昨天在公司微信群,CTO分享了这个消息,对运维来说以后基于TCP协议的后端业务的高可用又多了一个新的选择,实在是棒极了!一直以来,Nginx 并不支持tcp协议,所以后台的一些基于TCP的业务就只能通过其他高可用负载软件来完成了,比如Haproxy。
nginx-1.9.0 已发布,该版本增加了 stream 模块用于一般的 TCP 代理和负载均衡。
The ngx_stream_core_module module is available since version 1.9.0. This module is not built by default, it should be enabled with the --with-stream configuration parameter.
ngx_stream_core_module 这个模块在1.90版本后将被启用。但是并不会默认安装,需要在编译时通过指定 --with-stream 参数来激活这个模块。
其他改进包括:
Change: 删除过时的 aio 和 rtsig 事件处理方法
Feature: 可在 upstream 块中使用 "zone" 指令
Feature: 流模块,支持 TCP 代理和负载均衡
Feature: ngx_http_memcached_module 支持字节范围
Feature: Windows 版本支持使用共享内存,带随机化地址空间布局.
Feature: "error_log" 指令可在 mail 和 server 级别
Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work if not specified in the first "listen" directive for a listen socket.
编译安装:略
最后贴一下官方分享的stream模块的简单配置demo:
worker_processes auto;
error_log /var/log/nginx/error.log info;
events {
worker_connections 1024;
}
stream {
upstream backend {
hash $remote_addr consistent;
server backend1.example.com:12345 weight=5;
server 127.0.0.1:12345 max_fails=3 fail_timeout=30s;
server unix:/tmp/backend3;
}
server {
listen 12345;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass backend;
}
server {
listen [::1]:12345;
proxy_pass unix:/tmp/stream.socket;
}
}
》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》》
在此我做了一个tcp反向解析的小实验
背景:125.208.14.177:3306 数据库1
125.208.14.177:3306 数据库2
218.78.186.162 nginx服务器
配置文件
worker_processes auto;
error_log /var/log/nginx/error.log info;
events {
worker_connections 1024;
}
stream {
upstream backend {
hash $remote_addr consistent;
server 125.208.14.177:3306 weight=5 max_fails=3 fail_timeout=30s;
server 125.208.14.177:3307 weight=4 max_fails=3 fail_timeout=30s;
}
server {
listen 12345;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass backend;
}
}
测试:
[root@iZ236mlq2naZ ~]# MySQL -uroot -p'******' -P12345 -h218.78.186.162 -e "select * from test" test
Warning: Using a password on the command line interface can be insecure.
+-----------------------------+
| t |
+-----------------------------+
| this is 125.208.14.177:3306 |
+-----------------------------+
[root@iZ236mlq2naZ ~]# mysql -uroot -p'*****' -P12345 -h218.78.186.162 -e "select * from test" test
Warning: Using a password on the command line interface can be insecure.
^[[A+-----------------------------+
| t |
+-----------------------------+
| this is 125.208.14.177:3307 |
+-----------------------------+
[root@iZ236mlq2naZ ~]# mysql -uroot -p'*****' -P12345 -h218.78.186.162 -e "select * from test" test
Warning: Using a password on the command line interface can be insecure.
+-----------------------------+
| t |
+-----------------------------+
| this is 125.208.14.177:3306 |
+-----------------------------+
[root@iZ236mlq2naZ ~]# mysql -uroot -p'******' -P12345 -h218.78.186.162 -e "select * from test" test
Warning: Using a password on the command line interface can be insecure.
+-----------------------------+
| t |
+-----------------------------+
| this is 125.208.14.177:3306 |
+-----------------------------+
再做一个读写分离的实验:
配置文件
worker_processes auto;
error_log /var/log/nginx/error.log info;
events {
worker_connections 1024;
}