Carlos Aguni

Highly motivated self-taught IT analyst. Always learning and ready to explore new skills. An eternal apprentice.

Nginx Stream Load balancer

05 Jun 2022 »

https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/

docker-compose.yml

version: "3"

services:
  nginx:
    image: nginx
    ports:
      - 8080:8080
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
  mypython:
    image: python
    command: python3 -m http.server 8000

nginx.conf


user  nginx; worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

stream {
    server {
        listen 8080;
        proxy_pass mypython:8000;
    }
}

Test 2 proxy

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./nginx-selfsigned.key -out ./nginx-selfsigned.crt

docker-compose.yml

version: "3"

services:
  nginx:
    image: nginx
    ports:
      - 8080:8080
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./nginx-selfsigned.crt:/nginx-selfsigned.crt
      - ./nginx-selfsigned.key:/nginx-selfsigned.key
  app1:
    image: python
    command: bash -c "
        mkdir 1;
        cd 1;
        touch 1;
        python3 -m http.server 8000
        "
  app2:
    image: python
    command: bash -c "
        mkdir 2;
        cd 2;
        touch 2;
        python3 -m http.server 8000
        "
  app3:
    image: python
    command: bash -c "
        mkdir 3;
        cd 3;
        touch 3;
        python3 -m http.server 8000
        "

nginx.conf


user  nginx; worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

stream {
    map_hash_max_size 128;
    map_hash_bucket_size 128;
    log_format basic 'ssl_preread_server_name $ssl_preread_server_name'
                     'ssl_server_name $ssl_server_name';
    access_log /dev/stdout basic;
    map $ssl_server_name $name {
    #map $ssl_preread_server_name $name {
    #map $host $name {
        myapp1 app1;
        myapp2 app2;
        myapp3 app3;
    }
    upstream app1 {
        server app1:8000;
    }
    upstream app2 {
        server app2:8000;
    }
    upstream app3 {
        server app3:8000;
    }
    server {
        ssl_certificate /nginx-selfsigned.crt;
        ssl_certificate_key /nginx-selfsigned.key;
        listen 8080 ssl;
        proxy_pass $name;
        ssl_preread on;
        resolver 127.0.0.11 ipv6=off;
    }
}

curl -k https://myapp1:8080
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Directory listing for /</title>
</head>
<body>
<h1>Directory listing for /</h1>
<hr>
<ul>
<li><a href="1">1</a></li>
</ul>
<hr>
</body>
</html>