nginx转发配置

案例1需求：

1. 业务需要一个临时的访问地址
2. 不可以暴露真是的url
3. 暴露的地址：http://xxx.xxx.xxx.xxx/voice/texttospeech?user=xxxxx7asx&pswd=xxxxxxxxxdsa0sd9
4. 需要隐藏的地址：http://xxx.xxx.xxx.xxx/voice/v1/tts?agentId=xxxxxxjNmRjNGVm&token=xxxxxxx35e3873012638&sessionId=xxxxxmRjNGVm&clientId=xxxxxx0000001

nginx配置文件可以这么配：

location ^~ /voice/textxxxxx {
    proxy_set_header Host xxx.xxx.com;
    if ($args ~ user=xxxxJ9y7asx&pswd=xxxxxxa0sd9) {
        rewrite /(.*) /voice/v1/tts?agentId=xxxxxxjNGVm&token=xxxxxxxxf7a28ec35e3873012638&sessionId=xxxxxxxxxGVm&clientId=xxxxx0000001 break;
        proxy_pass http://后端api的ip地址;
    }
}

rewrite：主要是为了隐藏url

proxy_set_header  Host   xxxx：主要是为了访问虚拟主机，因为nginx可能有多个虚拟主机，需要用Host头信息来区分到底访问哪个虚拟主机

proxy_pass：主要是后端真是的被访问的机器

这样配置就可以实现客户端访问了一个虚拟的url，转发到后端真实的url，并且给与返回值，这就可以达到隐藏前端url不被暴露的目的

访问：

curl -XPOST -H 'Host:xxx.xxx.com' -H 'Content-Type: text/plain' 'http://127.0.0.1/voice/textxxxx?user=xxx7asx&pswd=xxxxxxdsa0sd9' -d '伟大领袖哈哈怪'

 

案例2需求：

1. 需要配置反向代理
2. 访问test2的时候代理访问test3
3. 不能暴露后端真是的服务器域名或者是地址

test2   nginx配置文件为：

server {
    listen 80;
    server_name www.test2.com;
    location / {
        proxy_set_header Host www.test3.com;
        proxy_redirect http://www.test3.com/static http://www.aaa.com/lie;
        proxy_pass http://127.0.0.1;
    }
}

test3   nginx配置文件内容为：

server {
    listen 80;
    server_name www.test3.com;
    location / {
        root /usr/local/html3;
        index index.html index.htm;
    }
}

关键是

proxy_redirect http://www.test3.com/static http://www.aaa.com/lie;
当我们访问http://www.test2.com/static的时候会代理到http://www.test3.com/static这个url，给客户端返回头部信息的时候是真实后端的url  test3的信息
当我们不加proxy_redirect的时候结果为：

curl -X HEAD --head www.test2.com/static  


HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Fri, 23 Sep 2022 10:52:24 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://www.test3.com/static/

当我们加proxy_redirect的时候结果为：

curl -X HEAD --head www.test2.com/static  


HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Fri, 23 Sep 2022 10:53:02 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://www.aaa.com/lie/

这样我们就可以不暴露我们真实的url了

 

nginx.conf配置案例

[op@api-nginx-01 conf]$ cat nginx.conf
user  www;
worker_processes  auto;

error_log  /roobo/logs/nginx/error.log;
error_log  /roobo/logs/nginx/error.log  notice;
error_log  /roobo/logs/nginx/error.log  info;

worker_rlimit_nofile 65535;

events {
    worker_connections  10240;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$server_name $host $remote_addr - $remote_user [$time_local] [$msec] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" $http_x_forwarded_for $request_time';
    log_format  requestbody  '$server_name $host $remote_addr - $remote_user [$time_local] [$msec] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" $http_x_forwarded_for $request_time $request_body';

    access_log  /roobo/logs/nginx/access.log main;

    #log_format  main escape=json  '{"remote":$remote_addr,"server_name":$server_name,"request":"$request","status":"$status","http_referer":$http_referer,"args":$request_body}';
    #access_log  /roobo/logs/nginx/access.log main;

    set_real_ip_from   100.64.0.0/10;#这个网段访问的话返回真是ip
    set_real_ip_from   100.64.0.0/10;
    set_real_ip_from   10.158.0.0/16;
    set_real_ip_from   10.159.0.0/16;
    set_real_ip_from   10.49.0.0/16;
    set_real_ip_from   10.25.0.0/16;
    real_ip_header     X-Forwarded-For;

    server_tokens off;
    sendfile        on;
    tcp_nopush      on;
    keepalive_timeout  65;
    proxy_ignore_client_abort on;
    server_names_hash_max_size 512;
    server_names_hash_bucket_size 512;
    proxy_headers_hash_max_size 51200;
    proxy_headers_hash_bucket_size 6400;
    client_max_body_size 50m;
    client_body_buffer_size 1m;
    proxy_max_temp_file_size 0;

    include /roobo/server/nginx/conf/limit_zone.conf;   #限速文件如下：
    include /roobo/server/nginx/conf/vhosts/*.conf;　　　#配置文件路径

}

 

/roobo/server/nginx/conf/limit_zone.conf文件内容如下：

[op@api-nginx-01 conf]$ cat /roobo/server/nginx/conf/limit_zone.conf
#设置白名单
geo $white_ip {
default 1;
include whiteip.conf;   #白名单文件
}
#设置限速区域
map $white_ip $limited {
1 $binary_remote_addr;
0 "";
}
#设置http状态码
limit_req_status 418;
limit_conn_status 418;
#分配内存设置限速频率，内存可以更加服务器大小调整
limit_conn_zone $limited zone=addr:10m;
limit_req_zone $limited zone=one:5m rate=5r/s;
limit_req_zone $limited zone=two:5m rate=10r/s;
limit_req_zone $limited zone=three:5m rate=20r/s;
limit_req_zone $limited zone=four:5m rate=30r/s;
limit_req_zone $limited zone=five:5m rate=50r/s;
limit_req_zone $limited zone=ten:10m rate=100r/m;
#设置日志级别
limit_req_log_level error;
limit_conn_log_level error;

白名单内容：

[op@api-nginx-01 conf]$ cat /roobo/server/nginx/conf/whiteip.conf 
127.0.0.1 0;
10.0.0.0/8 0;
60.205.246.14 0;
59.110.62.117 0;
59.110.49.218 0;