ngnix邮件代理

1. 背景

最近在做k8s的监控,采用Prometheus方案,在Alertmanager中设置邮件告警,但受限于DCN网环境,不能直接访问外网,只能通过一台OA网的机器来代理访问。

新版本nginx有TCP反向代理功能,于是本文就用TCP反向功能作mail代理。

2. Nginx安装

gzip模块需要 zlib 库:

http://www.zlib.net/fossils/
wget http://www.zlib.net/fossils/zlib-1.2.11.tar.gz

rewrite模块需要 pcre 库:

https://ftp.pcre.org/pub/pcre/
wget https://sourceforge.net/projects/pcre/files/pcre/8.42/pcre-8.42.tar.gz/

ssl 功能需要openssl库:

https://www.openssl.org/source/

wget https://www.openssl.org/source/openssl-1.0.2s.tar.gz

安装gcc:

yum install gcc gcc-c++

下载nginx源码包:

wget http://nginx.org/download/nginx-1.17.0.tar.gz

解压缩:

tar xvf pcre-8.42.tar.gz

cd pcre-8.42
./configure  
make & make install


tar zxf openssl-1.0.2s.tar.gz
cd openssl-1.0.2s/
./config enable-tl***t
make & make install
 

tar zxvf nginx-1.17.0.tar.gz
 

构建:

cd nginx-1.17.0
 
 
mkdir /usr/local/nginx

./configure --with-pcre=../pcre-8.42 --with-openssl=../openssl-1.0.2s --with-zlib=../zlib-1.2.11  --with-stream --with-stream_ssl_module --prefix=/usr/local/nginx/ --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_gzip_static_module --with-cc-opt=-O3 --with-http_gunzip_module --with-http_random_index_module --with-http_secure_link_module --with-http_auth_request_module --with-http_sub_module --with-http_stub_status_module --with-threads --with-stream_ssl_module --with-http_slice_module --with-file-aio --with-http_v2_module 
 
 
make & make install

启动

nohup /usr/local/nginx/sbin/nginx &
  1. Nginx配置

cat nginx.conf


worker_processes  8;

error_log  logs/info.log  info;

#pid        logs/nginx.pid;

 
events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    #设定请求缓冲  
    server_names_hash_bucket_size 128;  
    client_header_buffer_size 32k;  
    large_client_header_buffers 4 32k;  
    client_max_body_size 300m;  
    #sendfile on;  
    tcp_nopush     on;  
    #keepalive_timeout 60;  
    tcp_nodelay on;  
    server_tokens off;  
    client_body_buffer_size 512k;  
    proxy_connect_timeout   20;  
    proxy_send_timeout      60;  
    proxy_read_timeout      20;  
    proxy_buffer_size       16k;  
    proxy_buffers           4 64k;  
    proxy_busy_buffers_size 128k;  
    proxy_temp_file_write_size 128k;   
    client_header_timeout  3m;  
    client_body_timeout    3m;  
    send_timeout           3m;  


    gzip on;#开启gzip,节省带宽  
    gzip_min_length  1100;  
    gzip_buffers     4 8k;  
    gzip_types       text/plain text/css application/x-javascript image/bmp application/javascript;     

    output_buffers   1 32k;  
    postpone_output  1460;  

    limit_rate_after 3m;#限速模块,前3M下载时不限速  
    limit_rate 512k; #限速模块   

    include vhost/*.conf;

}

stream {
    include stream/*.conf;
}

cat stream/mail_pro.conf

#TCP 反向代理负载均衡设置
upstream mailsmtp_pro {
    server smtp.189.cn:25;
}

server {
        listen 25; # 对外提供服务TCP监听
        proxy_connect_timeout 5s;
        proxy_timeout 5s;
        proxy_pass mailsmtp_pro;
}

重新加载配置:

./nginx -s reload

可以看到转发的日志

019/07/26 14:23:11 [info] 32745#32745: *1 client 132.122.237.89:56316 connected to 132.122.237.242:25
2019/07/26 14:23:11 [info] 32745#32745: *1 proxy 132.122.237.242:43036 connected to 14.116.139.30:25
2019/07/26 14:23:12 [info] 32745#32745: *1 client disconnected, bytes from/to client:1177/192, bytes from/to upstream:192/1177
2019/07/26 14:23:42 [info] 32746#32746: *3 client 132.122.237.89:56329 connected to 132.122.237.242:143
2019/07/26 14:23:42 [info] 32746#32746: *3 proxy 132.122.237.242:43142 connected to 183.61.185.69:143
2019/07/26 14:23:42 [info] 32746#32746: *3 upstream disconnected, bytes from/to client:226/384, bytes from/to upstream:384/226
2019/07/26 14:23:46 [info] 32746#32746: *5 client 132.122.237.89:56330 connected to 132.122.237.242:143
2019/07/26 14:23:46 [info] 32746#32746: *5 proxy 132.122.237.242:50124 connected to 14.116.139.30:143
2019/07/26 14:23:49 [info] 32746#32746: *5 upstream disconnected, bytes from/to client:1480/9552, bytes from/to upstream:9552/1480
2019/07/26 14:24:46 [info] 32746#32746: *7 client 132.122.237.89:56346 connected to 132.122.237.242:25
2019/07/26 14:24:46 [info] 32746#32746: *7 proxy 132.122.237.242:43052 connected to 14.116.139.30:25
2019/07/26 14:24:46 [info] 32746#32746: *7 client disconnected, bytes from/to client:84/131, bytes from/to upstream:131/84

你可能感兴趣的:(中间件)