-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
11 changed files
with
78 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
## Using EC2 to configure database agents | ||
|
||
Create one EC2 instance as the database proxy. Install Nginx to set port forwarding. For example: | ||
|
||
|
||
### Step 1:Install | ||
`sudo yum install nginx nginx-mod-stream` | ||
### Step 2:Start | ||
`sudo systemctl start nginx` | ||
### Step 3:View status | ||
`systemctl status nginx` | ||
### Step 4:Edit /etc/nginx/nginx.conf | ||
`sudo vim /etc/nginx/nginx.conf` | ||
Add content similar to the following at the end of the file | ||
``` | ||
stream { | ||
upstream backend1 { | ||
server 10.0.34.171:3306 max_fails=3 fail_timeout=30s; # Server address can use domain name | ||
} | ||
server { | ||
listen 3306; | ||
proxy_connect_timeout 1s; | ||
proxy_pass backend1; | ||
} | ||
} | ||
``` | ||
### Step 5: Reload configuration file | ||
`sudo nginx -s reload` | ||
### Step 6: Add 2 security groups to the instance | ||
Add Rule to the Proxy security group to allow all TCP entries from the following two security groups:`SDPS-CustomDB`、`StackName-RDSRDSClient` | ||
### Step 7: (Optional) Is the local testing agent effective | ||
``` | ||
sudo yum install telnet | ||
telnet 127.0.0.1 7001 | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,20 +1,35 @@ | ||
## 配置EC2数据库代理 | ||
## 使用EC2配置数据库代理 | ||
|
||
创建1个EC2实例作为数据库代理。安装iptables 设置端口转发。例如: | ||
创建1个EC2实例作为数据库代理。安装Nginx 设置端口转发。例如: | ||
|
||
''' | ||
Step1: 安装 | ||
> sudo yum install iptables | ||
Step2: 启用IP转发。在Linux上,IP转发通常默认禁用。要启用它,编辑/etc/sysctl.conf文件,修改或添加以下内容 | ||
> net.ipv4.ip_forward = 1 | ||
Step3: 应用新的sysctl设置 | ||
> sudo sysctl -p /etc/sysctl.conf | ||
Step4: 设置转发规则 | ||
> # 其他机器,只能是IP,不能是域名 | ||
> sudo iptables -t nat -A PREROUTING -p tcp --dport 444 -j DNAT --to 192.168.1.100:3000 | ||
> sudo iptables -t nat -A POSTROUTING -j MASQUERADE | ||
Step5: 保存规则以便重启有效 | ||
> sudo service iptables save | ||
Step6: 查看NAT规则 | ||
> sudo iptables -L -n -v --line-numbers -t nat | ||
''' | ||
|
||
### Step 1:安装 | ||
`sudo yum install nginx nginx-mod-stream` | ||
### Step 2:启动 | ||
`sudo systemctl start nginx` | ||
### Step 3:查看状态 | ||
`systemctl status nginx` | ||
### Step 4:编辑/etc/nginx/nginx.conf文件 | ||
`sudo vim /etc/nginx/nginx.conf` | ||
在文件末尾添加类似以下内容 | ||
``` | ||
stream { | ||
upstream backend1 { | ||
server 10.0.34.171:3306 max_fails=3 fail_timeout=30s; # server地址可以使用域名 | ||
} | ||
server { | ||
listen 3306; | ||
proxy_connect_timeout 1s; | ||
proxy_pass backend1; | ||
} | ||
} | ||
``` | ||
### Step 5: 重新加载配置文件 | ||
`sudo nginx -s reload` | ||
### Step 6: 为实例添加安全组 | ||
Proxy安全组添加Rule,允许以下2个安全组的所有TCP进入:`SDPS-CustomDB`、`堆栈名-RDSRDSClient` | ||
### Step 7: (可选)本地测试代理是否生效 | ||
``` | ||
sudo yum install telnet | ||
telnet 127.0.0.1 7001 | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters