1. 配置TCP四层转发

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
worker_processes auto;

http {
    server {
    	listen 80;
        ...
        location {
        	....
        }
    }
}


stream {
	log_format basic '$remote_addr [$time_local] '
					 '$protocol $status $bytes_sent $bytes_received '
					 '$session_time';

	access_log /spool/logs/nginx-access.log basic buffer=32k;

    ### tcp
	upstream test_tcp {
		hash $remote_addr consistent;
		server 192.168.0.124:8080 weight=1 max_fails=3 fail_timeout=30s;
		server 192.168.0.125:8080 weight=2;
		server 192.168.0.126:8080 weight=3;
	}
   
	server { 
		listen 8080; # nginx监听的端口 
		proxy_timeout 20s; 
		proxy_pass test_tcp; 
	}
}

2. 配置UDP转发

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
worker_processes auto;

http {
    server {
    	listen 80;
        ...
        location {
        	....
        }
    }
}


stream {
	log_format basic '$remote_addr [$time_local] '
					 '$protocol $status $bytes_sent $bytes_received '
					 '$session_time';

	access_log /spool/logs/nginx-access.log basic buffer=32k;

    ### udp
	upstream test_udp {
		hash $remote_addr consistent;
		server 192.168.0.124:8084 weight=1 max_fails=3 fail_timeout=30s;
		server 192.168.0.125:8084 weight=2;
		server 192.168.0.126:8084 weight=3;
	}
   
	server { 
		listen 8084 udp reuseport; # nginx监听的端口 
		proxy_timeout 20s; 
		proxy_pass test_udp; 
	}
}

3. 配置TCP SSL四层转发

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
worker_processes auto;

http {
    server {
    	listen 80;
        ...
        location {
        	....
        }
    }
}


stream {
	log_format basic '$remote_addr [$time_local] '
					 '$protocol $status $bytes_sent $bytes_received '
					 '$session_time';

	access_log /spool/logs/nginx-access.log basic buffer=32k;

    ### ssl tcp
	upstream test_ssl_tcp {
		hash $remote_addr consistent;
		server 192.168.0.124:8083 weight=1 max_fails=3 fail_timeout=30s;
		server 192.168.0.125:8083 weight=2;
		server 192.168.0.126:8083 weight=3;
	}

	server { 
		listen 8083 ssl; # nginx监听的端口 
		
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
        ssl_certificate     /usr/local/nginx/conf/cert.pem;
        ssl_certificate_key /usr/local/nginx/conf/cert.key;
        ssl_session_cache   shared:SSL:10m;
        ssl_session_timeout 10m;
		
		proxy_timeout 20s; 
		proxy_pass test__ssl_tcp; 
	}
}

PS: 以上仅为参考示例,生产环境要根据实际情况进行修改