破晓·强袭 2024-03-28 11:45 采纳率: 0%
浏览 40

nginx代理不到kafka

有采集服务器A,nginx服务器B,内网kafka服务器C
服务器B代理了kafka的端口
这是配置

stream {
  upstream brokers{
    server 172.18.38.201:9092;    #监控节点的ip:port
    server 172.18.38.202:9092;
    server 172.18.38.203:9092;
  }
  server {
    listen 8080 ;     #监听端口
    proxy_pass brokers;
  }
}

在服务器A中使用telegraf采集服务器信息通过output.kafka发送给服务器C,nginx服务器B代理服务器A的数据。
这是telegraf的配置

[[outputs.kafka]]
topic = "hypervisor"
brokers = ["172.24.195.37:8080"]
insecure_skip_verify=true
# client_id="Telegraf"
version="0.11.0.0"
metadata_full=true
enable_tls=false
data_format = "json"

现在采集时报错连接超时

2024-03-28T03:09:30Z D! [sarama] Closed connection to broker 172.24.195.37:8080
2024-03-28T03:09:30Z D! [sarama] client/metadata no available broker to send metadata request to
2024-03-28T03:09:30Z D! [sarama] client/brokers resurrecting 1 dead seed brokers
2024-03-28T03:09:30Z D! [sarama] client/metadata retrying after 250ms... (0 attempts remaining)
2024-03-28T03:09:30Z D! [sarama] Net.TLS is disabled but a non-nil configuration was provided.
2024-03-28T03:09:30Z D! [sarama] client/metadata fetching metadata for all topics from broker 172.24.195.37:8080
2024-03-28T03:09:30Z D! [sarama] Connected to broker at 172.24.195.37:8080 (unregistered)
2024-03-28T03:10:00Z D! [sarama] client/metadata got error from broker -1 while fetching metadata: read tcp 172.16.239.52:48894->172.24.195.37:8080: i/o timeout
  • 写回答

3条回答 默认 最新

  • 专家-皆知 2024-03-28 11:45
    关注

    引自免费微信小程序:皆我百晓生

    问题描述: 在Nginx作为代理的情况下,当通过telegraf进行数据采集并代理到Kafka时,可能出现"连接超时"的问题,具体表现为:

    1. Telegraf向Kafka发送的数据在接收到后无法正确解析。
    2. 配置中的Nginx配置项proxy_pass未设置正确,导致Nginx不能与Kafka服务器进行连接。
    3. Nginx监听的8080端口没有被正确配置为Kafka的监听端口。
    4. KAFKA的相关配置项如brokersclient_id等未指定为Nginx代理服务器A上的服务地址。
    5. Kafka服务器B通过telgraf被Nginx代理,并且在启动时设置了非HTTPS通信选项(insecure_skip_verify)导致TLS/TLS扩展模块无法工作,从而引发连接超时问题。

    以下是在Nginx及Kafka的基础架构上提供的解决方案:

    1. Nginx配置
    server {
    listen 8080;     # Listen port of the application or data source
    location / {
        proxy_pass https://your-kafka-server.com:9092; # Replace with your Kafka server's address and port
        # Add SSL/TLS configuration if needed, e.g., using certbot or a CA installed on your system
    }
}

server {
    listen 8081;     # Listen port of the agent-side tool (e.g., telegraf)
    location /agent {
        include proxy.conf;
    }

    # Add TLS/TLS configuration if needed, e.g., using certbot or a CA installed on your system
    include proxy_config/nginx.conf;

    # SSL/TLS certificates must be installed on the proxy side
    ssl_certificate /path/to/cert.pem; # replace with path to your trusted CA certificate file
    ssl_certificate_key /path/to/key.pem; # replace with path to your trusted private key file

    include nginx/*.conf;  # Include the custom nginx.conf file for the specific task
}
    1. Kafka Configuration:
    kafka {
    bootstrap.servers: ["your-kafka-server.com:9092"],   # Replace with your Kafka servers' addresses and ports
    group.id: "your-group-id",       # Replace with your Kafka group ID
    ssl=verify=tls ,                # Enable TLS/TLS verification
    insecure_skip_verify = false,    # Skip SSL/TLS validation when setting `insecureSkipVerify` to true
}
    1. Nginx Proxy Config:
    upstream kafka_server_b {
    server 172.18.38.201:9092;
    server 172.18.38.202:9092;
    server 172.18.38.203:9092;
}

server {
    listen 8080;     # Listen port of the application or data source
    location / {
        proxy_pass kafka_server_b;
        include proxy.conf;
    }

    # Add SSL/TLS configuration if needed, e.g., using certbot or a CA installed on your system
    include proxy_config/nginx.conf;

    # SSL/TLS certificates must be installed on the proxy side
    ssl_certificate /path/to/cert.pem; # replace with path to your trusted CA certificate file
    ssl_certificate_key /path/to/key.pem; # replace with path to your trusted private key file

    include nginx/*.conf;  # Include the custom nginx.conf file for the specific task
}
    1. Telegraf Configuration:
    [inputs.kafka]
topics = "hypervisor"
brokers = ["your-kafka-server.com:9092"]
insecure_skip_verify = true
# client_id="Telegraf"
version="0.11.0.0"
metadata_full = true
enable_tls = false
data_format = "json"

[data]
{
    "source": "https://localhost:8080/agent",
    "tags": [
        { "name": "Name", "value": "Nginx Agent" },
        { "name": "Environment", "value": "Production" },
        { "name": "Function", "value": "Agent" },
    ],
    "labels": [],
}

    确保上述配置文件已成功保存在当前目录下,并且已重启Nginx和Kafka服务器以应用更改。若Kafka服务器需要使用HTTPS通信,建议修改Nginx配置以启用SSL/TLS,例如:

    ssl_certificate /path/to/cert.pem; # replace with path to your trusted CA certificate file
ssl_certificate_key /path/to/key.pem; # replace with path to your trusted private key file

include proxy_config/nginx.conf;

# SSL/TLS certificates must be installed on the proxy side
ssl_certificate /path/to/ssl/server.crt; # replace with path to your server certificate file
ssl_certificate_key /path/to/ssl/server.key; # replace with path to your server private key file

location /agent {
    include proxy.conf;
}

    注意:这些示例配置依赖于您已经安装的SSL/TLS证书和私钥,以及您的实际Kafka服务器IP和端口号。您可能需要根据实际情况对上述配置进行调整,例如使用系统环境变量或虚拟主机配置文件。如果您的服务器位于不同的网络环境中,您可能需要相应地修改Nginx内部的listeninclude指令,以指向正确的Kafka服务器。同时,确保代理服务器A和Kafka服务器C之间的HTTPS连接也已打开。在部署过程中,请务必根据具体的业务需求和条件,选择适合您的解决方案。

    评论 编辑记录

报告相同问题?

问题事件

  • 创建了问题 3月28日

悬赏问题

  • ¥15 openpcdet自制数据集评估bev精度和3d精度相同
  • ¥15 excel 上下按钮 显示行
  • ¥20 云卓h12pro 数传问题
  • ¥20 请问有人知道怎么用工艺库里面的sdb文件通过virtuoso导出来library里面每个cell的symbol吗?
  • ¥20 海思 nnie 编译 报错
  • ¥50 决策面并仿真,要求有仿真结果图
  • ¥15 关于路由器的路由协议配置
  • ¥15 springboot接入微信支付SDK
  • ¥50 大区域的遥感影像匹配 怎么做啊
  • ¥15 求解答:pytorch跑yolov8神经网络受挫