1 problem
Use Nginx to realize the TCP/UDP scheduler function (four layers), and realize the following functions:
- Two back-end SSH servers
- When compiling and installing Nginx, you need to use –with-stream to enable the ngx_stream_core_module module
- Nginx uses a polling method to call the back-end SSH server
2 plan
Use 4 RHEL7 virtual machines, one of which is used as an Nginx proxy server. The server needs to be configured with two network cards, the IP addresses are 192.168.4.5 and 192.168.2.5 respectively, and the IP addresses of the two SSH servers are 192.168.2.100 and 192.168.2.200 respectively. . The IP address of the client test host is 192.168.4.10. as shown in picture 2.
figure 2
3 steps
To implement this case, you need to follow the steps below.
Step 1: Deploy Nginx server that supports 4-layer TCP/UDP proxy
1) Deploy nginx server
Compilation and installation must use the -with-stream parameter to enable the 4-layer proxy module.
[root@proxy ~]# yum -y install gcc pcre-devel openssl-devel //安装依赖包
[root@proxy ~]# tar -xf nginx-1.12.2.tar.gz
[root@proxy ~]# cd nginx-1.12.2
[root@proxy nginx-1.12.2]# ./configure \
> --with-http_ssl_module \ //开启SSL加密功能
> --with-stream //开启4层反向代理功能
[root@proxy nginx-1.12.2]# make && make install //编译并安装
Step 2: Configure Nginx server, add server pool, realize TCP/UDP reverse proxy function
1) Modify the /usr/local/nginx/conf/nginx.conf configuration file
[root@proxy ~]# vim /usr/local/nginx/conf/nginx.conf
stream {
upstream backend {
server 192.168.2.100:22; //后端SSH服务器的IP和端口
server 192.168.2.200:22;
}
server {
listen 12345; //Nginx监听的端口
proxy_pass backend;
}
}
http {
.. ..
}
2) Reload the configuration
[root@proxy ~]# /usr/local/nginx/sbin/nginx -s reload
#请先确保nginx是启动状态,否则运行该命令会报错,报错信息如下:
#[error] open() "/usr/local/nginx/logs/nginx.pid" failed (2: No such file or directory)
3)客户端使用访问代理服务器测试轮询效果
[root@client ~]# ssh 192.168.4.5 -p 12345 //使用该命令多次访问查看效果