Nginx反向代理的简单实现
1)nginx的反向代理:proxy_pass
2)nginx的负载均衡:upstream
下面是nginx的反向代理和负载均衡的实例:
负载机:A机器:103.110.186.8/192.168.1.8
后端机器1:B机器:192.168.1.102
后端机器2:C机器:192.168.1.103
需求:
1)访问A机器的8080端口,反向代理到B机器的8080端口;
访问A机器的8088端口,反向代理到C机器的8088端口;
访问http://103.110.86.8:8090/ios,反向代理到B机器http://192.168.1.102:8090/ios/
2)访问A机器的80端口,负载均衡到后端的两台机器B和C的80端口
操作记录:
--------------------------------------------------------------------------------------
负载机:A机器上的操作记录:
1)编译安装nginx
[root@opd ~]# yum install -y pcre* openssl* gcc gcc+
[root@opd ~]# cd /opt/src
[root@src ~]# wget http://nginx.org/download/nginx-1.8.0.tar.gz
[root@src ~]# tar -zxvf nginx-1.8.0.tar.gz
[root@src ~]# cd nginx-1.8.0
#添加www用户,其中-M参数表示不添加用户家目录,-s参数表示指定shell类型
[root@nginx-1.8.0 ~]#useradd www -M -s /sbin/nologin
[root@nginx-1.8.0 ~]#vim auto/cc/gcc
#将这句注释掉 取消Debug编译模式 大概在179行
#CFLAGS="$CFLAGS -g"
#我们再配置下nginx编译参数
[root@nginx-1.8.0 ~]# ./configure --prefix=/opt/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module
[root@nginx-1.8.0 ~]#make
[root@nginx-1.8.0 ~]#make install clean
2)配置nginx
[root@nginx-1.8.0 ~]# cd /opt/nginx/conf
[root@nginx-1.8.0 conf]# vim nginx.conf //这个可以作为nginx安装后的配置规范
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
http { include mime.types; default_type application /octet-stream ; charset utf-8; log_format main '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_cookie" $host $request_time' ; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; fastcgi_connect_timeout 3000; fastcgi_send_timeout 3000; fastcgi_read_timeout 3000; fastcgi_buffer_size 256k; fastcgi_buffers 8 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; client_header_timeout 600s; client_body_timeout 600s; client_max_body_size 100m; client_body_buffer_size 256k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 9; gzip_types text /plain application /x-javascript text /css application /xml text /javascript application /x-httpd-php ; gzip_vary on; include vhosts/*.conf; } |
[root@nginx-1.8.0 conf]# ulimit -n 65535
[root@nginx-1.8.0 conf]# mkdir vhosts
[root@nginx-1.8.0 conf]# cd vhosts
配置反向代理和负载均衡
[root@nginx-1.8.0 vhosts]# vim 8080.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
server { listen 8080; server_name localhost; index index.html index.php index.htm; root /var/www/html ; access_log /usr/local/nginx/logs/8080-access .log main; error_log /usr/local/nginx/logs/8080-error .log; location / { proxy_pass http: //192 .168.1.102:8080; proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; #跟后端服务器连接超时时间,发起握手等候响应时间 proxy_send_timeout 300; #后端服务器回传时间,就是在规定时间内后端服务器必须传完所有数据 proxy_read_timeout 600; #连接成功后等待后端服务器的响应时间,已经进入后端的排队之中等候处理 proxy_buffer_size 256k; #代理请求缓冲区,会保存用户的头信息以供nginx进行处理 proxy_buffers 4 256k; #同上,告诉nginx保存单个用几个buffer最大用多少空间 proxy_busy_buffers_size 256k; #如果系统很忙时候可以申请最大的proxy_buffers proxy_temp_file_write_size 256k; #proxy缓存临时文件的大小 proxy_next_upstream error timeout invalid_header http_500 http_503 http_404; proxy_max_temp_file_size 128m; } } |
[root@nginx-1.8.0 vhosts]# cat 8088.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
server { listen 8088; server_name localhost; index index.html index.php index.htm; root /var/www/html ; access_log /usr/local/nginx/logs/8088-access .log main; error_log /usr/local/nginx/logs/8088-error .log; location / { proxy_pass http: //192 .168.1.103:8088; proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_503 http_404; proxy_max_temp_file_size 128m; } } |
-----------------------------------------------------------------------------------------------------------------
下面这个匹配path的代理设置需要注意几点:
首先一定要保证目标B机器,也就是192.168.1.102的8090端口站点目录下有这个匹配path的目录ios存在!!
也就是要保证A机器本机能顺利访问到目标B机器的8090端口的ios路径,即:
[root@nginx-1.8.0 vhosts]# curl http://192.168.1.102:8090/ios/ #一定要保证这个能从A机器访问成功!
下面几种配置都是可以的:
第一种:
[root@nginx-1.8.0 vhosts]# cat 8090.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
server { listen 8090; server_name localhost; index index.html index.php index.htm; root /var/www/html ; access_log /usr/local/nginx/logs/8090-access .log main; error_log /usr/local/nginx/logs/8090-error .log; location /ios/ { #这种情况,这里一定要匹配的是/ios/,不能是/ios proxy_pass http: //192 .168.1.102:8090; #一定要保证192.168.1.102机器8090端口站点目录下有ios目录!否则访问会报错404! proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_503 http_404; proxy_max_temp_file_size 128m; } } |
第二种:
[root@nginx-1.8.0 vhosts]# cat 8090.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
server { listen 8090; server_name localhost; index index.html index.php index.htm; root /var/www/html ; access_log /usr/local/nginx/logs/8090-access .log main; error_log /usr/local/nginx/logs/8090-error .log; location /ios/ { proxy_pass http: //192 .168.1.102:8090 /ios/ ; proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_503 http_404; proxy_max_temp_file_size 128m; } } |
第三种:
[root@nginx-1.8.0 vhosts]# cat 8090.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
server { listen 8090; server_name localhost; index index.html index.php index.htm; root /var/www/html ; access_log /usr/local/nginx/logs/8090-access .log main; error_log /usr/local/nginx/logs/8090-error .log; location /ios { proxy_pass http: //192 .168.1.102:8090 /ios/ ; 这种情况,这里一定要匹配的是 /ios/ ,不能是 /ios proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_503 http_404; proxy_max_temp_file_size 128m; } } |
以上三种配置方法都保证了访问http://103.110.86.8:8090/ios会自动变为http://103.10.86.8:8090/ios/,并代理到http://192.168.1.102:8090/ios/的结果
-----------------------------------------------------------------------------------------------------------------
[root@nginx-1.8.0 vhosts]# cat LB.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
upstream lb { server 192.168.1.102:80 max_fails=3 fail_timeout=30s; #max_fails = 3 为允许失败的次数,默认值为1 server 192.168.1.103:80 max_fails=3 fail_timeout=30s; #fail_timeout = 30s 当max_fails次失败后,暂停将请求分发到该后端服务器的时间 } server { listen 80; server_name localhost; index index.html index.php index.htm; root /var/www/html ; access_log /usr/local/nginx/logs/80-access .log main; error_log /usr/local/nginx/logs/80-error .log; location / { proxy_pass http: //lb ; proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_503 http_404; proxy_max_temp_file_size 128m; } } |
启动nginx
[root@nginx-1.8.0 vhosts]# /opt/nginx/sbin/nginx -t 【检查配置是否正确】
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
[root@host-192-168-1-102 vhosts]# /opt/nginx/sbin/nginx 【启动nginx】
--------------------------------------------------------------------------------------
后端机:B机器上的操作记录:
1)编译安装nginx
[root@B ~]# yum install -y pcre* openssl* gcc gcc+
[root@B ~]# cd /opt/src
[root@B ~]# wget http://nginx.org/download/nginx-1.8.0.tar.gz
[root@B ~]# tar -zxvf nginx-1.8.0.tar.gz
[root@B ~]# cd nginx-1.8.0
#添加www用户,其中-M参数表示不添加用户家目录,-s参数表示指定shell类型
[root@nginx-1.8.0 ~]#useradd www -M -s /sbin/nologin
[root@nginx-1.8.0 ~]##vim auto/cc/gcc
#将这句注释掉 取消Debug编译模式 大概在179行
#CFLAGS="$CFLAGS -g"
#我们再配置下nginx编译参数
[root@nginx-1.8.0 ~]# ./configure --prefix=/opt/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module
[root@nginx-1.8.0 ~]#make
[root@nginx-1.8.0 ~]#make install clean
2)配置nginx
[root@nginx-1.8.0 ~]# cd /opt/nginx/conf
注意,把默认的nginx.conf文件中的server区域配置注释掉,设置vhosts虚拟主机的配置,如下:
[root@nginx-1.8.0 conf]# vim nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
user www; worker_processes 8; events { worker_connections 65535; } http { include mime.types; default_type application /octet-stream ; charset utf-8; log_format main '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_cookie" $host $request_time' ; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; fastcgi_connect_timeout 3000; fastcgi_send_timeout 3000; fastcgi_read_timeout 3000; fastcgi_buffer_size 256k; fastcgi_buffers 8 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; client_header_timeout 600s; client_body_timeout 600s; client_max_body_size 100m; client_body_buffer_size 256k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 9; gzip_types text /plain application /x-javascript text /css application /xml text /javascript application /x-httpd-php ; gzip_vary on; include vhosts/*.conf; } |
[root@nginx-1.8.0 conf]# ulimit -n 65535
[root@nginx-1.8.0 conf]# mkdir vhosts
[root@nginx-1.8.0 conf]# cd vhosts
[root@nginx-1.8.0 conf]# vim 8080.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
|
server { listen 8080; server_name localhost; index index.html index.php index.htm; access_log /usr/local/nginx/logs/8080-access .log main; error_log /usr/local/nginx/logs/8080-error .log; location ~ / { root /var/www/html/8080 ; index index.html index.php index.htm; } } |
[root@nginx-1.8.0 conf]# vim 8090.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
|
server { listen 8090; server_name localhost; index index.html index.php index.htm; access_log /usr/local/nginx/logs/8090-access .log main; error_log /usr/local/nginx/logs/8090-error .log; location ~ / { root /var/www/html/8090 ; #针对上面匹配ios的path代理,要保证站点目录/var/www/html/8080下有ios目录存在 index index.html index.php index.htm; } } |
[root@nginx-1.8.0 conf]# vim 80.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
|
server { listen 80; server_name localhost; index index.html index.php index.htm; access_log /usr/local/nginx/logs/80-access .log main; error_log /usr/local/nginx/logs/80-error .log; location ~ / { root /var/www/html ; index index.html index.php index.htm; } } |
启动nginx
[root@nginx-1.8.0 vhosts]# /opt/nginx/sbin/nginx -t 【检查配置是否正确】
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
[root@host-192-168-1-102 vhosts]# /opt/nginx/sbin/nginx 【启动nginx】
--------------------------------------------------------------------------------------
后端机:C机器上的操作记录:
1)编译安装nginx
[root@C ~]# yum install -y pcre* openssl* gcc gcc+
[root@C ~]# cd /opt/src
[root@C ~]# wget http://nginx.org/download/nginx-1.8.0.tar.gz
[root@C ~]# tar -zxvf nginx-1.8.0.tar.gz
[root@C ~]# cd nginx-1.8.0
#添加www用户,其中-M参数表示不添加用户家目录,-s参数表示指定shell类型
[root@nginx-1.8.0 ~]#useradd www -M -s /sbin/nologin
[root@nginx-1.8.0 ~]##vim auto/cc/gcc
#将这句注释掉 取消Debug编译模式 大概在179行
#CFLAGS="$CFLAGS -g"
#我们再配置下nginx编译参数
[root@nginx-1.8.0 ~]# ./configure --prefix=/opt/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module
[root@nginx-1.8.0 ~]#make
[root@nginx-1.8.0 ~]#make install clean
2)配置nginx
[root@nginx-1.8.0 ~]# cd /opt/nginx/conf
注意,把默认的nginx.conf文件中的server区域配置注释掉,设置vhosts虚拟主机的配置,如下:
[root@nginx-1.8.0 conf]# vim nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
user www; worker_processes 8; events { worker_connections 65535; } http { include mime.types; default_type application /octet-stream ; charset utf-8; log_format main '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_cookie" $host $request_time' ; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; fastcgi_connect_timeout 3000; fastcgi_send_timeout 3000; fastcgi_read_timeout 3000; fastcgi_buffer_size 256k; fastcgi_buffers 8 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; client_header_timeout 600s; client_body_timeout 600s; client_max_body_size 100m; client_body_buffer_size 256k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 9; gzip_types text /plain application /x-javascript text /css application /xml text /javascript application /x-httpd-php ; gzip_vary on; include vhosts/*.conf; } |
[root@nginx-1.8.0 conf]# vim 80.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
|
server { listen 80; server_name localhost; index index.html index.php index.htm; access_log /usr/local/nginx/logs/80-access .log main; error_log /usr/local/nginx/logs/80-error .log; location ~ / { root /var/www/html/ ; index index.html index.php index.htm; } } |
启动nginx
[root@nginx-1.8.0 vhosts]# /opt/nginx/sbin/nginx -t 【检查配置是否正确】
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
[root@host-192-168-1-102 vhosts]# /opt/nginx/sbin/nginx 【启动nginx】
到此,上面需求中的nginx反向代理和负载均衡就已经配置完成了!
访问http://103.110.86.8:8080的结果显示的就是B机器,即http://192.168.1.102:8080的结果
访问http://103.110.86.8:8088的结果显示的就是C机器,即http://192.168.1.108:8088的结果
访问http://103.110.86.8:8090/ios的结果显示的就是B机器,即http://192.168.1.102:8090/ios/的结果
访问http://103.110.86.8的请求就会被负载给到后端两台机器http://192.168.1.102和http://192.168.1.103
可以在103.110.86.8本机可以使用curl和telnet测试到目标机器是否通顺~
[root@nginx-1.8.0 vhosts]# curl http://192.168.1.102:8080
[root@nginx-1.8.0 vhosts]# telnet 192.168.1.102 8080
--------------------------------------------------------------------------------------------------------------------------------------------
说明一下:
上面的nginx反向代理的需求,除了nginx反代配置之外,也可以使用iptables的nat转发实现。
比如:
访问A机器的8080端口,反向代理到B机器的80端口;
iptables的nat转发规则设置如下:
[root@opd ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.102:80
[root@opd ~]# iptables -t nat -A POSTROUTING -d 192.168.1.102 -p tcp -m tcp --sport 80 -j SNAT --to-source 192.168.1.8
[root@opd ~]# iptables -t filter -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
[root@opd ~]# service iptables save
**************************************
需要注意的是:
要打开A机器的ip转发功能:
[root@opd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
然后后端机器B的route路由最好也设置成192.168.1.8
**************************************
这样,访问http://103.110.86.8:8080的结果就是http://192.168.1.102的结果
-----------------------------------------------------------------------------------------------------------
nginx反向代理一例:
访问http://testwx3.wangshibo.com/apiwx3反向代理到https://testwww.wangshibo.com
1
2
3
4
5
6
7
8
9
10
11
|
[root@dev-new- test vhosts] # cat testwx3.wangshibo.com.conf server { listen 80; server_name testwx3.wangshibo.com; root /Data/app/xqsj_wx3/dist ; index index.html; location /apiwx3/ { proxy_pass https: //testwww .wangshibo.com/; } |
如上配置后:
访问http://testwx3.wangshibo.com/apiwx3自动跳转到http://testwx3.wangshibo.com/apiwx3/
访问http://testwx3.wangshibo.com/apiwx3/$1的内容和https://testwww.wangshibo.com/$1内容一致
比如:
访问http://testwx3.wangshibo.com/apiwx3/xqsj.php?r=HouseGroup/create 显示的内容既是 http://testwww.wangshibo.com/xqsj.php?r=HouseGroup/create的内容
如果将上面的代理配置改为:
1
2
3
4
5
6
7
8
|
location /apiwx3 { proxy_pass https: //testwww .wangshibo.com; } 或者 location /apiwx3/ { proxy_pass https: //testwww .wangshibo.com/; } |
那么只能实现:访问http://testwx3.wangshibo.com/apiwx3的结果和https://testwww.wangshibo.com一致
不能实现:访问http://testwx3.wangshibo.com/apiwx3/$1的内容和https://testwww.wangshibo.com/$1内容一致
-----------------------------------------------------------------------------------------------------------