服务器配置:
1、硬件:4H8G
2、系统:CentOS7
3、EMQX 版本:开源版V5.3.1
4、Nginx 配置
#user nobody;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
#pid /usr/local/nginx/logs/nginx.pid;
pid /var/run/nginx.pid;
events {
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
upstream mqtt_websocket_servers {
ip_hash;
server 192.168.101.201:8083 max_fails=2 fail_timeout=10s;
server 192.168.101.202:8083 max_fails=2 fail_timeout=10s;
server 192.168.101.203:8083 max_fails=2 fail_timeout=10s;
}
server {
listen 8888;
server_name localhost;
server_name 192.168.101.200;
location /status {
stub_status on;
access_log off;
}
}
server {
listen 80;
server_name 192.168.101.200;
location /mqtt {
proxy_pass http://mqtt_websocket_servers;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# 禁用缓存
proxy_buffering off;
proxy_connect_timeout 10s;
# WebSocket 连接有效时间
# 在该时间内没有数据交互的话 WebSocket 连接会自动断开,默认为 60s
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
# 反向代理真实 IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl;
server_name 192.168.101.200;
# ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_certificate /usr/local/nginx/certs/cacert.pem;
ssl_certificate_key /usr/local/nginx/certs/privkey.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# 添加 CA 证书及开启验证客户端证书参数即可启用双向认证
# ssl_client_certificate /usr/local/nginx/certs/ca.pem;
# ssl_verify_client on;
location /mqtt {
proxy_pass http://mqtt_websocket_servers;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# 反向代理真实 IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 禁用缓存
proxy_buffering off;
}
}
}
stream{
upstream mqtt_servers {
# down:表示当前的 server 暂时不参与负载
# max_fails:允许请求失败的次数;默认为 1
# fail_timeout:失败超时时间,默认 10s, max_fails 达到次数后暂停的请求时间
# backup:其它所有的非backup机器down或者忙的时候,请求backup机器
server 192.168.101.201:1883 max_fails=2 fail_timeout=10s;
server 192.168.101.202:1883 max_fails=2 fail_timeout=10s;
server 192.168.101.203:1883 max_fails=2 fail_timeout=10s;
}
server {
listen 1883;
proxy_pass mqtt_servers;
# 启用此项时,对应后端监听器也需要启用 proxy_protocol
proxy_protocol on;
proxy_connect_timeout 10s;
# 默认心跳时间为 10 分钟
proxy_timeout 1800s;
proxy_buffer_size 3M;
tcp_nodelay on;
}
server {
listen 8883 ssl;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_certificate /usr/local/nginx/certs/cacert.pem;
ssl_certificate_key /usr/local/nginx/certs/privkey.key;
ssl_verify_depth 2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# 添加 CA 证书及开启验证客户端证书参数即可启用双向认证
# ssl_client_certificate /usr/local/nginx/certs/ca.pem;
# ssl_verify_client on;
# ssl_verify_depth 1;
proxy_pass mqtt_servers;
# 启用此项时,对应后端监听器也需要启用 proxy_protocol
proxy_protocol on;
proxy_connect_timeout 10s;
# 默认心跳时间为 10 分钟
proxy_timeout 1800s;
proxy_buffer_size 3M;
tcp_nodelay on;
}
}
5、 EMQX配置
node {
name = "Node1@192.168.101.201"
cookie = "adHqakmd129"
data_dir = "/var/lib/emqx"
}
cluster {
name = clus1
discovery_strategy = manual
}
dashboard {
listeners.http {
bind = 18083
}
}
问题:
1、通过Nginx负载均衡访问集群后需要在EMQX配置中添加哪些配置项
2、访问dashboard使用哪个地址和端口
3、mqtt、mqtts、ws、wss 访问时使用哪个地址和端口。