stream {
log_format tcp '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
log_format stream_routing '$remote_addr [$time_local] '
'with SNI name "$ssl_preread_server_name" '
'proxying to "$upstream_addr" '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
map $ssl_preread_server_name $name {
~^www.haiyun.me haiyun;
~^haiyun.me haiyun;
default nginx;
}
upstream haiyun {
#hash $remote_addr consistent;
server 1.1.1.1:1111 weight=5 max_fails=1 fail_timeout=10s;
server 1.1.1.1:1112 weight=5 max_fails=1 fail_timeout=10s;
server 1.1.1.1:1113 weight=5 max_fails=1 fail_timeout=10s;
}
upstream nginx {
server 127.0.0.1:4443;
}
server {
listen 443 ;
listen [::]:443 ;
ssl_preread on;
proxy_protocol on;
proxy_pass $name;
proxy_connect_timeout 10s;
proxy_timeout 10s;
access_log /run/log/nginx/access.log tcp;
error_log /run/log/nginx/error.log;
}
}后端获取来源真实IP:
server
{
listen 1443 default proxy_protocol ssl ;
server_name www.haiyun.me haiyun.me;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
}遇到的一些问题:
1.修改stream内配置后nginx -s reload无效,需重启nginx
2.当开启proxy_protocol后每个后端都要支持proxy_protocol,不然无法正常连接,这点不如haproxy,可以指定后端开启
https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/
https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
标签:none