Today, we will demonstrate how to set up a reverse proxy in OpenResty Edge for TCP connections.

Embeded image

Create a TCP application

Let’s go to the OpenResty Edge’s Admin web console. It is our sample deployment of the console. Every user has their local deployment.

Screenshot

This time, we are going to create an application of type stream.

Let’s enter the stream applications page first.

Screenshot

Click this button to create a new application.

Screenshot

We see two types of stream applications: SNI Proxy and TCP.

Screenshot

Our topic today is TCP applications.

Screenshot

SNI Proxy applications will get covered in another tutorial.

Screenshot

Select the type TCP.

Screenshot

We need to specify a port for this application.

Screenshot

First, we need to add this port to this partition.

Screenshot

Click to edit the partition default.

Screenshot

Click the button to add ports.

Screenshot

We see a new line in the list.

Screenshot

Enter 3307 as the port number.

Screenshot

Click to select Type TCP.

Screenshot

Click the Save button to save it.

Screenshot

You can see that the new port has been successfully added to the default partition.

Screenshot

Changes are automatically released while being saved.

Screenshot

Here you see the synchronization status.

Screenshot

Close this panel.

Screenshot

Enter the port we just added to the default partition.

Screenshot

Then click to create this application.

Screenshot

Create an upstream and a page rule for the TCP application

Go to the upstream page.

Screenshot

Create a new upstream for our backend server.

Screenshot

We give this upstream a name, say, tcp_backend.

Screenshot

Here we need the backend server’s IP address.

Screenshot

We’ve already prepared a MySQL server at this IP address.

We connect to this MySQL server.

Screenshot

Type the password

Screenshot

As you see, the server is accessible.

We can now fill out the host field for the backend server.

Screenshot

Enter port number 3307.

Screenshot

We may add more servers to this upstream in the future.

Screenshot

Click to save this upstream.

Screenshot

We can see this tcp_backend upstream is already there.

Screenshot

Now let’s create a new page rule to use this upstream.

Screenshot

Create a new page rule.

Screenshot

Let’s add a proxy target here.

Screenshot

Select the upstream that we just created.

Screenshot

Screenshot

There are several Balancing policies to choose from. Our upstream has only one server. So the balancing policy does not matter here.

Screenshot

We’d just keep the default round-robin policy.

Screenshot

Create this page rule.

Screenshot

We can see the newly created proxy page rule in the page rule list.

Screenshot

The last step is to make a new configuration release. It will push out our pending changes to all our gateway servers.

Screenshot

Let’s click on this button to make a new release.

Screenshot

Ship it.

Screenshot

Now it is fully synchronized. As we can see, this sample deployment has 14 servers in the gateway network.

Screenshot

We do incremental config synchronization across the whole network.

Embeded video

Embeded video

Embeded video

We live-update config on the request level. None of the application-level configuration changes require server reload, restart, or binary upgrade. So it is very scalable even when you have many different users making frequent releases.

Embeded image

Test the TCP application

We can also check all the gateway servers grouped by clusters.

Screenshot

We have a node in the United States with an IP address ending with 226. We will test the proxy that we just added using this node.

Screenshot

Click to copy the IP address of this server.

Screenshot

We connect to the MySQL server on the upstream backend using port 3307.

Screenshot

The host is the Edge Node Server that we just saw with the IP address ending with 226.

Screenshot

Now give the user and database names and execute the select command.

Screenshot

Type the password

Screenshot

It works as expected! The server is accessible, just like accessing the backend server directly.

What is OpenResty Edge

OpenResty Edge is our all-in-one gateway software for microservices and distributed traffic architectures. It combines traffic management, private CDN construction, API gateway, security, and more to help you easily build, manage, and protect modern applications. OpenResty Edge delivers industry-leading performance and scalability to meet the demanding needs of high concurrency, high load scenarios. It supports scheduling containerized application traffic such as K8s and manages massive domains, making it easy to meet the needs of large websites and complex applications.

If you like this tutorial, please subscribe to this blog site and/or our YouTube channel. Thank you!

About The Author

Yichun Zhang (Github handle: agentzh), is the original creator of the OpenResty® open-source project and the CEO of OpenResty Inc..

Yichun is one of the earliest advocates and leaders of “open-source technology”. He worked at many internationally renowned tech companies, such as Cloudflare, Yahoo!. He is a pioneer of “edge computing”, “dynamic tracing” and “machine coding”, with over 22 years of programming and 16 years of open source experience. Yichun is well-known in the open-source space as the project leader of OpenResty®, adopted by more than 40 million global website domains.

OpenResty Inc., the enterprise software start-up founded by Yichun in 2017, has customers from some of the biggest companies in the world. Its flagship product, OpenResty XRay, is a non-invasive profiling and troubleshooting tool that significantly enhances and utilizes dynamic tracing technology. And its OpenResty Edge product is a powerful distributed traffic management and private CDN software product.

As an avid open-source contributor, Yichun has contributed more than a million lines of code to numerous open-source projects, including Linux kernel, Nginx, LuaJIT, GDB, SystemTap, LLVM, Perl, etc. He has also authored more than 60 open-source software libraries.