kk Blog —— 通用基础


date [-d @int|str] [+%s|"+%F %T"]
netstat -ltunp
sar -n DEV 1

nginx 四层转发配置

nginx rpm: http://nginx.org/packages/mainline/centos/7/x86_64/RPMS/

nginx source: http://nginx.org/en/download.html

nginx stream: http://nginx.org/en/docs/stream/ngx_stream_core_module.html

http://www.52devops.com/chuck/1153.html

一、nginx四层代理

Nginx 1.9.0 开发版发布,该版本增加了 stream module 用于一般的 TCP 代理和负载均衡。

三、nginx四层代理实战

3.1编译安装nginx

编译安装nginx需指定–with-stream参数

1
2
[root@linux-node1 nginx-1.9.12]#./configure --prefix=/usr/local/nginx-1.9.12 --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-stream
[root@linux-node1 nginx-1.9.12]#make && make install
3.2 使用nginx实现ssh四层代理

编辑nginx配置文件并启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@linux-node1 conf]# vim nginx.conf
worker_processes  1;
events {
    worker_connections  1024;
}
stream {  #类似于7层的http段
    upstream ssh_proxy {
        hash $remote_addr consistent;
        server 192.168.56.11:22;
        server 192.168.56.12:22;
    }
    server {
        listen 2222;
        proxy_connect_timeout 1s;
        proxy_timeout 300s;
        proxy_pass ssh_proxy;
    }
}
[root@linux-node1 conf]# ../sbin/nginx
[root@linux-node1 conf]# netstat -lntup|grep nginx
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      61127/nginx: master

连接ssh,从结果看把请求抛向了linux-node2的ssh

1
2
3
4
[root@linux-node1 conf]# ssh -p 2222 root@192.168.56.11
root@192.168.56.11's password:
Last login: Sun Mar  6 17:29:42 2016 from linux-node1.example.com
[root@linux-node2 ~]# Connection to 192.168.56.11 closed by remote host.

tools, nginx

« lvs fwmark 模式 editcap: pcap文件的合并和分隔 »