一、 Nginx代理服务
Nginx作为代理服务, 可以实现很多的协议代理,如HTTP、 HTTPS、 IMAP/POP。 主要以HTTP代理为主。
正向代理(内部上网): 客户端 <--> 代理 -> 服务端
反向代理: 客户端 -> 代理 <--> 服务端
代理的区别: 代理的对象不一样,正向代理的代理对象是客户端, 反向代理的代理对象是服务端。
二、 Nginx 七层代理
Nginx代理配置语法
Syntax: proxy_pass URL;
Default: —
Context: location, if in location, limit_except
Proxy缓冲区: 尽可能收集所有头请求。
Syntax: proxy_buffering on | off;
Default: proxy_buffering on;
Context: http, server, location
Enables or disables buffering of responses from the proxied server.
When buffering is enabled, nginx receives a response from the proxied server as soon as possible,
saving it into the buffers set by the proxy_buffer_size and proxy_buffers directives.
If the whole response does not fit into memory, a part of it can be saved to a temporary file on the disk.
Writing to temporary files is controlled by the proxy_max_temp_file_size and proxy_temp_file_write_size directives.
When buffering is disabled, the response is passed to a client synchronously, immediately as it is received.
nginx will not try to read the whole response from the proxied server.
The maximum size of the data that nginx can receive from the server at a time is set by the proxy_buffer_size directive.
Buffering can also be enabled or disabled by passing "yes" or "no" in the "X-Accel-Buffering" response header field.
This capability can be disabled using the proxy_ignore_headers directive.
proxy_buffers
Syntax: proxy_buffers number size;
Default: proxy_buffers 8 4k|8k;
Context: http, server, location
Sets the number and size of the buffers used for reading a response from the proxied server, for a single connection.
By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.
proxy_buffer_size
Syntax: proxy_buffer_size size;
Default: proxy_buffer_size 4k|8k;
Context: http, server, location
Sets the size of the buffer used for reading the first part of the response received from the proxied server.
This part usually contains a small response header.
By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.
It can be made smaller, however.
proxy_busy_buffer_size
Syntax: proxy_busy_buffers_size size;
Default: proxy_busy_buffers_size 8k|16k;
Context: http, server, location
When buffering of responses from the proxied server is enabled,
limits the total size of buffers that can be busy sending a response to the client
while the response is not yet fully read.
In the meantime, the rest of the buffers can be used for reading the response and,
if needed, buffering part of the response to a temporary file.
By default, size is limited by the size of two buffers set by the proxy_buffer_size and proxy_buffers directives.
跳转重定向
Syntax: proxy_redirect default;
proxy_redirect off;
proxy_redirect redirect replacement;
Default: proxy_redirect default;
Context: http, server, location
Sets the text that should be changed in the "Location" and "Refresh" header fields of a proxied server response.
Suppose a proxied server returned the header field "Location: http://localhost:8000/two/some/uri/".
The directive proxy_redirect http://localhost:8000/two/ http://frontend/one/; will rewrite this string to "Location: http://frontend/one/some/uri/".
A server name may be omitted in the replacement string: proxy_redirect http://localhost:8000/two/ /;
then the primary server’s name and port, if different from 80, will be inserted.
The default replacement specified by the default parameter uses the parameters of the location and proxy_pass directives.
Hence, the two configurations below are equivalent:
location /one/ {
proxy_pass http://upstream:port/two/;
proxy_redirect default;
location /one/ {
proxy_pass http://upstream:port/two/;
proxy_redirect http://upstream:port/two/ /one/;
A replacement string can contain variables: proxy_redirect http://localhost:8000/ http://$host:$server_port/;
A redirect can also contain (1.1.11) variables: proxy_redirect http://$proxy_host:8000/ /;
The directive can be specified (1.1.11) using regular expressions. In this case,
redirect should either start with the "~" symbol for a case-sensitive matching, or with the "~*" symbols for case-insensitive matching.
The regular expression can contain named and positional captures, and replacement can reference them:
proxy_redirect ~^(http://[^:]+):\d+(/.+)$ $1$2;
proxy_redirect ~*/user/([^/]+)/(.+)$ http://$1.example.com/$2;
Several proxy_redirect directives can be specified on the same level:
proxy_redirect default;
proxy_redirect http://localhost:8000/ /;
proxy_redirect http://www.example.com/ /;
If several directives can be applied to the header fields of a proxied server response, the first matching directive will be chosen.
The off parameter cancels the effect of the proxy_redirect directives inherited from the previous configuration level.
Using this directive, it is also possible to add host names to relative redirects issued by a proxied server:
proxy_redirect / /;
头信息
Syntax: proxy_set_header field value;
Default: proxy_set_header Host $proxy_host;
proxy_set_header Connection close;
Context: http, server, location
Allows redefining or appending fields to the request header passed to the proxied server. The value can contain text, variables, and their combinations.
These directives are inherited from the previous configuration level if and only if there are no proxy_set_header directives defined on the current level.
By default, only two fields are redefined:
proxy_set_header Host $proxy_host;
proxy_set_header Connection close;
If caching is enabled,
the header fields "If-Modified-Since", "If-Unmodified-Since", "If-None-Match", "If-Match", "Range", and "If-Range" from the original request are not passed to the proxied server.
An unchanged “Host” request header field can be passed like this: proxy_set_header Host $http_host;
However, if this field is not present in a client request header then nothing will be passed.
In such a case it is better to use the $host variable - its value equals the server name in the "Host" request header field or the primary server name if this field is not present:
proxy_set_header Host $host;
In addition, the server name can be passed together with the port of the proxied server: proxy_set_header Host $host:$proxy_port;
If the value of a header field is an empty string then this field will not be passed to a proxied server: proxy_set_header Accept-Encoding "";
// 扩展
proxy_hide_header
proxy_set_body
代理到后端的TCP连接超时
Syntax: proxy_connect_timeout time;
Default: proxy_connect_timeout 60s;
Context: http, server, location
# 建立与代理的后端服务器建立连接的超时。不超过75秒。
Defines a timeout for establishing a connection with a proxied server. It should be noted that this timeout cannot usually exceed 75 seconds.
Syntax: proxy_send_timeout time;
Default: proxy_send_timeout 60s;
Context: http, server, location
# 只是在两个连续的读取操作之间的超时时间。而不是请求的整个响应的传输超时时间。
Sets a timeout for transmitting a request to the proxied server.
The timeout is set only between two successive write operations, not for the transmission of the whole request.
If the proxied server does not receive anything within this time, the connection is closed.
Syntax: proxy_read_timeout time;
Default: proxy_read_timeout 60s;
Context: http, server, location
Defines a timeout for reading a response from the proxied server.
The timeout is set only between two successive read operations, not for the transmission of the whole response.
If the proxied server does not transmit anything within this time, the connection is closed.
调用外部配置
/etc/nginx/proxy_params
proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_buffer_size 32k;
proxy_buffering on;
location / {
proxy_pass http://localhost:8080/abc /abc;
include proxy_params;
}
三、 Nginx四层代理
stream 需 定义在http外层
stream {
upstream backend {
hash $remote_addr consistent;
server backend1.example.com:12345 weight=5;
server 127.0.0.1:12345 max_fails=3 fail_timeout=30s;
server unix:/tmp/backend3;
}
server {
listen 127.0.0.1:53 udp reuseport;
proxy_timeout 20s;
proxy_pass dns;
}
server {
listen [::1]:12345;
proxy_pass unix:/tmp/stream.socket;
}
}
stream {
upstream ssh_proxy {
hash $remote_addr consistent;
server 192.168.6.51:22;
}
upstream mysql_proxy {
hash $remote_addr consistent;
server 192.168.6.51:3306;
}
server {
listen 6662;
proxy_connect_timeout 5s;
proxy_timeout 300s;
proxy_pass ssh_proxy;
}
server {
listen 6666;
proxy_connect_timeout 5s;
proxy_timeout 300s;
proxy_pass mysql_proxy;
}
}
http {
}
[root@my-node10 ~]# netstat -tunlp | grep nginx
tcp 0 0 0.0.0.0:6666 0.0.0.0:* LISTEN 1509/nginx: master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1509/nginx: master
tcp 0 0 0.0.0.0:6662 0.0.0.0:* LISTEN 1509/nginx: master
