Saturday, November 22, 2025

Web Server-10.Nginx:Use Stream Module

 

Nginx : Use Stream module2022/05/12

 
Configure Nginx to use Stream module.
It's possible to proxy TCP, UDP (Nginx 1.9.13 and later for UDP), UNIX-domain sockets requests.
This example is based on the environment like follows to proxy MariaDB requests to backend servers.
-----------+---------------------------+-----
           |                           |
           |10.0.0.31                  |
+----------+-----------+               |
|   [ www.srv.world ]  |               |
|        Nginx         |               |
+----------------------+               |
                                       |
------------+--------------------------+-----------
            |                          |           
            |10.0.0.51                 |10.0.0.52  
+-----------+----------+   +-----------+----------+
| [ node01.srv.world ] |   | [ node02.srv.world ] |
|       Mariadb#1      |   |       Mariadb#2      |
+----------------------+   +----------------------+
[1]Configure Nginx.
[root@www ~]# 
dnf -y install nginx-mod-stream
[root@www ~]# 
vi /etc/nginx/nginx.conf
# add to the end
# [weight=*] means balancing weight

stream {
    upstream mariadb-backend {
        server 10.0.0.51:3306 weight=2;
        server 10.0.0.52:3306;
    }
    server {
        listen 3306;
        proxy_pass mariadb-backend;
    }
}
[root@www ~]# 
systemctl reload nginx

[2]If SELinux is enabled, change policy.
[root@www ~]# 
setsebool -P httpd_can_network_connect on

[root@www ~]# 
setsebool -P httpd_can_network_connect_db on

[root@www ~]# 
vi nginx-stream.te
# create new

module nginx-stream 1.0;

require {
        type mysqld_port_t;
        type httpd_t;
        class tcp_socket name_bind;
}

#============= httpd_t ==============
allow httpd_t mysqld_port_t:tcp_socket name_bind;
[root@www ~]# 
checkmodule -m -M -o nginx-stream.mod nginx-stream.te

[root@www ~]# 
semodule_package --outfile nginx-stream.pp --module nginx-stream.mod

[root@www ~]# 
semodule -i nginx-stream.pp

[3]Verify it works fine to access to frontend Nginx server from any client computer.
[cent@client ~]$ mysql -u serverworld -ppassword -h www.srv.world -e "show variables like 'hostname';"
+---------------+------------------+
| Variable_name | Value            |
+---------------+------------------+
| hostname      | node01.srv.world |
+---------------+------------------+
[cent@client ~]$ mysql -u serverworld -ppassword -h www.srv.world -e "show variables like 'hostname';"
+---------------+------------------+
| Variable_name | Value            |
+---------------+------------------+
| hostname      | node01.srv.world |
+---------------+------------------+
[cent@client ~]$ mysql -u serverworld -ppassword -h www.srv.world -e "show variables like 'hostname';"
+---------------+------------------+
| Variable_name | Value            |
+---------------+------------------+
| hostname      | node02.srv.world |
+---------------+------------------+
[cent@client ~]$ mysql -u serverworld -ppassword -h www.srv.world -e "show variables like 'hostname';"
+---------------+------------------+
| Variable_name | Value            |
+---------------+------------------+
| hostname      | node01.srv.world |
+---------------+------------------+
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)