nginx 正向代理 反向代理 负载均衡

一、 基于 TCP/UDP 的四层协议(stream)代理配置

 nginx默认是没有开启TCP/UDP

代理。需要在编译Nginx是添加--with-stream参数才能开启

通常用于数据库、ssh等基于四层协议通信的配置

UDP则需要把 "listen port;" 修改为 "listen port udp;"

 

基于主从复制的mysql负载均衡配置:

user  nobody;
worker_processes auto; 
 
error_log logs/error.log    info; 
pid  logs/nginx.pid;  

worker_rlimit_nofile 65535;

events {   
    worker_connections 1024;         
    multi_accept on;  
    use epoll;        
}

stream {
    upstream Mysql_upstream {
        server 1.1.1.23:3306 max_fails=3 fail_timeout=10s;
        server 1.1.1.24:3306 max_fails=3 fail_timeout=10s;
    }
 
    server{
        listen 3309;
        proxy_pass Mysql_upstream;
        proxy_connect_timeout 10s;
        proxy_timeout 300s;
    }
}

 

基于ssh服务的配置:

user  nobody;
worker_processes auto; 
 
error_log logs/error.log    info; 
pid  logs/nginx.pid;  

worker_rlimit_nofile 65535;

events {   
    worker_connections 1024;         
    multi_accept on;  
    use epoll;        
}

stream {
    server{
        listen 224;
        proxy_pass 1.1.1.23:22;
        proxy_connect_timeout 10s;
        proxy_timeout 300s;
    }
}

 

 

二、基于HTTP 的七层协议和负载均衡反向代理配置

反向代理: 生产环境一般是不能直接访问外网,找一台能直接访问外网也能直接访问生产环境的主机,部署nginx,代理生产环境的web,实现外网访问内网资源

正向代理: 生产环境一般是不能直接访问外网,找一台能直接访问外网也能直接访问生产环境的主机,部署nginx,代理外网,实现生产环境访问外网

反向代理是让外网访问内网,正向代理是让内网访问外网

user  nobody;
worker_processes auto; 
 
error_log logs/error.log    info; 
pid  logs/nginx.pid;  

worker_rlimit_nofile 65535;

events {   
    worker_connections 1024;         
    multi_accept on;  
    use epoll;        
}

http {  
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_add_x_forwarded_for"';
                      
    access_log  logs/access.log main;
   
    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    server_tokens   off;

    autoindex off;
    
    keepalive_timeout     60;
    send_timeout          10;
    keepalive_requests    100;
    client_header_timeout 10;
    client_body_timeout   10;
    client_max_body_size 20m;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    
    gzip  on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types  text/plain  application/x-javascript text/css application/xml;
    gzip_vary on;
    
    upstream WEB_upstream {
        ip_hash;
        server 1.1.1.23:8090 max_fails=3 fail_timeout=10s;
        server 1.1.1.24:8090 max_fails=3 fail_timeout=10s;
    }
    
    server {
        listen    80;
        server_name  localhost;
        
        location / {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_send_timeout 300s;
            proxy_read_timeout 300s;
            proxy_buffering off;
            proxy_pass http://WEB_upstream;
        }   
    }
}

 

三、基于HTTPS 的七层协议反向代理配置

user  nobody;
worker_processes auto; 
 
error_log logs/error.log    info; 
pid  logs/nginx.pid;  

worker_rlimit_nofile 65535;

events {   
    worker_connections 1024;         
    multi_accept on;  
    use epoll;        
}

http {  
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_add_x_forwarded_for"';
                      
    access_log  logs/access.log main;
   
    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    server_tokens   off;

    autoindex off;
    
    keepalive_timeout     60;
    send_timeout          10;
    keepalive_requests    100;
    client_header_timeout 10;
    client_body_timeout   10;
    client_max_body_size 20m;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    
    gzip  on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types  text/plain  application/x-javascript text/css application/xml;
    gzip_vary on;
    
    server {
        listen    443  ssl;
        server_name  localhost;
        
        #ssl证书路径
        ssl_certificate cert/cert.crt;
        #ssl私钥位置
        ssl_certificate_key cert/cert.key;
        #ssl启用的密码格式
        ssl_ciphers HIGH:!aNULL:!MD5;
        #ssl启用的协议
        ssl_protocols TLSV1.2 TLSv1.3;
        
        location ^~ /web/ {
            proxy_http_version 1.1;
            proxy_connect_timeout 20;
            proxy_send_timeout 300;
            proxy_read_timeout 300;
            proxy_buffering off;
            proxy_pass http://1.1.1.23:8099;
        }   
    }
}

 

四、正向HTTP代理

user  nobody;
worker_processes auto; 
 
error_log logs/error.log    info; 
pid  logs/nginx.pid;  

worker_rlimit_nofile 65535;

events {   
    worker_connections 1024;         
    multi_accept on;  
    use epoll;        
}

http {  
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_add_x_forwarded_for"';
                      
    access_log  logs/access.log main;
   
    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    server_tokens   off;

    autoindex off;
    
    keepalive_timeout     60;
    send_timeout          10;
    keepalive_requests    100;
    client_header_timeout 10;
    client_body_timeout   10;
    client_max_body_size 20m;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    
    gzip  on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types  text/plain  application/x-javascript text/css application/xml;
    gzip_vary on;
    
    server {
        #指定DNS服务器,主要用于解析域名
        resolver 114.114.114.114; 
        #http监听端口      
        listen 8081;
        
        location / { 
            #$http_host和$request_uri是固定格式,PORT是外网web的port,默认80
            proxy_pass http://$http_host:PORT$request_uri;    
            proxy_set_header HOST $host;
        }
    }    
}

 

posted @ 2021-02-05 21:45  junffzhou  阅读(220)  评论(0编辑  收藏  举报