阮胜昌的技术记录站-LinuxMySQL数据库运维

环境：
CentOS7.6系统最小化安装:
 [root@node230 nginx]# uname -a
Linux node230 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@node230 nginx]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)


服务器关闭防火墙，SELINUX
systemctl stop firewalld
systemctl mask firewalld


vim /etc/selinux/config
SELINUX=disabled


三台服务器，一台nginx负载均衡器，两个SSR服务器
nginx 代理： 172.16.1.230
SSR1: 172.16.1.231
SSR2: 172.16.1.230
注意，后端两台SSR服务器除了IP和端口不一样外，其它的参数要一样才可以


拓扑图：



Nginx软件安装配置：
配置Nginx:
yum install net-tools vim gcc gcc-c++ lsof nmap screen iotop lrzsz pcre pcre-devel zlib zlib-devel openssl openssl-devel -y
yum groupinstall "开发工具" -y 
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install nginx   nginx-module*-y  
[root@node230 stream]# nginx -v
nginx version: nginx/1.18.0




udp的负载需要使用nginx的stream模块，检查模块是否编译安装：
[root@node230 stream]# nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'




 配置
在/etc/nginx/nginx.conf 中加入：
[root@node230 nginx]# cat nginx.conf


user  nginx;
worker_processes  1;


error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;




events {
    worker_connections  1024;
}


stream {
    proxy_connect_timeout 5s;
    include stream/*conf;
    log_format proxy '$remote_addr - [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time "$upstream_addr" ' '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time" ' '$remote_addr $remote_port $server_addr $server_port';
    access_log  /var/log/nginx/stream.log  proxy;        #记录代理转发的日志
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;


    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"' '$connection $upstream_addr' 'upstream_response_time $upstream_response_time request_time $request_time';


    access_log  /var/log/nginx/access.log  main;


    sendfile        on;
    #tcp_nopush     on;


    keepalive_timeout  65;


    #gzip  on;


    include /etc/nginx/conf.d/*.conf;
}




在同级目录创建stream文件夹，
[root@node230 nginx]# pwd
/etc/nginx
[root@node230 nginx]# ls
conf.d    koi-utf  mime.types  nginx.conf     win-utf
fastcgi_params  koi-win  modules     scgi_params  uwsgi_params
[root@node230 nginx]# mkdir -p stream
[root@node230 nginx]# ls
conf.d          koi-utf  mime.types  nginx.conf   stream        win-utf
fastcgi_params  koi-win  modules     scgi_params  uwsgi_params




再创建新的文件：udp.conf,内容为：
[root@node230 nginx]# cd stream/
[root@node230 stream]# ls
udp.conf
[root@node230 stream]# pwd
/etc/nginx/stream
[root@node230 stream]# cat udp.conf
upstream udp {
                server 172.16.1.231:19910 weight=4 max_fails=2 fail_timeout=30s;
                server 172.16.1.232:14522 weight=1 max_fails=2 fail_timeout=30s;
        }
server {
    listen 5000;                #开启tcp协议
    listen 5000 udp;        #开启udp协议
    proxy_connect_timeout 3s;
    proxy_timeout 3s;
    proxy_pass udp;
}


重新启动nginx服务：
[root@node230 stream]# service nginx restart
Redirecting to /bin/systemctl restart nginx.service




SSR服务器软件安装配置：
服务器关闭防火墙，SELINUX
systemctl stop firewalld
systemctl mask firewalld


vim /etc/selinux/config
SELINUX=disabled
setenforce 0


[root@node231 ~]#yum install wget -y
[root@node231 ~]#wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR.sh
[root@node231 ~]#./shadowsocksR.sh
配置后参数如下：
[root@node231 ~]# cat /etc/motd
Congratulations, ShadowsocksR server install completed!
Your Server IP        :  156.217.67.127 
Your Server Port      :  19910
Your Password         :  123456
Your Protocol         :  origin
Your obfs             :  plain
Your Encryption Method:  chacha20-ietf


[root@node232 ~]# cat /etc/motd
Congratulations, ShadowsocksR server install completed!
Your Server IP        :  156.217.67.128
Your Server Port      :  14522
Your Password         :  123456
Your Protocol         :  origin
Your obfs             :  plain
Your Encryption Method:  chacha20-ietf
 
查看：
在SSR客户端软件配置IP: 172.16.1.230  端口：5000  密码：123456 ,加密,协议,混淆等参数


在nginx负载均衡器上查看转发日志：
[root@node230 ~]# tail -f /var/log/nginx/stream.log
172.16.1.1 - [24/Mar/2021:16:37:19 +0800] UDP 200 78 46 3.000 "172.16.1.231:19910" "46" "78" "0.000" 172.16.1.1 50448 172.16.1.230 5000
172.16.1.1 - [24/Mar/2021:16:37:19 +0800] UDP 200 78 46 3.001 "172.16.1.231:19910" "46" "78" "0.000" 172.16.1.1 50450 172.16.1.230 5000
172.16.1.1 - [24/Mar/2021:16:37:19 +0800] UDP 200 78 46 3.000 "172.16.1.231:19910" "46" "78" "0.000" 172.16.1.1 50453 172.16.1.230 5000
172.16.1.1 - [24/Mar/2021:16:37:20 +0800] UDP 200 78 46 3.000 "172.16.1.231:19910" "46" "78" "0.000" 172.16.1.1 50455 172.16.1.230 5000
172.16.1.1 - [24/Mar/2021:16:37:27 +0800] TCP 200 1138 370 0.234 "172.16.1.232:14522" "370" "1138" "0.001" 172.16.1.1 61201 172.16.1.230 5000
172.16.1.1 - [24/Mar/2021:16:37:27 +0800] TCP 200 1138 370 0.105 "172.16.1.232:14522" "370" "1138" "0.000" 172.16.1.1 61203 172.16.1.230 5000
172.16.1.1 - [24/Mar/2021:16:37:30 +0800] UDP 200 78 46 3.004 "172.16.1.231:19910" "46" "78" "0.000" 172.16.1.1 50460 172.16.1.230 5000
172.16.1.1 - [24/Mar/2021:16:37:30 +0800] UDP 200 78 46 3.001 "172.16.1.231:19910" "46" "78" "0.000" 172.16.1.1