1. Explanation
Since we will receive a large number of client connections when using mqtt, we will definitely not be able to withstand the single-mqtt, so we need an mqtt cluster to handle it. At this time, there must be a gateway responsible for the forwarding of the request.
Starting from version 1.9.0, nginx has added the ngx_stream_core_module module, making nginx support four-layer proxy and load balancing. The module is not compiled during the default compilation. You need to add --with-stream, --with-stream_ssl_module during compilation to enable it to support stream proxy.
If you want to support it in previous versions, you need to patch it and install the module nginx_tcp_proxy_module. http proxy is usually what we call a seven-layer proxy, which works at the seventh-layer application layer. The tcp proxy is what we often call a four-layer proxy, which works in the network layer and the transport layer
http proxy is usually what we call a seven-layer proxy, which works in the seventh-layer application layer
The tcp proxy is what we often call a four-layer proxy, which works in the network layer and the transport layer
Needed commands
| Order | illustrate |
|---|---|
| firewall-cmd --list-ports | Check the open port number |
| firewall-cmd --zone=public --add-port=8888/tcp --permanent | Open corresponding port number: 8888 |
| firewall-cmd --zone=public --remove-port=80/tcp --permanent | Close the port number |
| firewall-cmd --reload | Restart the firewall |
| systemctl status | Check the firewall status |
2. Operation steps
2.1 Check whether nginx is installed with stream
nginx -V | tr ' ' '\n'|grep stream
If the following two items appear, it means that it supports
--with-stream --with-stream_ssl_module
2.2 If not, reinstall nginx
1. sudo yum install nginx -y 2. sudo yum -y install epel-release 3. yum -y install 4. vi #Add a line at the topload_module /usr/lib64/nginx/modules/ngx_stream_module.so;
2.3 tcp proxy (mqtt as an example)
- TCP proxy is different from the website reverse proxy we usually call. It is based on the tcp protocol
- Stream reverse proxy module is on par with http and events. Don't write the configuration into http
In order to facilitate adding stream configuration, we create a stream directory in the nginx directory and store the tcp proxy configuration file
exist/etc/nginx/Added as follows:
stream {
log_format proxy '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /var/log/nginx/ proxy;
open_log_file_cache off;
include stream/*conf;
}Create a configuration file under nginx/stream
upstream mqtt_tcp_server{
server :8883;
}
server {
listen 8883; #listen to portproxy_connect_timeout 150s;
proxy_timeout 150s;
proxy_pass mqtt_tcp_server; #Reverse proxy addressproxy_buffer_size 3M;
tcp_nodelay on;
}Overload nginx
/usr/local/nginx/sbin/nginx -s reload
When we access nginx's 8883 port, it will be automatically proxyed to the target host's 8883 port
Summarize
This is the article about Nginx's listening and forwarding of TCP ports. For more information about Nginx's TCP port listening and forwarding, please search for my previous articles or continue browsing the following related articles. I hope everyone will support me in the future!