After version 1.9, nginx can act as a port forwarding function, that is, to access the specified port of the server, nginx can act as a port forwarding function to direct traffic to another server, and obtain the return data of the target server and return it to the requester.
The function of nginx's TCP proxy is different from that of nginx's reverse proxy: all traffic requesting the port will be forwarded to the target server, and in the reverse proxy, you can refine which requests are distributed to which servers; the other difference is that nginx's TCP proxy is not only limited to WEB URL requests, but also can forward point-to-point requests such as memcached and MySQL.
The implementation steps are as follows:
(1) nginx adds "– with stream" at compile time:
./configure –prefix=/usr/local/nginx –user=www –group=www –with-http_stub_status_module –with-pcre=/usr/local/src/pcre-8.38 –add-module=/usr/local/src/ngx_cache_purge-2.3 –with-http_gzip_static_module –with-stream Where / usr / local / SRC / NGX cache-2.3 is the directory after downloading NGX cache-2.3 /usr/local/src/pcre-8.38 is the directory after downloading pcre-8.38
(2) Modify nginx configuration file nginx.conf:
[root@tkde-iphone ~]# vim /usr/local/nginx/conf/nginx.conf user www www; worker_processes 32; pid logs/nginx.pid; events { #use epoll; #The most commonly used event trigger mechanism for Linux to support large concurrency worker_connections 65535; } stream { upstream zifangsky { hash $remote_addr consistent; server 10.10.100.31:8000; } server { listen 8080; proxy_connect_timeout 5s; proxy_timeout 5s; proxy_pass zifangsky; } } http { include mime.types; default_type application/octet-stream; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 9000; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } } }
In the above configuration file, when accessing port 8080 of the server, the traffic will be forwarded to port 8000 of the server 10.10.100.31
(3) Check whether to listen to the port:
[root@app01 nginx]# netstat -apn | grep 8080:
(4) Test connection target port:
[root@app01 nginx]# telnet 10.10.100.31 8000 Trying 10.10.100.31... Connected to 10.10.100.31. Escape character is '^]'.
(5) Test port 8080 connecting to nginx server on other clients:
[root@app05 ~]# telnet 192.168.1.30 8080 Trying 192.168.1.30... Connected to 192.168.1.30. Escape character is '^]'. Connection closed by foreign host.
Of course, the next step is to change the address of the original 10.10.100.31 connection to the nginx server on the client. If there is no problem with the service, the configuration is complete
The case of nginx configuring http protocol and tcp protocol profile
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }
#tcp protocol
stream { upstream test-server-sr { server 20.0.1.104:11000; } server { #so_keepalive=on to ensure connection continuity listen 12000 so_keepalive=on; #listen 12000; # proxy_connect_timeout 1s; # # proxy_timeout 3s; proxy_pass test-server; } } }
