# ============================================================ # Nginx TCP Stream 代理配置示例 # ============================================================ # # 功能说明: # - TCP 四层代理 # - 数据库、缓存等服务代理 # - SSL 终端支持 # # Lolly 对应配置: # stream: # - listen: "3306" # protocol: "tcp" # upstream: # targets: # - addr: "mysql1:3306" # weight: 3 # - addr: "mysql2:3306" # weight: 1 # load_balance: "round_robin" # ssl: # enabled: true # cert: "/path/to/cert.pem" # key: "/path/to/key.pem" # ============================================================ # Stream 配置块(与 http 块同级) stream { # MySQL TCP 代理 upstream mysql_backend { server mysql1:3306 weight=3; server mysql2:3306 weight=1; server mysql3:3306 backup; } server { listen 3306; proxy_pass mysql_backend; # 负载均衡算法 # least_conn; # 最少连接 # hash $remote_addr; # IP 哈希会话保持 # 连接超时 proxy_connect_timeout 5s; proxy_timeout 30m; # MySQL 连接可能很长 # 连接保持 proxy_buffer_size 16k; } # Redis TCP 代理 upstream redis_backend { server redis1:6379; server redis2:6379; } server { listen 6379; proxy_pass redis_backend; proxy_timeout 30m; } # PostgreSQL SSL 代理 upstream postgres_backend { server postgres1:5432; server postgres2:5432; } server { listen 5432 ssl; proxy_pass postgres_backend; # SSL 终端配置 # Lolly 对应: stream.ssl 配置块 ssl_certificate /etc/nginx/ssl/postgres.crt; ssl_certificate_key /etc/nginx/ssl/postgres.key; ssl_protocols TLSv1.2 TLSv1.3; # 上游 SSL(加密到后端的连接) # Lolly 对应: stream.proxy_ssl 配置块 proxy_ssl on; proxy_ssl_verify off; # 不验证后端证书 proxy_ssl_protocols TLSv1.2 TLSv1.3; } } # TCP Stream 说明: # # 1. Stream vs HTTP: # - Stream: 四层代理(TCP/UDP) # - HTTP: 七层代理(HTTP 协议) # - Stream 不解析 HTTP 内容 # # 2. 适用场景: # - 数据库代理(MySQL, PostgreSQL, Redis) # - SSH 代理 # - MQTT 代理 # - 任意 TCP 服务 # # 3. SSL 终端: # - 客户端 -> nginx: SSL 连接 # - nginx -> 后端: SSL 或明文 # - 可配置双向 SSL # # 4. 负载均衡: # - round_robin: 默认 # - least_conn: 最少连接 # - hash: 哈希分配 # # 5. Lolly Stream 支持: # - TCP 和 UDP 协议 # - SSL 终端 # - 上游 SSL # - 客户端 CA 验证(mTLS)