• nginx 的四层代理


    需要编译四层模块

    [root@python vhast]# cd ~/nginx-1.15.9/
    [root@python nginx-1.15.9]# ./configure --prefix=/data/web --sbin-path=/usr/bin --user=nginx --group=nginx --with-http_stub_status_module --with-http_auth_request_module --with-http_sub_module --add-module=/root/nginx-http-concat --with-http_addition_module --with-http_secure_link_module --with-http_geoip_module  --with-http_ssl_module  --add-module=/root/ngx_cache_purge  --with-http_slice_module   --with-http_v2_module  --with-stream
    [root@python nginx-1.15.9]# make
    [root@python nginx-1.15.9]# mv /usr/bin/nginx{,.07.19.11.53}
    [root@python nginx-1.15.9]# cp objs/nginx /usr/bin/
    [root@python nginx-1.15.9]# cd /data/web/conf/vhast/  

         模块

    Syntax: stream { ... }
    Default: —
    Context: main
    
    
    Syntax: server { ... }
    Default: —
    Context: stream
    
    
    Syntax: listen address:port [ssl] [udp] [proxy_protocol] [backlog=number] [rcvbuf=size] [sndbuf=size] 
    [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
    Default: —
    Context: server
    

      传输层相关的变量

    return模块
    Syntax: return value;
    Default: —
    Context: server

    修改配置

    [root@python vhast]# cat ../nginx.conf
    
    #user  nobody;
    worker_processes  1;
    
    #error_log  logs/error.log;
    #error_log  logs/error.log  notice;
    #error_log  logs/error.log  info;
    
    #pid        logs/nginx.pid;
    
    
    events {
        worker_connections  1024;
    }
    
    
        include  /data/web/conf/vhast/siceng.con;  
    
    
    [root@python vhast]# cat siceng.con 
    stream {	
    	error_log logs/stream_error.log debug;
    	server {
    		listen 10002 proxy_protocol;
    		return '10002 server git ip: $remote_addr!
    ';
    	}
    	server {
    		listen 10003 proxy_protocol;
    		return '10003 server git ip: $remote_addr!
    ';
    	}
    	server {
    		listen 10004;
    		#listen 10004 proxy_protocol;
    		return '10004  vars:
    bytes_received: $bytes_received
    bytes_sent: $bytes_sent
    proxy_protocol_addr: $proxy_protocol_addr
    proxy_protocol_port: $proxy_protocol_port
    remote_addr: $remote_addr
    remote_port: $remote_port
    server_addr: $server_addr
    server_port: $server_port
    session_time: $session_time
    status : $status
    binary_remote_addr: $binary_remote_addr
    ';
    	}
    
    }
    

      测试

    [root@python ~]# telnet localhost 10004
    Trying ::1...
    telnet: connect to address ::1: Connection refused
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    10004  vars:
    bytes_received: 0
    bytes_sent: 0
    proxy_protocol_addr: 
    proxy_protocol_port: 
    remote_addr: 127.0.0.1
    remote_port: 34218
    server_addr: 127.0.0.1
    server_port: 10004
    session_time: 0.000
    status : 000
    binary_remote_addr: 
    Connection closed by foreign host.
    

      

    proxy_protocol 协议
     

    读取proxy_protocol协议的超时控制

     
    Syntax: proxy_protocol_timeout timeout;
    Default: proxy_protocol_timeout 30s; 
    Context: stream, server
    

    stream 的proxy_protocol 协议处理流程

    配置

    [root@python vhast]# cat siceng.con 
    stream {	
    	error_log logs/stream_error.log debug;
    	server {
    		listen 10002 proxy_protocol;
    		return '10002 server git ip: $remote_addr!
    ';
    	}
    	server {
    		listen 10003 proxy_protocol;
    		return '10003 server git ip: $remote_addr!
    ';
    	}
    	server {
    		#listen 10004;
    		listen 10004 proxy_protocol;
    		return '10004  vars:
    bytes_received: $bytes_received
    bytes_sent: $bytes_sent
    proxy_protocol_addr: $proxy_protocol_addr
    proxy_protocol_port: $proxy_protocol_port
    remote_addr: $remote_addr
    remote_port: $remote_port
    server_addr: $server_addr
    server_port: $server_port
    session_time: $session_time
    status : $status
    binary_remote_addr: $binary_remote_addr
    ';
    	}
    
    }
    

      测试

    [root@python vhast]# telnet 127.0.0.1 10004
    Trying 127.0.0.1...
    Connected to 127.0.0.1.
    Escape character is '^]'.
    PROXY TCP4 202.112.144.236 10.210.10 5678 80
    Connection closed by foreign host.  #手动输入后敲回车
    10004  vars:
    bytes_received: 0
    bytes_sent: 0
    proxy_protocol_addr: 202.112.144.236
    proxy_protocol_port: 5678
    remote_addr: 127.0.0.1
    remote_port: 34224
    server_addr: 127.0.0.1
    server_port: 10004
    session_time: 8.258
    status : 000
    binary_remote_addr: 
    Connection closed by foreign host.
    

      配置

    [root@python vhast]# cat siceng.con 
    stream {	
    	error_log logs/stream_error.log debug;
    	server {
    		listen 10002 proxy_protocol;
    		return '10002 server git ip: $remote_addr!
    ';
    	}
    	server {
    		listen 10003 proxy_protocol;
    		return '10003 server git ip: $remote_addr!
    ';
    	}
    	server {
    		#listen 10004;
    		listen 10004 proxy_protocol;
    		set_real_ip_from 127.0.0.1;
    		return '10004  vars:
    bytes_received: $bytes_received
    bytes_sent: $bytes_sent
    proxy_protocol_addr: $proxy_protocol_addr
    proxy_protocol_port: $proxy_protocol_port
    remote_addr: $remote_addr
    remote_port: $remote_port
    server_addr: $server_addr
    server_port: $server_port
    session_time: $session_time
    status : $status
    binary_remote_addr: $binary_remote_addr
    ';
    	}
    
    }
    

      测试

    [root@python vhast]# telnet 127.0.0.1 10004
    Trying 127.0.0.1...
    Connected to 127.0.0.1.
    Escape character is '^]'.
    PROXY TCP4 202.112.144.236 10.210.10 5678 80
    Connection closed by foreign host.
    10004  vars:
    bytes_received: 0
    bytes_sent: 0
    proxy_protocol_addr: 202.112.144.236
    proxy_protocol_port: 5678
    remote_addr: 202.112.144.236
    remote_port: 5678
    server_addr: 127.0.0.1
    server_port: 10004
    session_time: 5.803
    status : 000
    binary_remote_addr: 
    Connection closed by foreign host.
    

      四层限制客户端IP0

    [root@python vhast]# cat siceng.con 
    stream {	
    	log_format bash '$remote_addr [$time_local]'
    		'$protocol $status $bytes_sent $bytes_received'
    		'$session_time';
    	error_log logs/stream_error.log debug;
    	access_log logs/siceng.log bash;
    	
    	server {
    		listen 10002 proxy_protocol;
    		return '10002 server git ip: $remote_addr!
    ';
    	}
    	server {
    		listen 10003 proxy_protocol;
    		return '10003 server git ip: $remote_addr!
    ';
    	}
    	server {
    		listen 10004;
    		#listen 10004 proxy_protocol;
    		set_real_ip_from 127.0.0.1;
    		allow 192.168.183.4;
    		deny all;
    		return '10004  vars:
    bytes_received: $bytes_received
    bytes_sent: $bytes_sent
    proxy_protocol_addr: $proxy_protocol_addr
    proxy_protocol_port: $proxy_protocol_port
    remote_addr: $remote_addr
    remote_port: $remote_port
    server_addr: $server_addr
    server_port: $server_port
    session_time: $session_time
    status : $status
    binary_remote_addr: $binary_remote_addr
    ';
    	}
    
    }
    

      测试

    [root@python vhast]# telnet  127.0.0.1 10004
    Trying 127.0.0.1...
    Connected to 127.0.0.1.
    Escape character is '^]'.
    Connection closed by foreign host.
    [root@python vhast]# tail -f ../../logs/siceng.log 
    127.0.0.1 [19/Jul/2019:04:02:03 +0800]TCP 403 0 00.000
    127.0.0.1 [19/Jul/2019:04:02:53 +0800]TCP 403 0 00.000
    

      修改配置

    [root@python vhast]# cat siceng.con 
    stream {	
    	log_format bash '$remote_addr [$time_local]'
    		'$protocol $status $bytes_sent $bytes_received'
    		'$session_time';
    	error_log logs/stream_error.log debug;
    	access_log logs/siceng.log bash;
    	
    	server {
    		listen 10002 proxy_protocol;
    		return '10002 server git ip: $remote_addr!
    ';
    	}
    	server {
    		listen 10003 proxy_protocol;
    		return '10003 server git ip: $remote_addr!
    ';
    	}
    	server {
    		#listen 10004;
    		listen 10004 proxy_protocol;
    		set_real_ip_from 127.0.0.1;
    		allow 192.168.183.4;
    		deny all;
    		return '10004  vars:
    bytes_received: $bytes_received
    bytes_sent: $bytes_sent
    proxy_protocol_addr: $proxy_protocol_addr
    proxy_protocol_port: $proxy_protocol_port
    remote_addr: $remote_addr
    remote_port: $remote_port
    server_addr: $server_addr
    server_port: $server_port
    session_time: $session_time
    status : $status
    binary_remote_addr: $binary_remote_addr
    ';
    	}
    
    }
    

      测试

    [root@python vhast]# telnet  127.0.0.1 10004
    Trying 127.0.0.1...
    Connected to 127.0.0.1.
    Escape character is '^]'.
    PROXY TCP4 192.168.183.4 10.210.10 5678 80
    
    10004  vars:
    bytes_received: 0
    bytes_sent: 0
    proxy_protocol_addr: 192.168.183.4
    proxy_protocol_port: 5678
    remote_addr: 192.168.183.4
    remote_port: 5678
    server_addr: 127.0.0.1
    server_port: 10004
    session_time: 12.731
    status : 000
    binary_remote_addr: (· 
    Connection closed by foreign host
    

      四层反代里

    上游
    server {
    	error_log logs/ssl-error.log debug;
    	server_name "";
    	listen 9001 proxy_protocol;  只处理proxy_protocol请求
    	location /{
    		return 200 'hjjjuuyuu
    ';
    	}
       四层代理
    	server {
    		listen 4453;
    		proxy_pass 127.0.0.1:9001;
    		proxy_protocol on;  添加proxy_protocol协议头部
    	}
    

      测试

    [root@python vhast]# curl 127.0.0.1:4453/
    hjjjuuyuu
    

      配置

    	server {
    		listen 4453;
    		proxy_pass 127.0.0.1:9001;
    		#proxy_protocol on;
    	}
    

      测试

    [root@python vhast]# curl 127.0.0.1:4453/
    curl: (7) Failed connect to 127.0.0.1:4453; 拒绝连接
    

      udp反向代理

    	server {
    		listen 4436 udp;
    		proxy_pass 127.0.0.1:9999;
    		proxy_requests 1;
    		proxy_responses 2;
    		proxy_timeout 2s;
    		access_log logs/udp.log bash;
    		#proxy_protocol on;
    	}
    

      透传IP

      

     
    草都可以从石头缝隙中长出来更可况你呢
  • 相关阅读:
    2018 北京区域赛H
    LeetCode 第 207 场周赛
    LeetCode 第 209 场周赛
    LeetCode 第 211 场周赛
    PAT 甲级真题题解(121-155)
    PAT 甲级真题题解(63-120)
    PAT 甲级真题题解(1-62)
    Codeforces 1108E2 Array and Segments (Hard version)(差分+思维)
    Codeforces 1108F MST Unification(最小生成树性质)
    Codeforces 1092C Prefixes and Suffixes(思维)
  • 原文地址:https://www.cnblogs.com/rdchenxi/p/11215143.html
Copyright © 2020-2023  润新知