有个三方项目需要使用4层代理转发到内网一个账号服务做认证，于是使用nginx stream弄了下，感觉还行，做了下白名单和限速，配置如下：

worker_processes  auto;
worker_cpu_affinity auto;

daemon off; # 容器里启动可以把这个配置上

worker_rlimit_nofile 65535;

load_module "modules/ngx_stream_module.so";

access_log /home/anzhihe/logs/nginx/xx-proxy.log proxy;
error_log /home/anzhihe/logs/nginx/error.log info;

events {
        use epoll;
        worker_connections  65535;
}

http {
        include       mime.types;
        default_type  application/octet-stream;
        

        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" $status'
                ' $bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for" "$request_time"';

        log_format  proxy  '$remote_addr - $remote_user [$time_local] "$request" $status'
                ' $bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for/$upstream_addr" "$request_time/$upstream_response_time/$upstream_status"';

        log_format  web  '$http_x_forwarded_for - $host [$time_local] "$request" $status'
                ' $bytes_sent "$http_referer" '
                '"$http_user_agent" "$remote_addr/$upstream_addr" "$request_time/$upstream_response_time/$upstream_status/$upstream_http_custom_status"';

        sendfile        on;

        keepalive_timeout  0;

        gzip  on;
        gzip_min_length 1k;
        gzip_buffers 4 16k;
        gzip_types application/x-javascript text/css application/xml ;

        proxy_connect_timeout    120;
        proxy_read_timeout       120;
        proxy_send_timeout       120;
        proxy_buffer_size        16k;
        proxy_buffers            4 64k;
        proxy_busy_buffers_size 128k;
        proxy_temp_file_write_size 128k;

        server_names_hash_max_size 128;
        server_names_hash_bucket_size 128;

        client_max_body_size 20m;

        server_tokens off;

        fastcgi_connect_timeout 60;
        fastcgi_send_timeout 180;
        fastcgi_read_timeout 180;
        fastcgi_buffer_size 128k;
        fastcgi_buffers 4 128k;
        
        access_log /home/anzhihe/logs/nginx/xx-proxy.log proxy;
        #limit_req_zone $binary_remote_addr zone=ip_addr:10m rate=5r/s;
        #limit_req zone=ip_addr burst=10 nodelay;

}

## tcp proxy

stream {
   limit_conn_zone $binary_remote_addr zone=conlimit:10m;
   
   #  log_format  xxproxy  '$remote_addr - $remote_user [$time_local] "$request" $status'
   #        ' $bytes_sent "$http_referer" '
   #       '"$http_user_agent" "$http_x_forwarded_for/$upstream_addr" "$request_time/$upstream_response_time/$upstream_status"';

   server {
   
        listen 8888;
        allow  xxx.xxx.xx.x/32;
        allow  xxx.xxx.xx.x/32;
        deny   all;
        limit_conn conlimit 5;     # 限制客户端的并发连接数为5
        proxy_connect_timeout 2s;
        proxy_timeout 30m;
        proxy_pass account.chegva.com:8888;
        #access_log /home/anzhihe/logs/nginx/xxproxy.log;
    }
}

参考：

• Module ngx_stream_core_module
  

• Rate Limiting with NGINX and NGINX Plus
  

• Nginx教程
  

安志合个人博客，版权所有 丨 如未注明，均为原创 丨 转载请注明转自：https://chegva.com/5523.html | ☆★★每天进步一点点,加油!★★☆ |