nginx 正向代理 反向代理 负载均衡
一、 基于 TCP/UDP 的四层协议(stream)代理配置
nginx默认是没有开启TCP/UDP
代理。需要在编译Nginx是添加--with-stream参数才能开启
通常用于数据库、ssh等基于四层协议通信的配置
UDP则需要把 "listen port;" 修改为 "listen port udp;"
基于主从复制的mysql负载均衡配置:
user nobody; worker_processes auto; error_log logs/error.log info; pid logs/nginx.pid; worker_rlimit_nofile 65535; events { worker_connections 1024; multi_accept on; use epoll; } stream { upstream Mysql_upstream { server 1.1.1.23:3306 max_fails=3 fail_timeout=10s; server 1.1.1.24:3306 max_fails=3 fail_timeout=10s; } server{ listen 3309; proxy_pass Mysql_upstream; proxy_connect_timeout 10s; proxy_timeout 300s; } }
基于ssh服务的配置:
user nobody; worker_processes auto; error_log logs/error.log info; pid logs/nginx.pid; worker_rlimit_nofile 65535; events { worker_connections 1024; multi_accept on; use epoll; } stream { server{ listen 224; proxy_pass 1.1.1.23:22; proxy_connect_timeout 10s; proxy_timeout 300s; } }
二、基于HTTP 的七层协议和负载均衡反向代理配置
反向代理: 生产环境一般是不能直接访问外网,找一台能直接访问外网也能直接访问生产环境的主机,部署nginx,代理生产环境的web,实现外网访问内网资源
正向代理: 生产环境一般是不能直接访问外网,找一台能直接访问外网也能直接访问生产环境的主机,部署nginx,代理外网,实现生产环境访问外网
反向代理是让外网访问内网,正向代理是让内网访问外网
user nobody; worker_processes auto; error_log logs/error.log info; pid logs/nginx.pid; worker_rlimit_nofile 65535; events { worker_connections 1024; multi_accept on; use epoll; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_add_x_forwarded_for"'; access_log logs/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; server_tokens off; autoindex off; keepalive_timeout 60; send_timeout 10; keepalive_requests 100; client_header_timeout 10; client_body_timeout 10; client_max_body_size 20m; client_header_buffer_size 32k; large_client_header_buffers 4 32k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; upstream WEB_upstream { ip_hash; server 1.1.1.23:8090 max_fails=3 fail_timeout=10s; server 1.1.1.24:8090 max_fails=3 fail_timeout=10s; } server { listen 80; server_name localhost; location / { proxy_http_version 1.1; proxy_connect_timeout 60s; proxy_send_timeout 300s; proxy_read_timeout 300s; proxy_buffering off; proxy_pass http://WEB_upstream; } } }
三、基于HTTPS 的七层协议反向代理配置
user nobody; worker_processes auto; error_log logs/error.log info; pid logs/nginx.pid; worker_rlimit_nofile 65535; events { worker_connections 1024; multi_accept on; use epoll; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_add_x_forwarded_for"'; access_log logs/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; server_tokens off; autoindex off; keepalive_timeout 60; send_timeout 10; keepalive_requests 100; client_header_timeout 10; client_body_timeout 10; client_max_body_size 20m; client_header_buffer_size 32k; large_client_header_buffers 4 32k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; server { listen 443 ssl; server_name localhost; #ssl证书路径 ssl_certificate cert/cert.crt; #ssl私钥位置 ssl_certificate_key cert/cert.key; #ssl启用的密码格式 ssl_ciphers HIGH:!aNULL:!MD5; #ssl启用的协议 ssl_protocols TLSV1.2 TLSv1.3; location ^~ /web/ { proxy_http_version 1.1; proxy_connect_timeout 20; proxy_send_timeout 300; proxy_read_timeout 300; proxy_buffering off; proxy_pass http://1.1.1.23:8099; } } }
四、正向HTTP代理
user nobody; worker_processes auto; error_log logs/error.log info; pid logs/nginx.pid; worker_rlimit_nofile 65535; events { worker_connections 1024; multi_accept on; use epoll; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_add_x_forwarded_for"'; access_log logs/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; server_tokens off; autoindex off; keepalive_timeout 60; send_timeout 10; keepalive_requests 100; client_header_timeout 10; client_body_timeout 10; client_max_body_size 20m; client_header_buffer_size 32k; large_client_header_buffers 4 32k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; server { #指定DNS服务器,主要用于解析域名 resolver 114.114.114.114; #http监听端口 listen 8081; location / { #$http_host和$request_uri是固定格式,PORT是外网web的port,默认80 proxy_pass http://$http_host:PORT$request_uri; proxy_set_header HOST $host; } } }