Original link: https://chegva.com/5523.html
There is a third-party project that needs to use a 4-layer proxy to forward to an account service on the intranet for authentication, so I used nginx stream to get it, and it feels okay. I made a whitelist and speed limit, and the configuration is as follows:
worker_processes auto; worker_cpu_affinity auto; daemon off; # Start in the container and configure this on worker_rlimit_nofile 65535; load_module "modules/ngx_stream_module.so"; access_log /home/anzhihe/logs/nginx/xx-proxy.log proxy; error_log /home/anzhihe/logs/nginx/error.log info; events { use epoll; worker_connections 65535; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" $status' ' $bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$request_time"'; log_format proxy '$remote_addr - $remote_user [$time_local] "$request" $status' ' $bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for/$upstream_addr" "$request_time/$upstream_response_time/$upstream_status"'; log_format web '$http_x_forwarded_for - $host [$time_local] "$request" $status' ' $bytes_sent "$http_referer" ' '"$http_user_agent" "$remote_addr/$upstream_addr" "$request_time/$upstream_response_time/$upstream_status/$upstream_http_custom_status"'; sendfile on; keepalive_timeout 0; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_types application/x-javascript text/css application/xml ; proxy_connect_timeout 120; proxy_read_timeout 120; proxy_send_timeout 120; proxy_buffer_size 16k; proxy_buffers 4 64k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; server_names_hash_max_size 128; server_names_hash_bucket_size 128; client_max_body_size 20m; server_tokens off; fastcgi_connect_timeout 60; fastcgi_send_timeout 180; fastcgi_read_timeout 180; fastcgi_buffer_size 128k; fastcgi_buffers 4 128k; access_log /home/anzhihe/logs/nginx/xx-proxy.log proxy; #limit_req_zone $binary_remote_addr zone=ip_addr:10m rate=5r/s; #limit_req zone=ip_addr burst=10 nodelay; } ## tcp proxy stream { limit_conn_zone $binary_remote_addr zone=conlimit:10m; # log_format xxproxy '$remote_addr - $remote_user [$time_local] "$request" $status' # ' $bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for/$upstream_addr" "$request_time/$upstream_response_time/$upstream_status"'; server { listen 8888; allow xxx.xxx.xx.x/32; allow xxx.xxx.xx.x/32; deny all; limit_conn conlimit 5; # Limit the number of concurrent client connections to 5 proxy_connect_timeout 2s; proxy_timeout 30m; proxy_pass account.chegva.com:8888; #access_log /home/anzhihe/logs/nginx/xxproxy.log; } }
refer to:
This article is reprinted from: https://chegva.com/5523.html
This site is for inclusion only, and the copyright belongs to the original author.