nginx_tcp_proxy_module - support TCP proxy with Nginx
This module is at its very early phase of development and considered highly experimental. But you're encouraged to test it out on your side and report any quirks that you experience.
We need your help! If you find this module useful and/or interesting, please consider joining the development!
http {
listen 80;
location /status {
check_status;
}
}
tcp {
upstream cluster {
# simple round-robin
server 127.0.0.1:3306;
server 127.0.0.1:1234;
check interval=3000 rise=2 fall=5 timeout=1000;
#check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello;
#check interval=3000 rise=2 fall=5 timeout=1000 type=http;
#check_http_send "GET / HTTP/1.0\r\n\r\n";
#check_http_expect_alive http_2xx http_3xx;
}
server {
listen 8888;
proxy_pass cluster;
}
}
This module actually include many modules: ngx_tcp_module, ngx_tcp_core_module, ngx_tcp_upstream_module, ngx_tcp_proxy_module, ngx_tcp_upstream_ip_hash_module. All these modules work togther to add the support of TCP proxy with Nginx. I also add other features: ip_hash, upstream server health check, status monitor.
The motivation of writing these modules is Nginx's high performance and robustness.
syntax: tcp {...}
default: none
context: main
description: All the tcp related directives are contained in the tcp block.
ngx_tcp_core_moodule
syntax: server {...}
default: none
context: tcp
description: All the specific server directives are contained in the server block.
syntax: listen address:port [ bind ]
default: none
context: server
description: The same as listen (http://wiki.nginx.org/NginxMailCoreModule#listen).
syntax: allow [ address | CIDR | all ]
default: none
context: server
description: Directive grants access for the network or addresses indicated.
syntax: deny [ address | CIDR | all ]
default: none
context: server
description: Directive grants access for the network or addresses indicated.
syntax: so_keepalive on|off
default: off
context: main, server
description: The same as so_keepalive (http://wiki.nginx.org/NginxMailCoreModule#so_keepalive).
syntax: tcp_nodelay on|off
default: on
context: main, server
description: The same as tcp_nodelay (http://wiki.nginx.org/NginxHttpCoreModule#tcp_nodelay).
syntax: timeout milliseconds
default: 60000
context: main, server
description: set the timeout value with clients.
syntax: server_name name fqdn_server_host
default: The name of the host, obtained through gethostname()
context: tcp, server
description: The same as server_name (http://wiki.nginx.org/NginxMailCoreModule#server_name).
syntax: resolver address
default: none
context: tcp, server
description: DNS server
syntax: resolver_timeout time
default: 30s
context: tcp, server
description: Resolver timeout in seconds.
syntax: upstream {...}
default: none
context: tcp
description: All the upstream directives are contained in this block. The upstream server will be dispatched with round robin by default.
syntax: server name [parameters]
default: none
context: upstream
description: Most of the parameters are the same as server (http://wiki.nginx.org/NginxHttpUpstreamModule#server). Default port is 80.
syntax: check interval=milliseconds [fall=count] [rise=count] [timeout=milliseconds] [type=tcp|ssl_hello|smtp|mysql|pop3|imap]
default: none, if parameters omitted, default parameters are interval=30000 fall=5 rise=2 timeout=1000
context: upstream
description: Add the health check for the upstream servers. At present, the check method is a simple tcp connect.
The parameters' meanings are:
interval: the check request's interval time.
fall(fall_count): After fall_count check failures, the server is marked down.
rise(rise_count): After rise_count check success, the server is marked up.
timeout: the check request's timeout.
type: the check protocol type:
tcp is a simple tcp socket connect and peek one byte.
ssl_hello sends a client ssl hello packet and receives the server ssl hello packet.
http sends a http requst packet, recvives and parses the http response to diagnose if the upstream server is alive.
smtp sends a smtp requst packet, recvives and parses the smtp response to diagnose if the upstream server is alive. The response begins with '2' should be an OK response.
mysql connects to the mysql server, recvives the greeting response to diagnose if the upstream server is alive.
pop3 recvives and parses the pop3 response to diagnose if the upstream server is alive. The response begins with '+' should be an OK response.
imap connects to the imap server, recvives the greeting response to diagnose if the upstream server is alive.
syntax: check_http_send http_packet
default: "GET / HTTP/1.0\r\n\r\n"
context: upstream
description: If you set the check type is http, then the check function will sends this http packet to check the upstream server.
syntax: check_http_expect_alive [ http_2xx | http_3xx | http_4xx | http_5xx ]
default: http_2xx | http_3xx
context: upstream
description: These status codes indicate the upstream server's http response is ok, the backend is alive.
syntax: check_smtp_send smtp_packet
default: "HELO smtp.localdomain\r\n"
context: upstream
description: If you set the check type is smtp, then the check function will sends this smtp packet to check the upstream server.
syntax: check_smtp_expect_alive [smtp_2xx | smtp_3xx | smtp_4xx | smtp_5xx]
default: smtp_2xx
context: upstream
description: These status codes indicate the upstream server's smtp response is ok, the backend is alive.
syntax: check_shm_size size
default: (number_of_checked_upstream_blocks + 1) * pagesize
context: tcp
description: If you store hundreds of serveres in one upstream block, the shared memory for health check may be not enough, you can enlarged it by this directive.
syntax: check_status
default: none
context: location
description: Display the health checking servers' status by HTTP. This directive is set in the http block.
ngx_tcp_upstream_ip_hash_module
syntax: ip_hash
default: none
context: upstream
description: the upstream server will be dispatched by ip_hash.
syntax: proxy_pass host:port
default: none
context: server
description: proxy the request to the backend server. Default port is 80.
syntax: proxy_buffer size
default: 4k
context: tcp, server
description: set the size of proxy buffer.
syntax: proxy_connect_timeout miliseconds
default: 60000
context: tcp, server
description: set the timeout value of connection to backends.
syntax: proxy_read_timeout miliseconds
default: 60000
context: tcp, server
description: set the timeout value of reading from backends.
syntax: proxy_write_timeout miliseconds
default: 60000
context: tcp, server
description: set the timeout value of writing to backends.
Download the latest version of the release tarball of this module from github (http://github.com/yaoweibin/nginx_tcp_proxy_module)
Grab the nginx source code from nginx.org (http://nginx.org/), for example, the version 0.7.65 (see nginx compatibility), and then build the source with this module:
$ wget 'http://nginx.org/download/nginx-0.7.65.tar.gz'
$ tar -xzvf nginx-0.7.65.tar.gz
$ cd nginx-0.7.65/
$ patch -p1 < /path/to/nginx_tcp_proxy_module/tcp.patch
$ ./configure --add-module=/path/to/nginx_tcp_proxy_module
$ make
$ make install
My test bed is 0.7.65 and 0.8.34.
The http_response_parse.rl and smtp_response_parse.rl are ragel (http://www.complang.org/ragel/) scripts , you can edit the script and compile it like this:
$ ragel -G2 http_response_parse.rl
$ ragel -G2 smtp_response_parse.rl
ACL
Developing
add many check methods
first release
Weibin Yao(姚伟斌) yaoweibin at gmail dot com
This README template copy from agentzh (http://github.com/agentzh).
I borrowed a lot of code from upstream and mail module from the nginx 0.7.* core. This part of code is copyrighted by Igor Sysoev. And the health check part is borrowed the design of Jack Lindamood's healthcheck module healthcheck_nginx_upstreams (http://github.com/cep21/healthcheck_nginx_upstreams);
This module is licensed under the BSD license.
Copyright (C) 2010 by Weibin Yao <yaoweibin@gmail.com>.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.