Nginx支持socket转发

有个接口是通过socket通信,对端服务器访问存在IP限制,只好通过跳板机,因为它具备访问对端服务器的权限。nginx1.9开始支持tcp层的转发,通过stream实现的,而socket也是基于tcp通信。

一.实现过程:

1.安装nginx,stream模块默认不安装的,需要手动添加参数:–with-stream,官方下载地址:download,根据自己系统版本选择nginx1.9或以上版本。

2.nginx.conf 配置,参考说明:ngx_stream_core_module

nginx.conf

user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
.................
}

# tcp层转发的配置文件夹

include /etc/nginx/tcp.d/*.conf;

请注意,stream配置不能放到http内,即不能放到/etc/nginx/conf.d/,因为stream是通过tcp层转发,而不是http转发。

如配置在http内,启动nginx会报如下错误:

nginx: [emerg] "server" directive is not allowed here

3.在tcp.d下新建个bss_num_30001.conf文件,内容如下:

stream {
    # 添加socket转发的代理
    upstream bss_num_socket {
        hash $remote_addr consistent;
        # 转发的目的地址和端口
        server 130.51.11.33:19001 weight=5 max_fails=3 fail_timeout=30s;
    }

    # 提供转发的服务,即访问localhost:30001,会跳转至代理bss_num_socket指定的转发地址
    server {
       listen 30001;
       proxy_connect_timeout 1s;
       proxy_timeout 3s;
       proxy_pass bss_num_socket;
    }
}

4.重启nginx,访问localhost:30001,会跳转到bss_num_socket指定的转发地址130.51.11.33:19001。

 

二.报错处理:
1.nginx: [emerg] unknown directive “stream ” 

nginx没有安装stream模块,configure时添加–with-stream

2./configure: error: the HTTP rewrite module requires the PCRE library

需要安装pcre,直接下载源码安装,PCRE下载

3.configure: error: You need a C++ compiler for C++ support

安装pcre时报错,缺少c++编译器,
redhat 运行命令

yum install -y gcc gcc-c++

ubuntu

sudo apt-get install build-essential

4.

Running rpm_check_debug 
Running Transaction Test

yum安装C++时一直卡在这里,本机之前挂载了nfs,但是nfs服务器挂掉,所以一直卡着,把nfs注释掉即可

#vim /etc/mtab

5.nginx error while loading shared libraries: libpcre.so.1:

nginx加载pcre时报错了

[root@localhost sbin]# ldd $(which /usr/local/nginx/sbin/nginx)
	linux-vdso.so.1 =>  (0x00007ffd6ce6a000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00000033d9a00000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00000033da200000)
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00000033e5600000)
	libpcre.so.1 => not found
	libz.so.1 => /lib64/libz.so.1 (0x00000033dae00000)
	libc.so.6 => /lib64/libc.so.6 (0x00000033d9e00000)
	/lib64/ld-linux-x86-64.so.2 (0x00000033d9600000)
	libfreebl3.so => /lib64/libfreebl3.so (0x00000033e5a00000)
[root@localhost sbin]#

可知libpcre.so.1 => not found;
系统安装的pcre的lib一般在/lib或者lib64,源码编译安装的在/usr/local/lib或者/usr/local/lib64
建个软连接即可,因为本机是linux 64位,所以nginx读取的是/lib64下面的pcre的lib包,运行一下命令

ln -s /usr/local/lib/libpcre.so.1 /lib64/

6./configure: error: the HTTP gzip module requires the zlib library.

缺少zlib扩展
Ubuntu运行

sudo apt-get insatll zlib1g-dev

redhat 运行

yum install -y zlib-devel

7.启动nginx服务提示98: Address already in use

重启nginx服务提示错误如下:

Starting nginx: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

问题描述:地址已被使用。可能nginx服务卡死了,导致端口占用,出现此错误。

解决方法:首先用lsof -i :80看下80端口被什么程序占用。lsof返回结果如下:

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 3274 root 6u IPv4 10664 0t0 TCP *:http (LISTEN)
nginx 3547 nginx 6u IPv4 10664 0t0 TCP *:http (LISTEN)

发现是nginx程序,所以我们把nginx服务k掉,重新启动服务。命令如下:

kill -9 3274
kill -9 3547
service nginx start
Starting nginx:                                            [  OK  ]

OK了,服务成功启动。

1 Comment

  1. Alan Author 十二月 3, 2017 (5:34 下午)

    Syntax: proxy_timeout timeout;
    Default:
    proxy_timeout 10m;
    Context:stream, server
    Sets the timeout between two successive read or write operations on client or proxied server connections. If no data is transmitted within this time, the connection is closed.

Leave a Comment