nginx - yar145/mytestrepo1 GitHub Wiki

apt install nginx libnginx-mod-stream vi /etc/nginx/nginx.conf systemctl restart nginx

tail -n 30 -vf /var/log/nginx/stream-access.log

cat /etc/nginx/nginx.conf

user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf;

events { worker_connections 768; # multi_accept on; }

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

include /etc/nginx/conf.d/*.conf;

}

stream { log_format combined '$remote_addr - - [$time_local] $protocol $status $bytes_sent $bytes_received $session_time "$upstream_addr"'; access_log /var/log/nginx/stream-access.log combined; upstream pos_eximTS { server 1.2.3.4:1210; } upstream pos_eximNS { server 1.2.3.4:1200; } server { listen 1210; proxy_pass pos_eximTS; } server { listen 1200; proxy_pass pos_eximNS; }

}

How to Install an SSL/TLS Certificate In Nginx (OpenSSL) You need to link the two certificates (or “Concatenate” them) into a single file by entering the command below: cat your_domain_name.crt Intermediate.crt >> bundle.crt

Module ngx_stream_proxy_module

How to Build NGINX from Source on Ubuntu 22.04 or 20.04

apt install build-essential libpcre3-dev libssl-dev zlib1g-dev libgd-dev

wget https://nginx.org/download/nginx-1.23.3.tar.gz

tar -xzvf nginx-1.23.3.tar.gz

cd nginx-1.23.3

./configure --prefix=/var/www/html --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --with-pcre --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_ssl_module --with-http_image_filter_module=dynamic --modules-path=/etc/nginx/modules --with-http_v2_module --with-stream=dynamic --with-http_addition_module --with-http_mp4_module

make

make install

Nginx TCP transparent proxy

Module ngx_stream_realip_module

IP Transparency and Direct Server Return with NGINX and NGINX Plus as Transparent Proxy

Nginx TCP transparent proxy

Module ngx_http_proxy_module proxy_bind address [transparent] | off;

Makes outgoing connections to a proxied server originate from the specified local IP address with an optional port (1.11.2). Parameter value can contain variables (1.3.12). The special value off (1.3.12) cancels the effect of the proxy_bind directive inherited from the previous configuration level, which allows the system to auto-assign the local IP address and port.

The transparent parameter (1.11.0) allows outgoing connections to a proxied server originate from a non-local IP address, for example, from a real IP address of a client:

proxy_bind $remote_addr transparent; In order for this parameter to work, it is usually necessary to run nginx worker processes with the superuser privileges. On Linux it is not required (1.13.8) as if the transparent parameter is specified, worker processes inherit the CAP_NET_RAW capability from the master process. It is also necessary to configure kernel routing table to intercept network traffic from the proxied server.

configure kernel routing table to intercept network traffic from the proxied server.

ip route add local 0.0.0.0/0 dev lo table 100

ip rule add fwmark 1 lookup 100

iptables -t mangle -A PREROUTING -p tcp -s 1.2.3.4 -j MARK --set-xmark 0x1/0xffffffff