xfy
6543422281
- config: 反向代理、缓存、负载均衡、安全、SSL 等配置模板 - lua: API 网关、认证、动态路由、限流、WebSocket 等脚本示例 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
115 lines
2.7 KiB
Plaintext
115 lines
2.7 KiB
Plaintext
# ============================================================
|
||
# Nginx TCP Stream 代理配置示例
|
||
# ============================================================
|
||
#
|
||
# 功能说明:
|
||
# - TCP 四层代理
|
||
# - 数据库、缓存等服务代理
|
||
# - SSL 终端支持
|
||
#
|
||
# Lolly 对应配置:
|
||
# stream:
|
||
# - listen: "3306"
|
||
# protocol: "tcp"
|
||
# upstream:
|
||
# targets:
|
||
# - addr: "mysql1:3306"
|
||
# weight: 3
|
||
# - addr: "mysql2:3306"
|
||
# weight: 1
|
||
# load_balance: "round_robin"
|
||
# ssl:
|
||
# enabled: true
|
||
# cert: "/path/to/cert.pem"
|
||
# key: "/path/to/key.pem"
|
||
# ============================================================
|
||
|
||
# Stream 配置块(与 http 块同级)
|
||
stream {
|
||
# MySQL TCP 代理
|
||
upstream mysql_backend {
|
||
server mysql1:3306 weight=3;
|
||
server mysql2:3306 weight=1;
|
||
server mysql3:3306 backup;
|
||
}
|
||
|
||
server {
|
||
listen 3306;
|
||
proxy_pass mysql_backend;
|
||
|
||
# 负载均衡算法
|
||
# least_conn; # 最少连接
|
||
# hash $remote_addr; # IP 哈希会话保持
|
||
|
||
# 连接超时
|
||
proxy_connect_timeout 5s;
|
||
proxy_timeout 30m; # MySQL 连接可能很长
|
||
|
||
# 连接保持
|
||
proxy_buffer_size 16k;
|
||
}
|
||
|
||
# Redis TCP 代理
|
||
upstream redis_backend {
|
||
server redis1:6379;
|
||
server redis2:6379;
|
||
}
|
||
|
||
server {
|
||
listen 6379;
|
||
proxy_pass redis_backend;
|
||
proxy_timeout 30m;
|
||
}
|
||
|
||
# PostgreSQL SSL 代理
|
||
upstream postgres_backend {
|
||
server postgres1:5432;
|
||
server postgres2:5432;
|
||
}
|
||
|
||
server {
|
||
listen 5432 ssl;
|
||
proxy_pass postgres_backend;
|
||
|
||
# SSL 终端配置
|
||
# Lolly 对应: stream.ssl 配置块
|
||
ssl_certificate /etc/nginx/ssl/postgres.crt;
|
||
ssl_certificate_key /etc/nginx/ssl/postgres.key;
|
||
ssl_protocols TLSv1.2 TLSv1.3;
|
||
|
||
# 上游 SSL(加密到后端的连接)
|
||
# Lolly 对应: stream.proxy_ssl 配置块
|
||
proxy_ssl on;
|
||
proxy_ssl_verify off; # 不验证后端证书
|
||
proxy_ssl_protocols TLSv1.2 TLSv1.3;
|
||
}
|
||
}
|
||
|
||
# TCP Stream 说明:
|
||
#
|
||
# 1. Stream vs HTTP:
|
||
# - Stream: 四层代理(TCP/UDP)
|
||
# - HTTP: 七层代理(HTTP 协议)
|
||
# - Stream 不解析 HTTP 内容
|
||
#
|
||
# 2. 适用场景:
|
||
# - 数据库代理(MySQL, PostgreSQL, Redis)
|
||
# - SSH 代理
|
||
# - MQTT 代理
|
||
# - 任意 TCP 服务
|
||
#
|
||
# 3. SSL 终端:
|
||
# - 客户端 -> nginx: SSL 连接
|
||
# - nginx -> 后端: SSL 或明文
|
||
# - 可配置双向 SSL
|
||
#
|
||
# 4. 负载均衡:
|
||
# - round_robin: 默认
|
||
# - least_conn: 最少连接
|
||
# - hash: 哈希分配
|
||
#
|
||
# 5. Lolly Stream 支持:
|
||
# - TCP 和 UDP 协议
|
||
# - SSL 终端
|
||
# - 上游 SSL
|
||
# - 客户端 CA 验证(mTLS) |