web123456

A preliminary study on nginx stream module

Preface

Starting from 1.9.0, nginx has added a new stream module to implement forwarding, proxying or load balancing of layer four protocols. This is completely the rhythm of grabbing HAproxy's share. Given the success of nginx in layer 7 load balancing and web service, and the good framework of nginx, the prospects of the stream module are bright.

stream module compilation

The stream module is not compiled to nginx by default. When compiling nginx, just ./configure –with-stream

Official website:/en/docs/stream/ngx_stream_core_module.html

usage

The usage of the stream module is similar to that of the http module, the key is that the syntax is almost the same. Get started with the configuration syntax of http module faster
The following is an example of tcp load balancing and udp(dns) load balancing, including server, upstream blocks, and server.
Hash, listen, proxy_pass and other instructions, if you don’t look at the outermost stream keyword, you will think it is an http module.

worker_processes auto;
error_log logs/error.stream.log info;
events {
    worker_connections  1024;
}
stream {
    upstream backend {
        hash $remote_addr consistent;
        server 127.0.0.1:12346 weight=5;
        server 127.0.0.1:12347            max_fails=3 fail_timeout=30s;
        server 127.0.0.1:12348            max_fails=3 fail_timeout=30s;
    }
    upstream dns {
       server 17.61.29.79:53;
       server 17.61.29.80:53;
       server 17.61.29.81:53;
       server 17.61.29.82:53;
    }
    server {
        listen 12345;
        proxy_connect_timeout 1s;
        proxy_timeout 3s;
        proxy_pass backend;
    }
    server {
        listen 127.0.0.1:53 udp;
        proxy_responses 1;
        proxy_timeout 20s;
        proxy_pass dns;
    }
}

stream core some variables

Note: variable support starts with nginx version 1.11.2

$binary_remote_addrClient address in binary format$bytes_receivedNumber of bytes received from the client$bytes_sentNumber of bytes sent to the client$hostnameConnect to the domain name$msecCurrent time of millisecond accuracy$nginx_versionnginx version$pidWorker process number$protocolCommunication Protocol (UDPor TCP)
$remote_addrClient IP$remote_portClient port$server_addrThe server ip that accepts the connection, calculating this variable requires a system call.  So avoid system callslistenThe specific server address must be specified in the instruction and the parameters must be used.bind$server_portThe server port that accepts connections$session_timeMillisecond precision session time (version1.11.4start)$statusSession Status (version1.11.4Start), can be the following values:200success400Cannot parse client data normally403No access500Internal server error502Gateway error, such as the upstream server cannot connect503Services are unavailable, such as connection restrictions, etc.$time_iso8601
ISO 8601Time format$time_localTimestamp in normal log format

stream module

The third-party modules listed on the official website are simply mirrors of the http module, such as access module access control IP and IP segments, map modules implement mapping, geo modules implement geolocation mapping, etc. When using these modules, you must see which version is supported, such as the log module, which is only supported in nginx-1.11.4.

ngx_stream_core_module
ngx_stream_access_module
ngx_stream_geo_module
ngx_stream_geoip_module
ngx_stream_js_module
ngx_stream_limit_conn_module
ngx_stream_log_module
ngx_stream_map_module
ngx_stream_proxy_module
ngx_stream_realip_module
ngx_stream_return_module
ngx_stream_split_clients_module
ngx_stream_ssl_module
ngx_stream_ssl_preread_module
ngx_stream_upstream_module
ngx_stream_upstream_hc_module