说明:
安装方式是源码编译安装,因此先安装相关依赖,否则报错。
yum -y install gcc* patch openssl openssl-devel
安装步骤:
下载nginx源码包:
wget http://nginx.org/download/nginx-1.2.9.tar.gz
下载插件源码包:
wget https://codeload.github.com/chobits/ngx_http_proxy_connect_module/zip/master -O ngx_http_proxy_connect.zip
解压nginx源码包:
tar -zxvf nginx-1.15.5.tar.gz
解压nginx插件源码包:
unzip ngx_http_proxy_connect.zip -d ./
添加插件补丁:先进入nginx的源码包,cd nginx-1.2.9,然后运行下面命令:
patch -p1 < ../ngx_http_proxy_connect_module-master/patch/proxy_connect_rewrite_1015.patch
patch -p1 < ../nginx_tcp_proxy_module-master/tcp.patch
运行配置nginx:
./configure --with-http_ssl_module --add-module=../ngx_http_proxy_connect_module-master/ --add-module=../nginx_tcp_proxy_module-master/ --without-http_rewrite_module
编译及安装:
make && make install
默认安装的路径是:/usr/local/nginx
将文档中提供的nginx.conf放置到安装好的conf目录下,
启动:./sbin/nginx
关闭:./sbin/nginx -s quit
平滑重启:./sbin/nginx -s reload
参考配置:
#user nobody;
worker_processes 1; error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info; #pid logs/nginx.pid; events {
worker_connections 1024;
} http { #正向代理
server {
#正向代理的端口
listen 9080;
#dns,支持配置多个
resolver 132.29.29.29;
#开启插件支持https tunnel
#proxy_connect;
#proxy_connect_allow 443;
#proxy_connect_connect_timeout 10s;
#proxy_connect_read_timeout 40s;
#proxy_connect_send_timeout 40s;
#location / {
# proxy_pass http://$host;
# proxy_set_header Host $host;
# proxy_buffers 256 4k;
# proxy_max_temp_file_size 0;
#}
} #反向代理上游服务器-反向代理tpp-zuul-pre,支持配置多个
upstream srv_tpp-zuul-pre {
ip_hash;
server 172.168.168.108:80;
server 172.168.168.114:80;
} #反向代理
server {
listen 8080;
listen 443 ssl;
#ssl on;
ssl_certificate 1613208__hcepay.com.pem;
ssl_certificate_key 1613208__hcepay.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
server_name 127.0.0.1;
location / {
proxy_pass http://srv_tpp-zuul-pre;
}
}
upstream srv_fama
{
ip_hash;
server 172.168.168.112:8080;
server 172.168.168.119:8080;
}
server {
listen 8081;
server_name 127.0.0.1;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;
proxy_pass http://srv_fama;
}
}
upstream srv_acc-pre
{
ip_hash;
server 172.168.168.107:8764;
server 172.168.168.113:8764;
}
server {
listen 8764;
server_name 127.0.0.1;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;
proxy_pass http://srv_acc-pre;
}
}
upstream srv_redis
{
ip_hash;
server 172.168.168.119:7000;
server 172.168.168.119:7001;
server 172.168.168.119:7002;
server 172.168.168.119:7003;
server 172.168.168.119:7004;
server 172.168.168.119:7005;
}
server {
listen 6379;
server_name 127.0.0.1;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;
proxy_pass http://srv_redis;
}
}
} tcp {
upstream srv_tpp-webgate {
ip_hash;
server 172.168.168.108:5001;
server 172.168.168.114:5001;
check interval=3000 rise=2 fall=5 timeout=1000;
}
server {
listen 5001;
proxy_pass srv_tpp-webgate; tcp_nodelay on;
} }
安装参考: