nginx如何實現數據庫端口轉發

出于數據安全性考慮,正常情況下,網站或者項目的數據庫一般都是禁止外網訪問,或者只允許部分主機訪問。那么,如何才能不修改這類權限的前提下,讓其他被禁止訪問的主機也能訪問這個數據庫呢。這時,nginx的作用就體現出來了。

1、mysql為例

oracle、sqlserver等數據庫配置和下面配置一樣,只是數據庫的端口不一樣而已
需要注意的是這個配置要寫在http外邊

#使用nginx做數據庫端口轉發 stream?{ ????upstream?sql?{??? ????#?配置數據庫的ip和端口 ????????server?172.16.8.190:3306?weight=1?max_fails=2?fail_timeout=30s;??? ????} ????server?{ ?????#?配置本機暴露端口 ???????listen?????925; ???????proxy_connect_timeout?1s; ???????proxy_timeout?3s; ???????proxy_pass?sql; ????} }

2、完整配置如下

#user??nobody;#配置用戶或者用戶組,默認為nobody worker_processes??2;#允許生成的進程數,默認為1  #制定日志路徑,級別。這個設置可以放入全局塊,http塊,server塊, #級別以此為:debug|info|notice|warn|error|crit|alert|emerg #error_log??logs/error.log; #error_log??logs/error.log??notice; #error_log??logs/error.log??info;  #pid????????logs/nginx.pid;#指定nginx進程運行文件存放地址   events?{ ????worker_connections??1024;????#最大連接數,默認為512 ????accept_mutex?on;???#設置網路連接序列化,防止驚群現象發生,默認為on ????multi_accept?on;??#設置一個進程是否同時接受多個網絡連接,默認為off ????#use?epoll;??????#事件驅動模型,select|poll|kqueue|epoll|resig|/dev/poll|eventport }  stream?{ ????upstream?sql?{??? ????????server?172.16.8.190:3306?weight=1?max_fails=2?fail_timeout=30s;??? ????} ????server?{ ???????listen?????925; ???????proxy_connect_timeout?1s; ???????proxy_timeout?3s; ???????proxy_pass?sql; ????} }  http?{ ????include???????mime.types; ????default_type??application/octet-stream;  ????#log_format??main??'$remote_addr?-?$remote_user?[$time_local]?"$request"?' ????#??????????????????'$status?$body_bytes_sent?"$http_referer"?' ????#??????????????????'"$http_user_agent"?"$http_x_forwarded_for"';  ????#access_log??logs/access.log??main;  ????sendfile????????on; ????#tcp_nopush?????on;  ????#keepalive_timeout??0; ????keepalive_timeout??65;  ????#gzip??on;  ????#配置tomcat的IP地址和訪問端口 ????upstream?tomcat?{ ????????server?172.16.8.190:8080; ???????? ?????} ???? ????server?{ ????????listen???????9008; ????????server_name??172.16.8.190; ????#header?name含下劃線 ????underscores_in_headers?on;? ????#charset?gbk;?#?編碼設置 ????#開啟gzip壓縮 ????????#gzip模塊設置 ????????gzip?on;?#開啟gzip壓縮輸出 ????????gzip_min_length?1k;?#最小壓縮文件大小 ????????gzip_buffers?4?16k;?#壓縮緩沖區 ????????gzip_http_version?1.0;?#壓縮版本(默認1.1,前端如果是squid2.5請使用1.0) ????????gzip_comp_level?2;?#壓縮等級 ????????gzip_types?text/plain?application/x-javascript?text/css?application/xml; ????????#壓縮類型,默認就已經包含text/html,所以下面就不用再寫了,寫上去也不會有問題,但是會有一個warn。 ????????gzip_vary?on; ????????#charset?koi8-r; ????????#charset?utf-8,gbk;?#?避免中文亂碼 ????????#root????D:/htmlPage/dist;? ????????#access_log??logs/host.access.log??main; ????location?/{ ????????#這個地方指定被訪問的文件夾位置 ????????root???D:/htmlPage; ????????index??index.html?index.htm; ????????#limit_rate?1280k;?#限制速度 ????????client_max_body_size??100M; ????????allow?all; ????????autoindex?on; ????????proxy_set_header?X-Real-IP??$remote_addr; ????????proxy_set_header?Host?$host; ????????proxy_set_header?X-Real-IP?$remote_addr; ????????proxy_set_header?X-Forwarded-For?$proxy_add_x_forwarded_for; ????????add_header?'Access-Control-Allow-Headers'?'Content-Type'; ????????add_header?'Access-Control-Allow-Methods'?'GET'; ????????add_header?'Access-Control-Allow-Methods'?'POST'; ????????add_header?'Access-Control-Allow-Credentials'?'true'; ????????add_header?'Access-Control-Allow-Origin'?'*'; ????????proxy_connect_timeout???????600s; ????????proxy_read_timeout??????????600s; ????????proxy_send_timeout??????????600s;? ????????access_log?off; ????????break; ????????} ?????} ?}

? 版權聲明
THE END
喜歡就支持一下吧
點贊7 分享