Stream动态VS
1. 功能说明
stream动态VS功能,支持对stream的server进行动态添加、删除,可以对支持在server中添加的指令进行便捷的配置。
支持添加tcp server和udp server两种类型。
2. 依赖模块
动态VS功能依赖模块:
njet.conf
load_module modules/njt_stream_dyn_server_module.so; njet_ctrl.conf
load_module modules/njt_stream_dyn_server_api_module.so;3. 配置说明
njet.conf (数据面配置)
helper broker modules/njt_helper_broker_module.so conf/mqtt.conf;
helper ctrl modules/njt_helper_ctrl_module.so conf/ctrl.conf;
load_module modules/njt_stream_dyn_server_module.so; #配置stream动态VS 模块
user root root;
cluster_name helper;
node_name node-u01;
error_log logs/error.log info;
pid logs/njet.pid;
events {
worker_connections 1024;
}
http {
dyn_kv_conf conf/iot-work.conf;
include mime.types;
default_type application/octet-stream;
access_log logs/access.log;
vhost_traffic_status_zone;
vhost_traffic_status_filter_by_set_key $request_uri "$realip_remote_addr to $server_name";
variables_hash_max_size 2048;
sendfile on;
keepalive_timeout 65;
upstream backend1 {
zone backend1_zone 128k;
server 127.0.0.1:5800;
}
server {
listen 5555;
server_name test-server;
location / {
alias html;
}
}
server {
listen 443 ssl;
server_name dev.test.com;
ssl_reject_handshake off;
ssl_ntls off;
ssl_certificate certs/rsa.dev.test.com.crt.pem;
ssl_certificate_key certs/rsa.dev.test.com.key.pem;
ssl_ciphers RSA+AES128:RSA+AES256:RSA+3DES:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:EECDH+AES256:EECDH+3DES:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
location / {
charset utf-8;
default_type text/html;
return 200 "dev.test.com 443 test ok";
}
}
}
stream {
map $njtmesh_port $mesh_server_name {
17082 server-17082;
18082 server-18082;
19082 server-19082;
default "123";
}
upstream backend_s1 {
zone backend_s1 1m;
server 127.0.0.1:5555;
}
server {
listen 22222 mesh;
proxy_pass backend_s1;
}
server {
listen 22223 udp mesh;
return "22223 udp ok";
}
server {
listen 22224 ssl mesh;
ssl_certificate certs/ca/ECC/ecc-root_cert.pem;
ssl_certificate_key certs/ca/ECC/ecc-root_private_key.pem;
return "22224 ssl ok";
}
}njet_ctrl.conf (控制面配置)
load_module modules/njt_http_sendmsg_module.so;
load_module modules/njt_ctrl_config_api_module.so;
load_module modules/njt_http_location_api_module.so;
load_module modules/njt_doc_module.so;
load_module modules/njt_stream_dyn_server_api_module.so; #配置stream动态VS api模块
events {
worker_connections 1024;
}
error_log logs/error_ctrl.log debug;
http {
dyn_sendmsg_conf conf/iot-ctrl.conf;
access_log logs/access_ctrl.log combined;
include mime.types;
server {
listen 8081;
location /api {
dyn_module_api;
}
location /doc {
doc_api;
}
}
}
cluster_name helper;
node_name node1;4. API说明
添加接口:
POST http://IP+port/api/v1/stream_srv删除接口:
PUT http://IP+port/api/v1/stream_srv新增VS API
| 配置项 | 必填 | 配置说明 |
|---|---|---|
| type | 是 | “add” 添加 VS |
| addr_port | 是 | 添加的主机的,port 端口。 例如:“192.168.40.203:8000”, 或 “0.0.0.0:8000”。如要添加udp VS: 例如:“192.168.40.203:8000 udp”, 或 “0.0.0.0:8000 udp” |
| listen_option | 否 | 监听的参数。如果该port在njet中已监听,则会根据该端口配置自适应。如果该端口未监听,目前仅支持字段“ssl"。 |
| server_name | 是 | 主机的server_name, 例如:“cluster.tmlake.com"VS的server_name唯一,不允许重复。 |
| server_body | 是 | server_body server 块内的指令集,每条指令用分号分隔。server_body内容可以为空。 |
删除VS API
| 配置项 | 必填 | 配置说明 |
|---|---|---|
| type | 是 | “del” 删除VS |
| addr_port | 是 | 添加的主机的,port 端口。 例如:“192.168.40.203:8000”, 或 “0.0.0.0:8000” |
| server_name | 是 | 主机的server_name, 例如:“cluster.tmlake.com” |
特殊说明:
NJet现在支持添加已监听的端口和未监听的端口。
在已监听的端口上新增VS时,需要配置监听参数”mesh”,并配合map进行访问,
示例:
map $njtmesh_port $mesh_server_name {
17082 server-17082;
27082 server-27082;
37082 server-37082;
default "123";
}
server {
listen 22222 mesh;
proxy_pass backend_s1;
}配置好访问时需要配合iptables设置端口转发:
iptables -t nat -A OUTPUT -d 192.168.40.119 -p tcp -m tcp --dport 17082 -j DNAT --to-destination 192.168.40.119:22222添加一个stream的VS:
curl -v -X POST http://127.0.0.1:8081/api/v1/stream_srv -d '{
"type": "add",
"addr_port": "0.0.0.0:22222",
"server_name": "server-17082",
"server_body": "return \"17082 ok\";"
}'访问该server时,使用curl进行访问:
curl --http0.9 http://192.168.40.119:17082/收到返回值:
17082 ok5.调用样例
5.1 新增stream tcp类型的VS
通过POST方法新增streamVS
curl -v -X POST http://127.0.0.1:8081/api/v1/stream_srv -d '{
"type": "add",
"addr_port": "0.0.0.0:22222",
"server_name": "server-17082",
"server_body": "return \"17082 ok\";"
}'返回值
* processing: http://127.0.0.1:8081/api/v1/stream_srv
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081
> POST /api/v1/stream_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 149
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/3.3.1.1
< Date: Wed, 24 Sep 2025 07:59:12 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}配置好访问时需要配合iptables设置端口转发:
iptables -t nat -A OUTPUT -d 192.168.40.119 -p tcp -m tcp --dport 17082 -j DNAT --to-destination 192.168.40.119:22222使用curl进行访问:
curl --http0.9 http://192.168.40.119:17082/收到返回值:
17082 ok5.2 新增stream udp类型的VS
通过POST方法新增streamVS
curl -v -X POST http://127.0.0.1:8081/api/v1/stream_srv -d '{
"type": "add",
"addr_port": "0.0.0.0:22223 udp",
"server_name": "server-18082",
"server_body": "return \"18082 ok\";"
}'返回
* processing: http://127.0.0.1:8081/api/v1/stream_srv
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081
> POST /api/v1/stream_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 153
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/3.3.1.1
< Date: Wed, 24 Sep 2025 08:41:55 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}配置iptables进行转发:
iptables -t mangle -A PREROUTING -p udp -d 192.168.40.119 --dport 18082 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 22223使用nc进行访问:
nc -u 192.168.40.119 18082收到返回值:
18082 ok5.3 新增stream tcp类型未监听端口的VS
通过POST方法新增streamVS
curl -v -X POST http://127.0.0.1:8081/api/v1/stream_srv -d '{
"type": "add",
"addr_port": "0.0.0.0:23333",
"server_name": "server-23333",
"server_body": "return \"23333 ok\";"
}'返回
* processing: http://127.0.0.1:8081/api/v1/stream_srv
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081
> POST /api/v1/stream_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 153
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/3.3.1.1
< Date: Wed, 24 Sep 2025 08:41:55 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}使用curl进行访问:
curl --http0.9 http://192.168.40.119:23333/收到返回值:
23333 ok5.4 删除stream tcp类型VS
通过PUT方法删除streamVS
curl -v -X PUT http://127.0.0.1:8081/api/v1/stream_srv -d '{
"type": "del",
"addr_port": "0.0.0.0:22222",
"server_name": "server-17082"
}'返回值
* processing: http://127.0.0.1:8081/api/v1/stream_srv
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081
> PUT /api/v1/stream_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 102
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/3.3.1.1
< Date: Wed, 24 Sep 2025 08:57:11 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}5.5 删除stream udp类型VS
通过PUT方法删除streamVS
curl -v -X PUT http://127.0.0.1:8081/api/v1/stream_srv -d '{
"type": "del",
"addr_port": "0.0.0.0:22223 udp",
"server_name": "server-17082"
}'返回值
* processing: http://127.0.0.1:8081/api/v1/stream_srv
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081
> PUT /api/v1/stream_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 102
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/3.3.1.1
< Date: Wed, 24 Sep 2025 08:57:11 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}5.6 在动态VS中配置证书
通过POST方法添加VS
curl -v -X POST http://127.0.0.1:8081/api/v1/stream_srv -d '{
"type": "add",
"addr_port": "0.0.0.0:22224",
"server_name": "server-19082",
"server_body": "ssl_certificate certs/ca/RSA/rsa.server.cer.pem;ssl_certificate_key certs/ca/RSA/rsa.server.key.pem;return \"ssl ok\";"
}'返回值
* processing: http://127.0.0.1:8081/api/v1/stream_srv
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081
> POST /api/v1/stream_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 327
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/3.3.1.1
< Date: Mon, 13 Oct 2025 07:07:35 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}配置好访问时需要配合iptables设置端口转发:
iptables -t nat -A OUTPUT -d 192.168.40.119 -p tcp -m tcp --dport 19082 -j DNAT --to-destination 192.168.40.119:22224使用curl进行访问:
curl --http0.9 -k https://192.168.40.119:19082/收到返回值:
ssl ok5.7 静态配置中不配置默认证书,添加VS中添加证书。
njet.conf
helper broker modules/njt_helper_broker_module.so conf/mqtt.conf;
helper ctrl modules/njt_helper_ctrl_module.so conf/ctrl.conf;
load_module modules/njt_stream_dyn_server_module.so; #配置stream动态VS 模块
user root root;
cluster_name helper;
node_name node-u01;
error_log logs/error.log info;
pid logs/njet.pid;
events {
worker_connections 1024;
}
http {
dyn_kv_conf conf/iot-work.conf;
include mime.types;
default_type application/octet-stream;
access_log logs/access.log;
vhost_traffic_status_zone;
vhost_traffic_status_filter_by_set_key $request_uri "$realip_remote_addr to $server_name";
variables_hash_max_size 2048;
sendfile on;
keepalive_timeout 65;
upstream backend1 {
zone backend1_zone 128k;
server 127.0.0.1:5800;
}
server {
listen 5555;
server_name test-server;
location / {
alias html;
}
}
server {
listen 443 ssl;
server_name dev.test.com;
ssl_reject_handshake off;
ssl_ntls off;
ssl_certificate certs/rsa.dev.test.com.crt.pem;
ssl_certificate_key certs/rsa.dev.test.com.key.pem;
ssl_ciphers RSA+AES128:RSA+AES256:RSA+3DES:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:EECDH+AES256:EECDH+3DES:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
location / {
charset utf-8;
default_type text/html;
return 200 "dev.test.com 443 test ok";
}
}
}
stream {
map $njtmesh_port $mesh_server_name {
17082 server-17082;
18082 server-18082;
19082 server-19082;
default "123";
}
upstream backend_s1 {
zone backend_s1 1m;
server 127.0.0.1:5555;
}
server {
listen 22222 mesh;
proxy_pass backend_s1;
}
server {
listen 22223 udp mesh;
return "22223 udp ok";
}
server {
listen 22224 ssl mesh;
ssl_reject_handshake on;
return "22224 ssl ok";
}
}通过POST方法添加VS
curl -v -X POST http://127.0.0.1:8081/api/v1/stream_srv -d '{
"type": "add",
"addr_port": "0.0.0.0:22224",
"server_name": "server-19082",
"server_body": "ssl_certificate certs/ca/RSA/rsa.server.cer.pem;ssl_certificate_key certs/ca/RSA/rsa.server.key.pem;return \"ssl ok\";"
}'返回值
* processing: http://127.0.0.1:8081/api/v1/stream_srv
* Trying 127.0.0.1:8081...
* Connected to 127.0.0.1 (127.0.0.1) port 8081
> POST /api/v1/stream_srv HTTP/1.1
> Host: 127.0.0.1:8081
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Length: 327
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Server: njet/3.3.1.1
< Date: Mon, 13 Oct 2025 07:07:35 GMT
< Content-Type: application/json
< Content-Length: 27
< Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
{"code":0,"msg":"success."}配置好访问时需要配合iptables设置端口转发:
iptables -t nat -A OUTPUT -d 192.168.40.119 -p tcp -m tcp --dport 19082 -j DNAT --to-destination 192.168.40.119:22224使用curl进行访问:
curl --http0.9 -k https://192.168.40.119:19082/收到返回值:
ssl ok