nginx tcp模块安装

nginx tcp模块安装

• nginx版本 选择版本
• tcp_model https://github.com/yaoweibin/nginx_tcp_proxy_module

初始 nginx 1.12 版本安装

• 需要安装OpenSSl

  • 有网络：sudo apt-get install libssl-dev
  • 下载OpenSSl https://www.openssl.org/source/

• 安装过程

  make 报错

  ../libcrypto.a(eng_rsax.o): In function `e_rsax_bn_mod_exp':
  eng_rsax.c:(.text+0x132f): undefined reference to `mod_exp_512'
  ../libcrypto.a(eng_rsax.o): In function `e_rsax_rsa_mod_exp':
  eng_rsax.c:(.text+0x1c08): undefined reference to `mod_exp_512'
  eng_rsax.c:(.text+0x22a8): undefined reference to `mod_exp_512'
  ../libcrypto.a(e_rc4_hmac_md5.o): In function `rc4_hmac_md5_cipher':
  e_rc4_hmac_md5.c:(.text+0x44e): undefined reference to `rc4_md5_enc'
  e_rc4_hmac_md5.c:(.text+0x4f1): undefined reference to `rc4_md5_enc'
  

  解决方案 需配置 ./Configure linux-x86_64

  make install 报错

  cms.pod around line 457: Expected text after =item, not a number
  cms.pod around line 461: Expected text after =item, not a number
  cms.pod around line 465: Expected text after =item, not a number
  cms.pod around line 470: Expected text after =item, not a number
  cms.pod around line 474: Expected text after =item, not a number
  

  make install_sw 解决错误。

• 安装ngixn 1.12版本

  make过程报错

  ../nginx_tcp_proxy_module-master/ngx_tcp_core_module.c:33:40: error: ‘NGX_CONF_MULTI’ undeclared here (not in a function)
         NGX_TCP_MAIN_CONF|NGX_CONF_BLOCK|NGX_CONF_MULTI|NGX_CONF_NOARGS,
                                          ^
  ../nginx_tcp_proxy_module-master/ngx_tcp_core_module.c: In function ‘ngx_tcp_core_listen’:
  ../nginx_tcp_proxy_module-master/ngx_tcp_core_module.c:484:9: error: cannot convert to a pointer type
           if (ngx_memcmp(ls[i].sockaddr + off, u.sockaddr + off, len) != 0) {
           ^
  ../nginx_tcp_proxy_module-master/ngx_tcp_core_module.c:504:5: error: incompatible type for argument 2 of ‘memcpy’
       ngx_memcpy(ls->sockaddr, u.sockaddr, u.socklen);
       ^
  In file included from src/os/unix/ngx_linux_config.h:27:0,
                   from src/core/ngx_config.h:26,
                   from ../nginx_tcp_proxy_module-master/ngx_tcp_core_module.c:2:
  /usr/include/string.h:42:14: note: expected ‘const void * __restrict__’ but argument is of type ‘ngx_sockaddr_t’
   extern void *memcpy (void *__restrict __dest, const void *__restrict __src,
                ^
  make[1]: *** [objs/addon/nginx_tcp_proxy_module-master/ngx_tcp_core_module.o] Error 1
  make[1]: Leaving directory `/app/build/nginx-1.11.2'
  make: *** [build] Error 2
  

  官网好多人遇到这个问题，没找到解决办法。。

安装1.8版本的nginx

重新解压 nginx_tcp_proxy_module-master

sudo patch -p1 < /home/guo/Downloads/nginx_tcp_proxy_module-master/tcp_1_8.patch 

sudo ./configure --add-module=/home/guo/Downloads/nginx_tcp_proxy_module-master --without-http_rewrite_module --with-openssl=/home/guo/Downloads/openssl-1.0.1f --without-http_gzip_module

Make 过程报错

cms.pod around line 457: Expected text after =item, not a number
cms.pod around line 461: Expected text after =item, not a number
cms.pod around line 465: Expected text after =item, not a number
cms.pod around line 470: Expected text after =item, not a number
cms.pod around line 474: Expected text after =item, not a number

原因是nginx 调用了openssl的man包，而我们安装openssl的过程中用的是make install_sw 命令，没有安装man包。报错。

https://askubuntu.com/questions/454575/error-255-when-trying-to-install-openssl-1-0-1g-from-source

找到合适的openssl版本,重新安装.

sudo patch -p1 < /home/guo/Downloads/nginx_tcp_proxy_module-master/tcp_1_8.patch 

sudo ./configure --add-module=/home/guo/Downloads/nginx_tcp_proxy_module-master --without-http_rewrite_module --with-openssl=/home/guo/Downloads/openssl-1.0.2g --without-http_gzip_module

搞定！！

nginx tcp 配置和测试

  tcp {

        upstream cluster {
            # simple round-robin
            server localhost:9200;
            #server 192.168.0.2:80;

            check interval=3000 rise=2 fall=5 timeout=1000;

            #check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello;

            #check interval=3000 rise=2 fall=5 timeout=1000 type=http;
            #check_http_send "GET / HTTP/1.0\r\n\r\n";
            #check_http_expect_alive http_2xx http_3xx;
        }

        server {
            listen 8888;

            proxy_pass cluster;
        }
    }

通过9200端口可以访问本地的ES系统：

curl -XGET 'localhost:9200/_cat/health?v&pretty'

正常访问。

通过8888端口访问本地的ES系统：

curl -XGET 'localhost:8888/_cat/health?v&pretty'

正常访问。查看日志文件，有一次端口转发记录。

其实从1.9版本开始，Nginx自带Tcp反向代理处理模块。

stream{
    upstream backend{                                          
        hash $remote_addr consistent;
        server 127.0.0.1:7397 max_fails=3 fail_timeout=10s;    
        server 127.0.0.1:7398 max_fails=3 fail_timeout=10s;
    }

    server{
        listen 1268 ssl;                                       
        ssl_certificate     /home/guogangj/certs/cert1268.pem; 
        ssl_certificate_key  /home/guogangj/certs/key1268.pem; 
        ssl_session_cache    shared:SSL:10m;                   
        ssl_session_timeout  10m;                              
        ssl_ciphers  HIGH:!aNULL:!MD5;                         
        ssl_prefer_server_ciphers  on;                         
        proxy_connect_timeout 20s;                             
        proxy_timeout 5m;                                      
        proxy_pass backend;                                    
    }
}