Nginx07---反向代理
小程序使用nginx反向代理https和wss
user www www; worker_processes auto; error_log /www/wwwlogs/nginx_error.log crit; pid /www/server/nginx/logs/nginx.pid; worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; multi_accept on; } http { include mime.types; #include luawaf.conf; include proxy.conf; default_type application/octet-stream; map $http_upgrade $connection_upgrade { default upgrade; '' close; } server_names_hash_bucket_size 512; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 50m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml; gzip_vary on; gzip_proxied expired no-cache no-store private auth; gzip_disable "MSIE [1-6]\."; limit_conn_zone $binary_remote_addr zone=perip:10m; limit_conn_zone $server_name zone=perserver:10m; server_tokens off; access_log off; server { listen 888; server_name www.bt.cn; index index.html index.htm index.php; root /www/server/phpmyadmin; #error_page 404 /404.html; include enable-php.conf; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /\. { deny all; } access_log /www/wwwlogs/access.log; } server { listen 443 http2; server_name www.kangyuzhe.com; ssl on; ssl_certificate /www/server/nginx/1_www.kangyuzhe.com_bundle.crt; ssl_certificate_key /www/server/nginx/2_www.kangyuzhe.com.key ; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location ^~/ { proxy_pass http://106.13.37.131:80; proxy_set_header Accept-Encoding ""; proxy_set_header Referer "http://106.13.37.131/"; add_header Access-Control-Allow-Origin *; sub_filter 'http://106.13.37.131' 'https://www.kangyuzhe.com'; sub_filter_types text/css text/xml text/html text/javascript application/json application/javascript; sub_filter_once off; } location ~* \.(?:css|js|ttf|woff|svg|ico|png|jpg)$ { proxy_set_header Accept-Encoding ""; proxy_set_header Referer "http://106.13.37.131/"; proxy_pass http://106.13.37.131/$request_uri; add_header Access-Control-Allow-Origin *; sub_filter 'http://106.13.37.131' 'https://www.kangyuzhe.com'; sub_filter_types text/css text/xml text/html text/javascript application/javascript application/json; sub_filter_once off; } location /ws/chat{ proxy_pass http://106.13.37.131:80; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Origin ""; } } include /www/server/panel/vhost/nginx/*.conf; }
map指令的作用:
根据客户端请求中$http_upgrade 的值,来构造改变$connection_upgrade的值
即根据变量$http_upgrade的值创建新的变量$connection_upgrade,
创建的规则就是{}里面的东西。其中的规则没有做匹配,因此使用默认的.
即 $connection_upgrade 的值会一直是 upgrade。然后如果 $http_upgrade为空字符串的话,
那值会是 close。
以上是nginx配置websocket,下面是由于自己在配置的时候发现对nginx还很生疏,就进行学习
什么是反向代理?
1、 proxy_pass:配置反向代理的路径。
需要注意的是如果 proxy_pass 的 url 最后为 /,则表示绝对路径。
否则(不含变量下)表示相对路径,所有的路径都会被代理过去
反向代理是指以代理服务器来接受网络上的连接请求,
然后将请求转发给内部网络上的服务器,
并将从服务器上得到的结果返回给请求连接的客户端,
此时代理服务器对外就表现为一个反向代理服务器。
什么是负载均衡?
2、 upstream:配置负载均衡,upstream 默认是以轮询的方式进行负载,
另外还支持四种模式,分别是:
(1)weight:权重,指定轮询的概率,weight 与访问概率成正比
(2)ip_hash:按照访问 IP 的 hash 结果值分配
(3)fair:按后端服务器响应时间进行分配,响应时间越短优先级别越高
(4)url_hash:按照访问 URL 的 hash 结果值分配
其背后一般有多台 server,系统会根据配置的策略
(例如 Nginx 有提供四种选择)来进行动态调整,
尽可能的达到各节点均衡,从而提高系统整体的吞吐量和快速响应
eg:
upstream api.niu12.com {
server 127.0.0.1:8001;
server 127.0.0.1:8002;
}
server {
listen 80;
server_name api.niu12.com;
location / {
proxy_pass http://api.niu12.com/;
}
}
