載過來的。原文,請查看https://github.com/yaoweibin/nginx_tcp_proxy_module