参考:
[root@promote sbin]# ./nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module
[root@promote conf]# cat nginx.conf
user root;
worker_processes auto;
error_log logs/error.log error;
#error_log logs/error.log info;
pid logs/nginx.pid;
worker_rlimit_nofile 655350;
events
{
use epoll;
worker_connections 65535;
multi_accept on;
accept_mutex on;
}
stream {
upstream agent {
hash $remote_addr consistent;
server 192.168.30.103:8004 max_fails=5 fail_timeout=30s;
server 192.168.30.104:8004 max_fails=5 fail_timeout=30s;
server 192.168.30.105:8004 max_fails=5 fail_timeout=30s;
}
server {
listen 8004 udp;
proxy_timeout 30s;
proxy_responses 0;
proxy_buffer_size 4096k;
proxy_bind $remote_addr:$remote_port transparent;
#proxy_bind $remote_addr transparent; #获取真实源IP?
proxy_pass agent;
}
log_format proxy '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /usr/local/nginx/logs/tcp-access.log proxy ;
open_log_file_cache off;
#include /usr/local/nginx/conf/servers/*.stream;
#include /usr/local/nginx/conf/*.conf;
}
抓包:# tcpdump udp -i eno3 port 8004
Sets the number of datagrams expected from the proxied server in response to a client datagram if the UDP protocol is used. The number serves as a hint for session termination. By default, the number of datagrams is not limited.
如果使用UDP协议,则根据客户端数据报的响应,设置来自proxied服务器的datagram的数量。这个数字作为会话终止的提示。默认情况下,datagram的数量并不受限制。
测试结果:
用于udp转发无法同时兼顾tcp的转发请求。proxy_responses 设置为1的时候,测试存在转发的报文数量存在丢失的情况。将其设置为0,同时增加了 proxy_buffer_size ,测试基本正常。