以前一般代理tcp时候,都选用haproxy。nginx 1.9 之后,就多了一个选择。可以使用nginx做代理。这样大家也不用重新去熟悉haproxy。
tcp 代理本质是 端口到端口映射转发,比较简单。没有http层代理那么复杂。我一般用来代理https,大家都知道,以前使用nginx 代理https要配置证书等各种琐事。然而对于tcp层来说,没有证书一说。纯粹转发简单干净的配置,非常的爽; 当然有时候也用tcp替换http层代理。原因是tcp代理配置更加简单,性能也更高。

一、nginx 下载安装

方式一:下载地址:http://nginx.org/en/download.html
方式二:通过rpm包安装

1、添加安装源,在/etc/yum.repos.d底下创建文件nginx.repo

  1. [nginx]
  2. name=nginx repo
  3. baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
  4. gpgcheck=0
  5. enabled=1
如果是ubuntu
添加安装源 /etc/apt/sources.list.d/nginx.list, 文件内容为
  1. deb http://nginx.org/packages/ubuntu/ xenial nginx
  2. deb-src http://nginx.org/packages/ubuntu/ xenial nginx


2、安装nginx


  1. #yum clean all
  2. #yum install nginx

如果是ubuntu
  1. #sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys $key
    #
    sudo apt-get update
    #
    sudo apt-get install nginx

3、查看安装路径和版本


  1. #whereis nginx
  2. #/usr/sbin/nginx -v
  3. nginx version: nginx/1.10.1
4、查看缺省配置文件路径

  1. #/usr/sbin/nginx -h
  2. -c filename : set configuration file (default: /etc/nginx/nginx.conf)

二、nginx配置

1、目录规划

  1. mkdir -p /opt/service/nginx/conf
  2. mkdir -p /opt/logs/nginx
  3. cd /opt/service/nginx
  4. ln -s /usr/sbin/nginx
  5. ln -s /opt/logs/nginx log
/opt/service/nginx/
├── conf
├── log -> /opt/logs/nginx
└── nginx -> /usr/sbin/nginx

2、配置nginx.conf

  1. user nginx;
  2. worker_processes 16;
  3. worker_rlimit_nofile 100000;
  4. error_log /opt/service/nginx/log/error.log error;
  5. pid /opt/service/nginx/nginx.pid;

  6. events {
  7.     use epoll;
  8.     worker_connections 10240;
  9. }
  10. include /opt/service/nginx/conf/*.conf;
3、配置tcp 代理 
/opt/service/nginx/conf/nginx_tcp_proxy.conf


  1. stream {
  2. #---------------------------------------------------------------------
  3. # tcp 代理
  4. #---------------------------------------------------------------------
  5. upstream weixin_proxy {
  6. hash $remote_addr consistent;
  7. server wx.qq.com:443 weight=1 max_fails=3 fail_timeout=60s;
  8. }
  9. server {
  10. listen 443;
  11. proxy_connect_timeout 10s;
  12. proxy_pass weixin_proxy;
  13. proxy_buffer_size 64k;
  14. }
  15. }

三、启动维护nginx

1、编辑 nginx.sh

  1. #!/bin/sh
  2. # description:nginx server
  3. # nginx - this script is used to control nginx service
  4. # processname nginx
  5. # nginx version: nginx/1.10.1
  6.  
  7. nginx="/usr/sbin/nginx"
  8. prog="nginx"
  9. conf_file="/etc/nginx/nginx.conf"
  10.  
  11. start() {
  12.     if [ `pgrep $prog | wc -l` -eq 2 ];then
  13.         if [ -x $nginx ] && [ -f $conf_file ];then
  14.             $nginx -c $conf_file
  15.             ret=$?
  16.             if [ $ret -eq 0 ];then
  17.                 echo "$prog start successed"
  18.             else
  19.                 echo "$prog start failed"
  20.             fi
  21.         else
  22.             echo "$prog config file not exist"
  23.         fi
  24.     else
  25.         num=`pgrep $prog `
  26.         echo "$prog is already started ... $num "
  27.     fi
  28. }
  29.  
  30.  
  31. stop() {
  32.     if [ `pgrep $prog | wc -l` -ne 2 ];then
  33.         killall -9 $prog
  34.         ret=$?
  35.         if [ $ret -eq 0 ];then
  36.             echo "$prog stop successed"
  37.         else
  38.             echo "$prog stop failed"
  39.         fi
  40.     else
  41.         echo "$prog is already stopped ..."
  42.     fi
  43. }
  44.  
  45. restart() {
  46.     stop
  47.     sleep 2
  48.     start
  49. }
  50.  
  51. reload() {
  52.     if [ `pgrep $prog | wc -l` -ne 0 ];then
  53.         pid=`ps -ef | grep $prog | grep master | awk '{print $2}'`
  54.         if [ -x $nginx ] && [ -f $conf_file ];then
  55.             kill -HUP $pid
  56.             ret=$?
  57.             if [ $ret -eq 0 ];then
  58.                 echo "$prog reload successed"
  59.             else
  60.                 echo "$prog reload failed"
  61.             fi
  62.         else
  63.             echo "$prog config file is not exist"
  64.         fi
  65.     else
  66.         echo "$prog is stopped, please start $prog first ..."
  67.     fi
  68. }
  69.  
  70. check() {
  71.     if [ -x $nginx ] && [ -f $conf_file ];then
  72.         $nginx -t -c $conf_file
  73.         ret=$?
  74.         if [ $ret -eq 0 ];then
  75.             echo "$prog check successed"
  76.         else
  77.             echo "$prog check failed"
  78.         fi
  79.     else
  80.         echo "$prog program or config file not exit!"
  81.     fi
  82. }
  83.  
  84. case $1 in
  85.     start)
  86.         start
  87.         ;;
  88.     stop)
  89.         stop
  90.         ;;
  91.     restart)
  92.         restart
  93.         ;;
  94.     reload)
  95.         reload
  96.         ;;
  97.     check)
  98.         check
  99.         ;;
  100.     *)
  101.         echo "Usage: $0 {start|stop|restart|reload|check}"
  102. esac


2、启动 nginx.sh

  1. chmod a+rwx nginx.sh
  2. ./nginx.sh restart

整个目录结构如下

  1. # ll
  2. total 8
  3. drwxr-xr-x 2 root root 33 Dec 21 17:16 conf
  4. lrwxrwxrwx 1 root root 15 Dec 21 17:00 log -> /opt/logs/nginx
  5. lrwxrwxrwx 1 root root 15 Dec 21 16:59 nginx -> /usr/sbin/nginx
  6. -rw-r--r-- 1 root root 6 Dec 21 17:21 nginx.pid
  7. -rwxrwxrwx 1 root root 2172 Dec 21 17:20 nginx.sh

问题:
当代理的后端是域名的时候,域名的dns发生变化。nginx并不知道。看文档nginx提供了定时刷新dns的功能,但是我配置好像没有起到作用。
在 nginx.conf 尾部加上这个配置
    resolver  100.100.2.136 valid=1s;
    include /etc/nginx/nginx_vhost/*.conf;



10-07 17:38