Nginx反向代理

实例

nginx.conf文件

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132

#user  nobody; worker_processes  1;   error_log  logs/error.log; #error_log  logs/error.log  notice; #error_log  logs/error.log  info;   #pid        logs/nginx.pid;     events {     worker_connections  1024; }     http {       #正向代理     server {         #正向代理的端口         listen       9080;         #dns，支持配置多个         resolver  119.29.29.29;         #开启插件支持https tunnel         #proxy_connect;         #proxy_connect_allow 443;         #proxy_connect_connect_timeout 10s;         #proxy_connect_read_timeout 40s;         #proxy_connect_send_timeout 40s;         #location / {         #   proxy_pass http://$host;         #   proxy_set_header Host $host;         #   proxy_buffers 256 4k;         #   proxy_max_temp_file_size 0;         #}     }       #反向代理上游服务器-反向代理tpp-zuul-pre,支持配置多个     upstream srv_tpp-zuul-pre {         ip_hash;         server 172.168.168.108:80;         server 172.168.168.114:80;     }           #反向代理     server {         listen 8080;         listen 443 ssl;         #ssl on;         ssl_certificate 1613208__hcepay.com.pem;         ssl_certificate_key 1613208__hcepay.com.key;         ssl_session_timeout 5m;         ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;         ssl_prefer_server_ciphers on;         server_name 127.0.0.1;         location / {             proxy_pass http://srv_tpp-zuul-pre;         }     }     upstream srv_fama                         {     ip_hash;                                   server 172.168.168.112:8080;     server 172.168.168.119:8080;     }         server {             listen       8081;             server_name  127.0.0.1;             location / {                 proxy_redirect off;                 proxy_set_header Host $host;                 proxy_set_header X-Real-IP $remote_addr;                 proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;                 proxy_pass http://srv_fama;             }         }     upstream srv_acc-pre                         {     ip_hash;                                   server 172.168.168.107:8764;     server 172.168.168.113:8764;     }         server {             listen       8764;             server_name  127.0.0.1;             location / {                 proxy_redirect off;                 proxy_set_header Host $host;                 proxy_set_header X-Real-IP $remote_addr;                 proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;                 proxy_pass http://srv_acc-pre;             }         }       upstream srv_redis                         {     ip_hash;                                   server 172.168.168.119:7000;     server 172.168.168.119:7001;     server 172.168.168.119:7002;     server 172.168.168.119:7003;     server 172.168.168.119:7004;     server 172.168.168.119:7005;     }         server {             listen       6379;             server_name  127.0.0.1;             location / {                 proxy_redirect off;                 proxy_set_header Host $host;                 proxy_set_header X-Real-IP $remote_addr;                 proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;                 proxy_pass http://srv_redis;             }         } } #TCP方向代理 tcp {         upstream srv_tpp-webgate {         ip_hash;                 server 172.168.168.108:5001;                 server 172.168.168.114:5001;                 check interval=3000 rise=2 fall=5 timeout=1000;         }         server {                 listen 5001;                 proxy_pass srv_tpp-webgate;                   tcp_nodelay on;         }   }

proxy模块指令描述

proxy模块的可用配置指令非常多，它们分别用于定义proxy模块工作时的诸多属性，如连接超时时长、代理时使用http协议版本等。下面对常用的指令做一个简单说明。

• proxy_connect_timeout   nginx将一个请求发送至upstream server之前等待的最大时长；

• proxy_cookie_domain   将upstream server通过Set-Cookie首部设定的domain属性修改为指定的值，其值可以为一个字符串、正则表达式的模式或一个引用的变量；

• proxy_cookie_path    将upstream server通过Set-Cookie首部设定的path属性修改为指定的值，其值可以为一个字符串、正则表达式的模式或一个引用的变量；

• proxy_hide_header   设定发送给客户端的报文中需要隐藏的首部；

• proxy_pass   指定将请求代理至upstream server的URL路径；

• proxy_set_header   将发送至upsream server的报文的某首部进行重写；

• proxy_redirect   重写location并刷新从upstream server收到的报文的首部；

• proxy_send_timeout   在连接断开之前两次发送至upstream server的写操作的最大间隔时长；

• proxy_read_timeout    在连接断开之前两次从接收upstream server接收读操作的最大间隔时长；

如下面的一个示例：

 proxy_redirect off; 
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 client_max_body_size 10m; 
 client_body_buffer_size 128k; 
 proxy_connect_timeout 30; 
 proxy_send_timeout 15; 
 proxy_read_timeout 15;