Nginx透過https方式反向代理的簡單實現

疯子110發表於2024-11-22

1)nginx的反向代理:proxy_pass 2)nginx的負載均衡:upstream

下面是nginx的反向代理和負載均衡的例項:

負載機:A機器:103.110.186.8/192.168.1.8 後端機器1:B機器:192.168.1.102 後端機器2:C機器:192.168.1.103

需求: 1)訪問A機器的8080埠,反向代理到B機器的8080埠; 訪問A機器的8088埠,反向代理到C機器的8088埠; 訪問http://103.110.86.8:8090/ios,反向代理到B機器http://192.168.1.102:8090/ios/

2)訪問A機器的80埠,負載均衡到後端的兩臺機器B和C的80埠

操作記錄: -------------------------------------------------------------------------------------- 負載機:A機器上的操作記錄: 1)編譯安裝nginx [root@opd ~]# yum install -y pcre* openssl* gcc gcc+ [root@opd ~]# cd /opt/src [root@src ~]# wget http://nginx.org/download/nginx-1.8.0.tar.gz [root@src ~]# tar -zxvf nginx-1.8.0.tar.gz [root@src ~]# cd nginx-1.8.0 #新增www使用者,其中-M參數列示不新增使用者家目錄,-s參數列示指定shell型別

[root@nginx-1.8.0 ~]#useradd www -M -s /sbin/nologin [root@nginx-1.8.0 ~]#vim auto/cc/gcc #將這句註釋掉 取消Debug編譯模式 大概在179行 #CFLAGS="$CFLAGS -g"

#我們再配置下nginx編譯引數 [root@nginx-1.8.0 ~]# ./configure --prefix=/opt/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module [root@nginx-1.8.0 ~]#make [root@nginx-1.8.0 ~]#make install clean

2)配置nginx [root@nginx-1.8.0 ~]# cd /opt/nginx/conf [root@nginx-1.8.0 conf]# vim nginx.conf //這個可以作為nginx安裝後的配置規範

程式碼語言:javascript
複製
http {
    include       mime.types;
    default_type  application/octet-stream;
    charset utf-8;
 
    log_format  main  '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_cookie" $host $request_time';
    sendfile       on;
    tcp_nopush     on;
    tcp_nodelay    on;
    keepalive_timeout  65;
 
 
    fastcgi_connect_timeout 3000;
    fastcgi_send_timeout 3000;
    fastcgi_read_timeout 3000;
    fastcgi_buffer_size 256k;
    fastcgi_buffers 8 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
  
     
    client_header_timeout 600s;
    client_body_timeout 600s;
  
    client_max_body_size 100m;             
    client_body_buffer_size 256k;           
  
    gzip  on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 9;
    gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
    gzip_vary on;
  
 
    include vhosts/*.conf;
}

[root@nginx-1.8.0 conf]# ulimit -n 65535 [root@nginx-1.8.0 conf]# mkdir vhosts [root@nginx-1.8.0 conf]# cd vhosts

配置反向代理和負載均衡 [root@nginx-1.8.0 vhosts]# vim 8080.conf

程式碼語言:javascript
複製
server {
    listen 8080;
    server_name localhost;
    index index.html index.php index.htm;
    root /var/www/html;
 
    access_log  /usr/local/nginx/logs/8080-access.log main;
    error_log  /usr/local/nginx/logs/8080-error.log;

location / {
    proxy_pass http://192.168.1.102:8080;
    proxy_redirect off ;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout 300;             #跟後端伺服器連線超時時間,發起握手等候響應時間
    proxy_send_timeout 300;                #後端伺服器回傳時間,就是在規定時間內後端伺服器必須傳完所有資料
    proxy_read_timeout 600;                #連線成功後等待後端伺服器的響應時間,已經進入後端的排隊之中等候處理
    proxy_buffer_size 256k;                #代理請求緩衝區,會儲存使用者的頭資訊以供nginx進行處理
    proxy_buffers 4 256k;                  #同上,告訴nginx儲存單個用幾個buffer最大用多少空間
    proxy_busy_buffers_size 256k;          #如果系統很忙時候可以申請最大的proxy_buffers
    proxy_temp_file_write_size 256k;       #proxy快取臨時檔案的大小
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
}
}

[root@nginx-1.8.0 vhosts]# cat 8088.conf

程式碼語言:javascript
複製
server {
    listen 8088;
    server_name localhost;
    index index.html index.php index.htm;
    root /var/www/html;
 
    access_log  /usr/local/nginx/logs/8088-access.log main;
    error_log  /usr/local/nginx/logs/8088-error.log;

location / {
    proxy_pass http://192.168.1.103:8088;
    proxy_redirect off ;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout 300;             
    proxy_send_timeout 300;               
    proxy_read_timeout 600;               
    proxy_buffer_size 256k;                
    proxy_buffers 4 256k;                  
    proxy_busy_buffers_size 256k;         
    proxy_temp_file_write_size 256k;       
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
}
}

----------------------------------------------------------------------------------------------------------------- 下面這個匹配path的代理設定需要注意幾點: 首先一定要保證目標B機器,也就是192.168.1.102的8090埠站點目錄下有這個匹配path的目錄ios存在!! 也就是要保證A機器本機能順利訪問到目標B機器的8090埠的ios路徑,即: [root@nginx-1.8.0 vhosts]# curl http://192.168.1.102:8090/ios/ #一定要保證這個能從A機器訪問成功!

下面幾種配置都是可以的:

第一種: [root@nginx-1.8.0 vhosts]# cat 8090.conf

程式碼語言:javascript
複製
server {
    listen 8090;
    server_name localhost;
    index index.html index.php index.htm;
    root /var/www/html;
 
    access_log  /usr/local/nginx/logs/8090-access.log main;
    error_log  /usr/local/nginx/logs/8090-error.log;

    location /ios/ {                            #這種情況,這裡一定要匹配的是/ios/,不能是/ios
    proxy_pass http://192.168.1.102:8090;       #一定要保證192.168.1.102機器8090埠站點目錄下有ios目錄!否則訪問會報錯404!
    proxy_redirect off ;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout 300;             
    proxy_send_timeout 300;               
    proxy_read_timeout 600;               
    proxy_buffer_size 256k;                
    proxy_buffers 4 256k;                  
    proxy_busy_buffers_size 256k;         
    proxy_temp_file_write_size 256k;       
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
}
}

第二種: [root@nginx-1.8.0 vhosts]# cat 8090.conf

程式碼語言:javascript
複製
server {
    listen 8090;
    server_name localhost;
    index index.html index.php index.htm;
    root /var/www/html;
 
    access_log  /usr/local/nginx/logs/8090-access.log main;
    error_log  /usr/local/nginx/logs/8090-error.log;

    location /ios/ { 
    proxy_pass http://192.168.1.102:8090/ios/; 
    proxy_redirect off ;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout 300;             
    proxy_send_timeout 300;               
    proxy_read_timeout 600;               
    proxy_buffer_size 256k;                
    proxy_buffers 4 256k;                  
    proxy_busy_buffers_size 256k;         
    proxy_temp_file_write_size 256k;       
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
}
}

第三種: [root@nginx-1.8.0 vhosts]# cat 8090.conf

程式碼語言:javascript
複製
server {
    listen 8090;
    server_name localhost;
    index index.html index.php index.htm;
    root /var/www/html;
 
    access_log  /usr/local/nginx/logs/8090-access.log main;
    error_log  /usr/local/nginx/logs/8090-error.log;

    location /ios { 
    proxy_pass http://192.168.1.102:8090/ios/;         這種情況,這裡一定要匹配的是/ios/,不能是/ios
    proxy_redirect off ;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout 300;             
    proxy_send_timeout 300;               
    proxy_read_timeout 600;               
    proxy_buffer_size 256k;                
    proxy_buffers 4 256k;                  
    proxy_busy_buffers_size 256k;         
    proxy_temp_file_write_size 256k;       
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
}
}

以上三種配置方法都保證了訪問http://103.110.86.8:8090/ios會自動變為http://103.10.86.8:8090/ios/,並代理到http://192.168.1.102:8090/ios/的結果

-----------------------------------------------------------------------------------------------------------------

[root@nginx-1.8.0 vhosts]# cat LB.conf

程式碼語言:javascript
複製
upstream lb {
    server 192.168.1.102:80 max_fails=3 fail_timeout=30s;   #max_fails = 3 為允許失敗的次數,預設值為1
    server 192.168.1.103:80 max_fails=3 fail_timeout=30s;   #fail_timeout = 30s 當max_fails次失敗後,暫停將請求分發到該後端伺服器的時間
}

server {
    listen 80;
    server_name localhost;
    index index.html index.php index.htm;
    root /var/www/html;
 
    access_log  /usr/local/nginx/logs/80-access.log main;
    error_log  /usr/local/nginx/logs/80-error.log;

    location / {
    proxy_pass http://lb;
    proxy_redirect off ;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout 300;             
    proxy_send_timeout 300;               
    proxy_read_timeout 600;               
    proxy_buffer_size 256k;                
    proxy_buffers 4 256k;                  
    proxy_busy_buffers_size 256k;         
    proxy_temp_file_write_size 256k;       
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
}
}

啟動nginx [root@nginx-1.8.0 vhosts]# /opt/nginx/sbin/nginx -t 【檢查配置是否正確】 nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok nginx: configuration file /opt/nginx/conf/nginx.conf test is successful [root@host-192-168-1-102 vhosts]# /opt/nginx/sbin/nginx 【啟動nginx】

-------------------------------------------------------------------------------------- 後端機:B機器上的操作記錄: 1)編譯安裝nginx [root@B ~]# yum install -y pcre* openssl* gcc gcc+ [root@B ~]# cd /opt/src [root@B ~]# wget http://nginx.org/download/nginx-1.8.0.tar.gz [root@B ~]# tar -zxvf nginx-1.8.0.tar.gz [root@B ~]# cd nginx-1.8.0 #新增www使用者,其中-M參數列示不新增使用者家目錄,-s參數列示指定shell型別

[root@nginx-1.8.0 ~]#useradd www -M -s /sbin/nologin [root@nginx-1.8.0 ~]##vim auto/cc/gcc #將這句註釋掉 取消Debug編譯模式 大概在179行 #CFLAGS="$CFLAGS -g"

#我們再配置下nginx編譯引數 [root@nginx-1.8.0 ~]# ./configure --prefix=/opt/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module [root@nginx-1.8.0 ~]#make [root@nginx-1.8.0 ~]#make install clean

2)配置nginx [root@nginx-1.8.0 ~]# cd /opt/nginx/conf 注意,把預設的nginx.conf檔案中的server區域配置註釋掉,設定vhosts虛擬主機的配置,如下: [root@nginx-1.8.0 conf]# vim nginx.conf

程式碼語言:javascript
複製
user  www;
worker_processes  8;
  
events {
    worker_connections  65535;
}
  
http {
    include       mime.types;
    default_type  application/octet-stream;
    charset utf-8;
 
    log_format  main  '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_cookie" $host $request_time';
    sendfile       on;
    tcp_nopush     on;
    tcp_nodelay    on;
    keepalive_timeout  65;
 
 
    fastcgi_connect_timeout 3000;
    fastcgi_send_timeout 3000;
    fastcgi_read_timeout 3000;
    fastcgi_buffer_size 256k;
    fastcgi_buffers 8 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
  
     
    client_header_timeout 600s;
    client_body_timeout 600s;
  
    client_max_body_size 100m;             
    client_body_buffer_size 256k;           
  
    gzip  on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 9;
    gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
    gzip_vary on;
  
 
    include vhosts/*.conf;
}

[root@nginx-1.8.0 conf]# ulimit -n 65535 [root@nginx-1.8.0 conf]# mkdir vhosts [root@nginx-1.8.0 conf]# cd vhosts

[root@nginx-1.8.0 conf]# vim 8080.conf

程式碼語言:javascript
複製
server {
    listen 8080;
    server_name localhost;
    index index.html index.php index.htm;
 
    access_log  /usr/local/nginx/logs/8080-access.log main;
    error_log  /usr/local/nginx/logs/8080-error.log;

location ~ / {
    root /var/www/html/8080;
    index index.html index.php index.htm;
}
}

[root@nginx-1.8.0 conf]# vim 8090.conf

程式碼語言:javascript
複製
server {
    listen 8090;
    server_name localhost;
    index index.html index.php index.htm;
 
    access_log  /usr/local/nginx/logs/8090-access.log main;
    error_log  /usr/local/nginx/logs/8090-error.log; 

location ~ / {
    root /var/www/html/8090;        #針對上面匹配ios的path代理,要保證站點目錄/var/www/html/8080下有ios目錄存在
    index index.html index.php index.htm;
}
}

[root@nginx-1.8.0 conf]# vim 80.conf

程式碼語言:javascript
複製
server {
   listen 80;
   server_name localhost;
   index index.html index.php index.htm;
 
   access_log  /usr/local/nginx/logs/80-access.log main;
   error_log  /usr/local/nginx/logs/80-error.log;

location ~ / {
   root /var/www/html;
   index index.html index.php index.htm;
}
}

啟動nginx [root@nginx-1.8.0 vhosts]# /opt/nginx/sbin/nginx -t 【檢查配置是否正確】 nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok nginx: configuration file /opt/nginx/conf/nginx.conf test is successful [root@host-192-168-1-102 vhosts]# /opt/nginx/sbin/nginx 【啟動nginx】

-------------------------------------------------------------------------------------- 後端機:C機器上的操作記錄: 1)編譯安裝nginx [root@C ~]# yum install -y pcre* openssl* gcc gcc+ [root@C ~]# cd /opt/src [root@C ~]# wget http://nginx.org/download/nginx-1.8.0.tar.gz [root@C ~]# tar -zxvf nginx-1.8.0.tar.gz [root@C ~]# cd nginx-1.8.0 #新增www使用者,其中-M參數列示不新增使用者家目錄,-s參數列示指定shell型別

[root@nginx-1.8.0 ~]#useradd www -M -s /sbin/nologin [root@nginx-1.8.0 ~]##vim auto/cc/gcc #將這句註釋掉 取消Debug編譯模式 大概在179行 #CFLAGS="$CFLAGS -g"

#我們再配置下nginx編譯引數 [root@nginx-1.8.0 ~]# ./configure --prefix=/opt/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module [root@nginx-1.8.0 ~]#make [root@nginx-1.8.0 ~]#make install clean

2)配置nginx [root@nginx-1.8.0 ~]# cd /opt/nginx/conf 注意,把預設的nginx.conf檔案中的server區域配置註釋掉,設定vhosts虛擬主機的配置,如下: [root@nginx-1.8.0 conf]# vim nginx.conf

程式碼語言:javascript
複製
user  www;
worker_processes  8;
  
events {
    worker_connections  65535;
}
  
http {
    include       mime.types;
    default_type  application/octet-stream;
    charset utf-8;
 
    log_format  main  '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_cookie" $host $request_time';
    sendfile       on;
    tcp_nopush     on;
    tcp_nodelay    on;
    keepalive_timeout  65;
 
 
    fastcgi_connect_timeout 3000;
    fastcgi_send_timeout 3000;
    fastcgi_read_timeout 3000;
    fastcgi_buffer_size 256k;
    fastcgi_buffers 8 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
  
     
    client_header_timeout 600s;
    client_body_timeout 600s;
  
    client_max_body_size 100m;             
    client_body_buffer_size 256k;           
  
    gzip  on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 9;
    gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
    gzip_vary on;
  
 
    include vhosts/*.conf;
}

[root@nginx-1.8.0 conf]# vim 80.conf

程式碼語言:javascript
複製
server {
    listen 80;
    server_name localhost;
    index index.html index.php index.htm;
 
    access_log  /usr/local/nginx/logs/80-access.log main;
    error_log  /usr/local/nginx/logs/80-error.log;

location ~ / {
    root /var/www/html/;
    index index.html index.php index.htm;
}
}

啟動nginx

[root@nginx-1.8.0 vhosts]# /opt/nginx/sbin/nginx -t 【檢查配置是否正確】 nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok nginx: configuration file /opt/nginx/conf/nginx.conf test is successful [root@host-192-168-1-102 vhosts]# /opt/nginx/sbin/nginx 【啟動nginx】

到此,上面需求中的nginx反向代理和負載均衡就已經配置完成了! 訪問http://103.110.86.8:8080的結果顯示的就是B機器,即http://192.168.1.102:8080的結果 訪問http://103.110.86.8:8088的結果顯示的就是C機器,即http://192.168.1.108:8088的結果 訪問http://103.110.86.8:8090/ios的結果顯示的就是B機器,即http://192.168.1.102:8090/ios/的結果

訪問http://103.110.86.8的請求就會被負載給到後端兩臺機器http://192.168.1.102和http://192.168.1.103

可以在103.110.86.8本機可以使用curl和telnet測試到目標機器是否通順~ [root@nginx-1.8.0 vhosts]# curl http://192.168.1.102:8080 [root@nginx-1.8.0 vhosts]# telnet 192.168.1.102 8080

-------------------------------------------------------------------------------------------------------------------------------------------- 說明一下: 上面的nginx反向代理的需求,除了nginx反代配置之外,也可以使用iptables的nat轉發實現。

比如: 訪問A機器的8080埠,反向代理到B機器的80埠;

iptables的nat轉發規則設定如下: [root@opd ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.102:80 [root@opd ~]# iptables -t nat -A POSTROUTING -d 192.168.1.102 -p tcp -m tcp --sport 80 -j SNAT --to-source 192.168.1.8 [root@opd ~]# iptables -t filter -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT

[root@opd ~]# service iptables save

************************************** 需要注意的是: 要開啟A機器的ip轉發功能: [root@opd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward 然後後端機器B的route路由最好也設定成192.168.1.8 **************************************

這樣,訪問http://103.110.86.8:8080的結果就是http://192.168.1.102的結果

----------------------------------------------------------------------------------------------------------- nginx反向代理一例: 訪問http://testwx3.wangshibo.com/apiwx3反向代理到https://testwww.wangshibo.com

程式碼語言:javascript
複製
[root@dev-new-test vhosts]# cat testwx3.wangshibo.com.conf 
server {
        listen       80;

        server_name  testwx3.wangshibo.com;
        root  /Data/app/xqsj_wx3/dist;
        index index.html;

    location /apiwx3/ {
        proxy_pass https://testwww.wangshibo.com/;
    }

如上配置後: 訪問http://testwx3.wangshibo.com/apiwx3自動跳轉到http://testwx3.wangshibo.com/apiwx3/ 訪問http://testwx3.wangshibo.com/apiwx3/$1的內容和https://testwww.wangshibo.com/$1內容一致 比如: 訪問http://testwx3.wangshibo.com/apiwx3/xqsj.php?r=HouseGroup/create 顯示的內容既是 http://testwww.wangshibo.com/xqsj.php?r=HouseGroup/create的內容

如果將上面的代理配置改為:

程式碼語言:javascript
複製
    location /apiwx3 {
        proxy_pass https://testwww.wangshibo.com;
    }

    或者
        location /apiwx3/ {
        proxy_pass https://testwww.wangshibo.com/;
    }

那麼只能實現:訪問http://testwx3.wangshibo.com/apiwx3的結果和https://testwww.wangshibo.com一致 不能實現:訪問http://testwx3.wangshibo.com/apiwx3/$1的內容和https://testwww.wangshibo.com/$1內容一致

相關文章