nginx反向代理,负载转发配置
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#负载 这里以同一个服务器的四个server为例
upstream rxxxcluster{
ip_hash; #ip_hash 是解决不同端口应用session不共享的最直接的方法,虽然负载效果不一定佳
server 172.19.105.102:7003 max_fails=3 fail_timeout=15s;
server 172.19.105.102:7005 max_fails=3 fail_timeout=15s;
server 172.19.105.102:7007 max_fails=3 fail_timeout=15s;
server 172.19.105.102:7009 max_fails=3 fail_timeout=15s;
}
server {
#访问地址 xxxx:9001
listen 9001;
#个人发现没有用到
server_name localhost;
location / {
proxy_pass http://rxxxcluster; #访问9001端口相当于访问上面配置的四个服务
#proxy_set_header 表示nginx把客户端的实际信息替换反向代理默认传到后台的内容,能解决应用通过request获取出错的情况
proxy_set_header Host $host:$remote_port; #让应用获取到的ip和端口是实际的而不是nginx代理的
proxy_set_header X_Real_IP $remote_addr; #同上
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;#同上
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# HTTPS server
# 配置https负载和反向代理
server {
listen 9002;
server_name scsbzxh.com;
ssl on;
ssl_certificate sslkey/scsbzxh.com_bundle.crt; #证书地址
ssl_certificate_key sslkey/scsbzxh.com_RSA.key; #证书地址2
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://rxsccluster; #特别留意,这里是http
proxy_set_header Host $host;
proxy_set_header X_Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}