nginx 反向代理

 

1.nginx配置，这里是https反向代理到https

upstream openresty_server {
    server 10.0.10.1:443 max_fails=3 fail_timeout=5s;  #反向代理到https要带端口
}

server {
    listen 80;
    listen 443 ssl;
    server_name test-admin.test.com test-api.test.com;
    root /data/www/test/public;
    index index.html index.htm index.php;

    keepalive_timeout 70;
    ssl_certificate /usr/local/nginx/cert/all.test.com.crt;
    ssl_certificate_key /usr/local/nginx/cert/all.test.com.key;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location /v1.0.0/question/list {
        include proxy.conf;
        proxy_pass https://openresty_server;
        proxy_ssl_certificate /usr/local/nginx/cert/all.test.com.crt;
        proxy_ssl_certificate_key /usr/local/nginx/cert/all.test.com.key;
        proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
        proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
        proxy_ssl_verify              off;
    }

    error_page 404 /index.php;

    location = /index.php {
        fastcgi_pass    unix__tmp_php7_cgi_sock;
        include         fastcgi_params;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param   SCRIPT_NAME $fastcgi_script_name;
        fastcgi_param   APP_ENV pro;
    }
   access_log /data/logs/www/test.log;　　　　　　　　　　

 

2.proxy配置

proxy_connect_timeout 30s;
proxy_send_timeout   90;
proxy_read_timeout   90;
proxy_buffer_size    128k;
proxy_buffers     4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 20M;
proxy_redirect     off;
proxy_hide_header  Vary;
proxy_set_header   Accept-Encoding '';
proxy_set_header   Host   test-api-cache.test.com;  #设置代理访问主机头，后端机器如果域名和前端访问不一致，这里可以修改主机头
proxy_set_header   Referer $http_referer;
#proxy_set_header   Cookie $http_cookie;  #这里是设置是否带cookie
proxy_set_header   X-Real-IP  $remote_addr;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream http_500 http_502 http_503 http_504 error timeout invalid_header;
#proxy_next_upstream http_502 http_503 http_504 error timeout invalid_header;
proxy_intercept_errors on;
#proxy_redirect default;
proxy_ignore_client_abort on;
proxy_hide_header "Cache-Control";  #这里表明不带cookie
proxy_hide_header "Set-Cookie";
proxy_hide_header "Pragma";
proxy_hide_header "X-Powered-By";