背景
有时候内网的服务器需要把服务提供给外网访问,但是这个内网的服务器没有公网ip,所以可以在一台有公网ip的nginx服务器配置TCP请求转发,把内网服务的端口映射出来到公网
Nginx配置TCP转发
1.编译安装 stream 组件
如果你的nginx为源码编译,需要增加一下编译参数
./configure --with-stream
如果你的nginx为yum直接安装的,需要检查相关编译参数是否含有–with-stream
如下的 –with-stream=dynamic
/usr/sbin/nginx -V
nginx version: nginx/1.20.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.1.1g FIPS 21 Apr 2020 (running with OpenSSL 1.1.1k FIPS 25 Mar 2021)
TLS SNI support enabled
configure arguments:
--prefix=/usr/share/nginx
--sbin-path=/usr/sbin/nginx
--modules-path=/usr/lib64/nginx/modules
--conf-path=/etc/nginx/nginx.conf
...
--with-stream=dynamic
...
2.配置TCP转发
TCP转发主配置文件
添加与http同级配置
如下的 TCP请求转发
include /etc/nginx/tcp.d/*.conf;
cat /etc/nginx/nginx.conf
For more information on configuration, see:
* Official English Documentation: http://nginx.org/en/docs/
* Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 51024;
}
#TCP请求转发
include /etc/nginx/tcp.d/*.conf;
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#log_format gitlab_access '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent" $gzip_ratio';
#log_format gitlab_mattermost_access '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent" $gzip_ratio';
access_log /var/log/nginx/access.log main;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/upstreams/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
return 404; #不存在的域名返回值
#rewrite ^.*$ http://www.baidu.com/ last;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
创建存放配置目录
mkdir -p /etc/nginc/tcp.d/
TCP转发子配置文件
cat /etc/nginx/tcp.d/stream.conf
#麦穗
stream {
# 添加socket转发的代理
upstream socket_proxy {
hash $remote_addr consistent;
# 转发的目的地址和端口
server 10.40.0.103:5050 weight=5 max_fails=3 fail_timeout=30s;
}
# 提供转发的服务,即访问localhost:5050,会跳转至代理socket_proxy指定的转发地址
server {
listen 5050;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass socket_proxy;
}
}
Original: https://www.cnblogs.com/linuxshare/p/16590807.html
Author: 爱折腾的大臭臭
Title: Nginx配置TCP请求转发
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/573852/
转载文章受原作者版权保护。转载请注明原作者出处!