源码安装Nginx加TCP反向代理模块

说明：

安装方式是源码编译安装，因此先安装相关依赖，否则报错。

 yum -y install gcc* patch openssl openssl-devel

安装步骤：

    下载nginx源码包：
wget http://nginx.org/download/nginx-1.2.9.tar.gz
    下载插件源码包：
wget https://codeload.github.com/chobits/ngx_http_proxy_connect_module/zip/master -O ngx_http_proxy_connect.zip
    解压nginx源码包：
tar -zxvf nginx-1.15.5.tar.gz
    解压nginx插件源码包：
unzip ngx_http_proxy_connect.zip -d ./
    添加插件补丁：先进入nginx的源码包，cd nginx-1.2.9，然后运行下面命令：
    patch -p1 < ../ngx_http_proxy_connect_module-master/patch/proxy_connect_rewrite_1015.patch
    patch -p1 < ../nginx_tcp_proxy_module-master/tcp.patch
    运行配置nginx：
./configure --with-http_ssl_module  --add-module=../ngx_http_proxy_connect_module-master/ --add-module=../nginx_tcp_proxy_module-master/ --without-http_rewrite_module
    编译及安装：
make && make install

默认安装的路径是：/usr/local/nginx

将文档中提供的nginx.conf放置到安装好的conf目录下，

启动：./sbin/nginx

关闭：./sbin/nginx -s quit

平滑重启：./sbin/nginx -s reload

参考配置：

#user  nobody;
worker_processes  1;

error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {

	#正向代理
    server {
		#正向代理的端口
		listen       9080;
		#dns，支持配置多个
		resolver  132.29.29.29;
		#开启插件支持https tunnel
		#proxy_connect;
		#proxy_connect_allow 443;
		#proxy_connect_connect_timeout 10s;
		#proxy_connect_read_timeout 40s;
		#proxy_connect_send_timeout 40s;
		#location / {
		#	proxy_pass http://$host;
		#	proxy_set_header Host $host;
		#	proxy_buffers 256 4k;
		#	proxy_max_temp_file_size 0;
		#}
    }

	#反向代理上游服务器-反向代理tpp-zuul-pre,支持配置多个
	upstream srv_tpp-zuul-pre {
		ip_hash;
		server 172.168.168.108:80;
		server 172.168.168.114:80;
	}
    
	#反向代理
	server {
		listen 8080;
		listen 443 ssl;
		#ssl on;
		ssl_certificate 1613208__hcepay.com.pem;
		ssl_certificate_key 1613208__hcepay.com.key;
		ssl_session_timeout 5m;
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_prefer_server_ciphers on;
		server_name 127.0.0.1;
		location / {
			proxy_pass http://srv_tpp-zuul-pre;
		}
	}
	upstream srv_fama                     
	{
	ip_hash;                               
	server 172.168.168.112:8080;
	server 172.168.168.119:8080;
	}
		server {
			listen       8081;
			server_name  127.0.0.1;
			location / {
				proxy_redirect off;
				proxy_set_header Host $host;
				proxy_set_header X-Real-IP $remote_addr;
				proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;
				proxy_pass http://srv_fama;
			}
		}
	upstream srv_acc-pre                     
	{
	ip_hash;                               
	server 172.168.168.107:8764;
	server 172.168.168.113:8764;
	}
		server {
			listen       8764;
			server_name  127.0.0.1;
			location / {
				proxy_redirect off;
				proxy_set_header Host $host;
				proxy_set_header X-Real-IP $remote_addr;
				proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;
				proxy_pass http://srv_acc-pre;
			}
		}	
	upstream srv_redis                     
	{
	ip_hash;                               
	server 172.168.168.119:7000;
	server 172.168.168.119:7001;
	server 172.168.168.119:7002;
	server 172.168.168.119:7003;
	server 172.168.168.119:7004;
	server 172.168.168.119:7005;
	}
		server {
			listen       6379;
			server_name  127.0.0.1;
			location / {
				proxy_redirect off;
				proxy_set_header Host $host;
				proxy_set_header X-Real-IP $remote_addr;
				proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;
				proxy_pass http://srv_redis;
			}
		}
}

tcp {
        upstream srv_tpp-webgate {
		ip_hash;
                server 172.168.168.108:5001;
                server 172.168.168.114:5001;
                check interval=3000 rise=2 fall=5 timeout=1000;
        }
        server {
                listen 5001;
                proxy_pass srv_tpp-webgate;

                tcp_nodelay on;
        }

}

安装参考：

http://nginx.org/en/docs/configure.html   

https://github.com/chobits/ngx_http_proxy_connect_module