user nginx; worker_processes auto; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; events { worker_connections 10240; } stream { upstream emqxtcp { server emqx1:1883; server emqx2:1883; server emqx3:1883; } upstream emqxtls { # weight # down: Indicates that the current server is temporarily excluded from load balancing. # weight: Default is 1, where higher weight results in a larger load share. # max_fails: Maximum number of allowed request failures; defaults to 1. # fail_timeout: Timeout after which failures are considered; default is 10 seconds. After reaching max_fails failures, the server is paused. # backup: When other non-backup servers are down or busy, requests are sent to the backup server. server emqx1-cluster.emqx.io:1883 weight=1 max_fails=2 ; server emqx2-cluster.emqx.io:1883 weight=1 max_fails=2 down; server emqx3-cluster.emqx.io:1883 weight=2 max_fails=2; } # 多网卡 # split_clients "$remote_addr$remote_port" $multi_ip { # 20% 10.211.55.5; # 20% 10.211.55.20; # 20% 10.211.55.21; # 20% 10.211.55.22; # * 10.211.55.23; # } # TCP server { listen 1883; # Multiple Network Interfaces #proxy_bind $multi_ip; proxy_pass emqxtcp; # EMQX corresponding listeners need to enable the proxy protocol. # proxy_protocol on; } # TLS server { listen 8883 ssl; # If the certificate doesn't match the hostname, validation needs to be disabled. ssl_verify_client off; ssl_verify_depth 0; ssl_certificate /etc/nginx/certs/cert.pem; ssl_certificate_key /etc/nginx/certs/key.pem; ssl_handshake_timeout 15s; proxy_pass emqxtls; proxy_buffer_size 4k; # EMQX corresponding listeners need to enable the proxy protocol. # proxy_protocol on; } } http { # Nginx status server { listen 8888; location /status { stub_status on; access_log off; } } upstream emqxws { server emqx1-cluster.emqx.io:8083; server emqx2-cluster.emqx.io:8083; server emqx3-cluster.emqx.io:8083; } # ws server { listen 8083; location /mqtt { proxy_pass http://emqxws; # websocket连接的Upgrade必须设置为WebSocket,表示在取得服务器响应之后,使用HTTP升级将HTTP协议转换(升级)为WebSocket协议 proxy_set_header Upgrade $http_upgrade; # websocket 的Connection必须设置为Upgrade,表示客户端希望连接升级 proxy_set_header Connection "Upgrade"; #反向代理真实IP proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #禁用缓存 proxy_buffering off; } } # wss server { listen 8084 ssl; ssl_certificate /etc/nginx/certs/cert.pem; ssl_certificate_key /etc/nginx/certs/key.pem; location /mqtt { proxy_pass http://emqxws; # WebSocket Connection Upgrade must be set to "WebSocket," indicating that after receiving a server response, the HTTP protocol is transformed (upgraded) to the WebSocket protocol. proxy_set_header Upgrade $http_upgrade; # WebSocket Connection header must be set to "Upgrade," indicating that the client wishes to upgrade the connection. proxy_set_header Connection "Upgrade"; # Proxy Real IP proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Disable Caching proxy_buffering off; } } }