利用nginx转发实现rds公网访问
需求场景
- 2020.10.12.利用 nginx(装在一台公网+内网的ecs上)转发内网 rds(安全考虑,未开通公网服务)遇到如下错误:
[root@localhost]
nginx: [emerg] "proxy_timeout" directive is not allowed here in /usr/local/nginx/conf/vhost/ecs2rds.conf:3
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
[root@localhost]
server {
listen 10001;
proxy_timeout 300s;
proxy_pass 192.168.0.222:3306;
}
配置过程
- 确认编译nginx的时候已添加
--with-stream 参数:
[root@localhost]
nginx version: nginx/1.20.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.1.1g 21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-pcre --with-pcre-jit --with-http_realip_module --with-http_sub_module --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-openssl=/usr/local/openssl --with-openssl-opt=enable-tls1_3 --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream --with-http_gzip_static_module --with-http_flv_module --with-http_mp4_module
- 修改 nginx.conf 添加如下
stream 模块(与 http{} 同级):
stream {
log_format proxy '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log logs/steam.log proxy;
error_log logs/error.log;
include vhost/*.conf;
}
[root@localhost]
server {
listen 10001;
proxy_timeout 300s;
proxy_pass 192.168.0.222:3306;
}
/usr/local/nginx/sbin/nginx -s reload