nginx - yar145/mytestrepo1 GitHub Wiki
How to Install and Configure Nginx Webserver on Oracle Linux 8
TCP/UDP Load Balancing with NGINX: Overview, Tips, and Tricks
Module ngx_stream_geoip_module
How to Configure NGINX as TCP/UDP Load Balancer in Linux
apt install nginx libnginx-mod-stream vi /etc/nginx/nginx.conf systemctl restart nginx
tail -n 30 -vf /var/log/nginx/stream-access.log
cat /etc/nginx/nginx.conf
user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf;
events { worker_connections 768; # multi_accept on; }
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
include /etc/nginx/conf.d/*.conf;
}
stream { log_format combined '$remote_addr - - [$time_local] $protocol $status $bytes_sent $bytes_received $session_time "$upstream_addr"'; access_log /var/log/nginx/stream-access.log combined; upstream pos_eximTS { server 1.2.3.4:1210; } upstream pos_eximNS { server 1.2.3.4:1200; } server { listen 1210; proxy_pass pos_eximTS; } server { listen 1200; proxy_pass pos_eximNS; }
}
How to Install an SSL/TLS Certificate In Nginx (OpenSSL) You need to link the two certificates (or “Concatenate” them) into a single file by entering the command below: cat your_domain_name.crt Intermediate.crt >> bundle.crt
Module ngx_stream_proxy_module
How to Build NGINX from Source on Ubuntu 22.04 or 20.04
apt install build-essential libpcre3-dev libssl-dev zlib1g-dev libgd-dev
wget https://nginx.org/download/nginx-1.23.3.tar.gz
tar -xzvf nginx-1.23.3.tar.gz
cd nginx-1.23.3
./configure --prefix=/var/www/html --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --with-pcre --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_ssl_module --with-http_image_filter_module=dynamic --modules-path=/etc/nginx/modules --with-http_v2_module --with-stream=dynamic --with-http_addition_module --with-http_mp4_module
make
make install
Nginx TCP transparent proxy
Module ngx_stream_realip_module
IP Transparency and Direct Server Return with NGINX and NGINX Plus as Transparent Proxy
Module ngx_http_proxy_module proxy_bind address [transparent] | off;
Makes outgoing connections to a proxied server originate from the specified local IP address with an optional port (1.11.2). Parameter value can contain variables (1.3.12). The special value off (1.3.12) cancels the effect of the proxy_bind directive inherited from the previous configuration level, which allows the system to auto-assign the local IP address and port.
The transparent parameter (1.11.0) allows outgoing connections to a proxied server originate from a non-local IP address, for example, from a real IP address of a client:
proxy_bind $remote_addr transparent; In order for this parameter to work, it is usually necessary to run nginx worker processes with the superuser privileges. On Linux it is not required (1.13.8) as if the transparent parameter is specified, worker processes inherit the CAP_NET_RAW capability from the master process. It is also necessary to configure kernel routing table to intercept network traffic from the proxied server.
configure kernel routing table to intercept network traffic from the proxied server.
ip route add local 0.0.0.0/0 dev lo table 100
ip rule add fwmark 1 lookup 100
iptables -t mangle -A PREROUTING -p tcp -s 1.2.3.4 -j MARK --set-xmark 0x1/0xffffffff