Nginx反向代理
实例
nginx.conf文件
#user nobody;
worker_processes 1;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
#正向代理
server {
#正向代理的端口
listen 9080;
#dns,支持配置多个
resolver 119.29.29.29;
#开启插件支持https tunnel
#proxy_connect;
#proxy_connect_allow 443;
#proxy_connect_connect_timeout 10s;
#proxy_connect_read_timeout 40s;
#proxy_connect_send_timeout 40s;
#location / {
# proxy_pass http://$host;
# proxy_set_header Host $host;
# proxy_buffers 256 4k;
# proxy_max_temp_file_size 0;
#}
}
#反向代理上游服务器-反向代理tpp-zuul-pre,支持配置多个
upstream srv_tpp-zuul-pre {
ip_hash;
server 172.168.168.108:80;
server 172.168.168.114:80;
}
#反向代理
server {
listen 8080;
listen 443 ssl;
#ssl on;
ssl_certificate 1613208__hcepay.com.pem;
ssl_certificate_key 1613208__hcepay.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
server_name 127.0.0.1;
location / {
proxy_pass http://srv_tpp-zuul-pre;
}
}
upstream srv_fama
{
ip_hash;
server 172.168.168.112:8080;
server 172.168.168.119:8080;
}
server {
listen 8081;
server_name 127.0.0.1;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;
proxy_pass http://srv_fama;
}
}
upstream srv_acc-pre
{
ip_hash;
server 172.168.168.107:8764;
server 172.168.168.113:8764;
}
server {
listen 8764;
server_name 127.0.0.1;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;
proxy_pass http://srv_acc-pre;
}
}
upstream srv_redis
{
ip_hash;
server 172.168.168.119:7000;
server 172.168.168.119:7001;
server 172.168.168.119:7002;
server 172.168.168.119:7003;
server 172.168.168.119:7004;
server 172.168.168.119:7005;
}
server {
listen 6379;
server_name 127.0.0.1;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;
proxy_pass http://srv_redis;
}
}
}
#TCP方向代理
tcp {
upstream srv_tpp-webgate {
ip_hash;
server 172.168.168.108:5001;
server 172.168.168.114:5001;
check interval=3000 rise=2 fall=5 timeout=1000;
}
server {
listen 5001;
proxy_pass srv_tpp-webgate;
tcp_nodelay on;
}
}
proxy模块指令描述
proxy模块的可用配置指令非常多,它们分别用于定义proxy模块工作时的诸多属性,如连接超时时长、代理时使用http协议版本等。下面对常用的指令做一个简单说明。
-
proxy_connect_timeout nginx将一个请求发送至upstream server之前等待的最大时长;
-
proxy_cookie_domain 将upstream server通过Set-Cookie首部设定的domain属性修改为指定的值,其值可以为一个字符串、正则表达式的模式或一个引用的变量;
-
proxy_cookie_path 将upstream server通过Set-Cookie首部设定的path属性修改为指定的值,其值可以为一个字符串、正则表达式的模式或一个引用的变量;
-
proxy_hide_header 设定发送给客户端的报文中需要隐藏的首部;
-
proxy_pass 指定将请求代理至upstream server的URL路径;
-
proxy_set_header 将发送至upsream server的报文的某首部进行重写;
-
proxy_redirect 重写location并刷新从upstream server收到的报文的首部;
-
proxy_send_timeout 在连接断开之前两次发送至upstream server的写操作的最大间隔时长;
-
proxy_read_timeout 在连接断开之前两次从接收upstream server接收读操作的最大间隔时长;
如下面的一个示例:
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 30;
proxy_send_timeout 15;
proxy_read_timeout 15;如对您有帮助,支持下呗!
微信
支付宝
