nginx的反向代理

proxy 模块ngx_http_proxy_module模块默认编译进nginx里的;通过--without-http_proxy_module禁用
功能:对上游服务使用http/https协议进行反向代理
proxy_pass 指令
1
2
3
Syntax: proxy_pass URL;
Default: —
Context: location, if in location, limit_except

    配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
server {
        listen 8012;
        default_type text/plain;
        return 200 '8012 server response.\n $request_uri \n';
}
 
upstream rrups{
        #ip_hash;
        #hash user_$arg_username;
        #server 127.0.0.1:8011;
        server 127.0.0.1:8012;
        #keepalive  32;
        }
server {
        set_real_ip_from 192.168.183.4;
        real_ip_recursive on;
        real_ip_header X-Forwarded-For;
        server_name rrups.com;
        error_log rrups_error.log info;
        location /a{
                #proxy_pass http://rrups/addurl;
                proxy_pass http://rrups;  # 不在url的测试
                #proxy_method POST;
                proxy_pass_request_headers off;
                #proxy_pass_request_body off;
                proxy_set_body 'hello world';
                proxy_set_header name '';
                proxy_http_version 1.1;
                proxy_set_header Connection "";
        }
}

  测试

1
2
3
[root@python vhast]# curl  rrups.com/a/bc
8012 server response.
/a/bc

  加url的代理

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
upstream rrups{
        #ip_hash;
        #hash user_$arg_username;
        #server 127.0.0.1:8011;
        server 127.0.0.1:8012;
        #keepalive  32;
        }
server {
        set_real_ip_from 192.168.183.4;
        real_ip_recursive on;
        real_ip_header X-Forwarded-For;
        server_name rrups.com;
        error_log rrups_error.log info;
        location /a{
                proxy_pass http://rrups/addurl;
                #proxy_pass http://rrups;
                #proxy_method POST;
                proxy_pass_request_headers off;
                #proxy_pass_request_body off;
                proxy_set_body 'hello world';
                proxy_set_header name '';
                proxy_http_version 1.1;
                proxy_set_header Connection "";
        }
}

  测试

1
2
3
[root@python vhast]# curl  rrups.com/a/bc
8012 server response.
/addurl/bc

  

proxy 模块生成向上的请求行

1
2
3
4
5
6
Syntax: proxy_method method;
Default: —
Context: http, server, location
Syntax: proxy_http_version 1.0 | 1.1#协议
Default: proxy_http_version 1.0;
Context: http, server, location

proxy 模块生成发往上游的请求头部

1
2
3
4
5
6
7
8
Syntax: proxy_set_header field value;  # 修改或者添加一个头部 field是或添加的name value是值
Default: proxy_set_header Host $proxy_host;  #默认会修改
proxy_set_header Connection close;   # 默认会修改
Context: http, server, location
若value的值为空字符,则整个header都不会向上游发送
Syntax: proxy_pass_request_headers on | off;  # 是否把用户请求头部发送到上游;默认是发送的
Default: proxy_pass_request_headers on;
Context: http, server, location

proxy模块:生成发送上游的包体

1
2
3
4
5
6
Syntax: proxy_pass_request_body on | off;  #是否把用户请求的body发给上游;默认发送
Default: proxy_pass_request_body on;
Context: http, server, location
Syntax: proxy_set_body value;   # 手动构造body value是字符串
Default: —
Context: http, server, location

 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
[root@python vhast]# cat shangyou.conf
server {
    listen 8011;
    default_type text/plain;
    return 200 '8011 server response.\n';
}
 
server {
    listen 8012;
    default_type text/plain;
    return 200 '8012 server response.
uri: $uri
method: $request_method
requset: $request
http_name: $http_name
\n';
}
 
 
 
upstream rrups{
    #ip_hash;
    #hash user_$arg_username;
    #server 127.0.0.1:8011;
    server 127.0.0.1:8012;
    #keepalive  32;
    }
server {
    set_real_ip_from 192.168.183.4;
    real_ip_recursive on;
    real_ip_header X-Forwarded-For;
    server_name rrups.com;
    error_log rrups_error.log info;
    location /a{
        proxy_pass http://rrups/addurl;
        #proxy_pass http://rrups;
        #proxy_method POST;
        #proxy_pass_request_headers off;
        #proxy_pass_request_body off;
        #proxy_set_body 'hello world';
        #proxy_set_header name '';
        #proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}

  测试

1
2
3
4
5
6
[root@python vhast]# curl  -H 'name: chenxi' rrups.com/a/bc
8012 server response.
uri: /addurl/bc
method: GET
requset: GET /addurl/bc HTTP/1.0  #协议1.0
http_name: chenxi

  配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[root@python vhast]# cat upstream.conf
 
upstream rrups{
    #ip_hash;
    #hash user_$arg_username;
    #server 127.0.0.1:8011;
    server 127.0.0.1:8012;
    #keepalive  32;
    }
server {
    set_real_ip_from 192.168.183.4;
    real_ip_recursive on;
    real_ip_header X-Forwarded-For;
    server_name rrups.com;
    error_log rrups_error.log info;
    location /a{
        proxy_pass http://rrups/addurl;
        #proxy_pass http://rrups;
        proxy_method POST;  #方法改为POST
        proxy_pass_request_headers off;  #关闭想后端 传递头部
        #proxy_pass_request_body off;
        #proxy_set_body 'hello world';
        #proxy_set_header name '';
        proxy_http_version 1.1; #将默认的1.0协议改为1.1协议
        proxy_set_header Connection "";
    }
}

  测试

1
2
3
4
5
6
[root@python vhast]# curl  -H 'name: chenxi' rrups.com/a/bc
8012 server response.
uri: /addurl/bc
method: POST
requset: POST /addurl/bc HTTP/1.1
http_name:

  配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[root@python vhast]# cat upstream.conf
 
upstream rrups{
    #ip_hash;
    #hash user_$arg_username;
    #server 127.0.0.1:8011;
    server 127.0.0.1:8012;
    #keepalive  32;
    }
server {
    set_real_ip_from 192.168.183.4;
    real_ip_recursive on;
    real_ip_header X-Forwarded-For;
    server_name rrups.com;
    error_log rrups_error.log info;
    location /a{
        proxy_pass http://rrups/addurl;
        #proxy_pass http://rrups;
        proxy_method POST;
        proxy_pass_request_headers off;
        #proxy_pass_request_body off;
        proxy_set_body 'hello world'; 向后端打死hell world的字样
        proxy_set_header name '';
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}

  测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
[root@python ~]# tcpdump -i lo port 8012 -A -s 0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
20:20:36.987588 IP localhost.39234 > localhost.8012: Flags [S], seq 923812551, win 43690, options [mss 65495,sackOK,TS val 276600255 ecr
E..<.x@.@.eA.........B.L7.B..........0.........
.|..........
20:20:36.987645 IP localhost.8012 > localhost.39234: Flags [S.], seq 1180445653, ack 923812552, win 43690, options [mss 65495,sackOK,TS
E..<..@.@.<..........L.BF\+.7.B......0.........
.|...|......
20:20:36.987682 IP localhost.39234 > localhost.8012: Flags [.], ack 1, win 342, options [nop,nop,TS val 276600255 ecr 276600255], length
E..4.y@.@.eH.........B.L7.B.F\+....V.(.....
.|...|..
20:20:36.987864 IP localhost.39234 > localhost.8012: Flags [P.], seq 1:73, ack 1, win 342, options [nop,nop,TS val 276600255 ecr 2766002
E..|.z@.@.d..........B.L7.B.F\+....V.p.....
.|...|..POST /addurl/bc HTTP/1.1
Host: rrups
Content-Length: 11
 
hello world   发往上游主机的里有hello world字样
20:20:36.987949 IP localhost.8012 > localhost.39234: Flags [.], ack 73, win 342, options [nop,nop,TS val 276600255 ecr 276600255], lengt
E..4.i@.@.~X.........L.BF\+.7.C....V.(.....
.|...|..
20:20:36.988297 IP localhost.8012 > localhost.39234: Flags [P.], seq 1:247, ack 73, win 342, options [nop,nop,TS val 276600255 ecr 27660
E..*.j@.@.}a.........L.BF\+.7.C....V.......
.|...|..HTTP/1.1 200 OK
Server: nginx/1.15.9
Date: Fri, 12 Jul 2019 12:20:36 GMT
Content-Type: text/plain
Content-Length: 98
Connection: keep-alive
 
8012 server response.
uri: /addurl/bc
method: POST
requset: POST /addurl/bc HTTP/1.1
http_name:
 
 
20:20:36.988331 IP localhost.39234 > localhost.8012: Flags [.], ack 247, win 350, options [nop,nop,TS val 276600255 ecr 276600255], leng
E..4.{@.@.eF.........B.L7.C.F\,....^.(.....
.|...|..
20:20:36.988663 IP localhost.39234 > localhost.8012: Flags [F.], seq 73, ack 247, win 350, options [nop,nop,TS val 276600255 ecr 2766002
E..4.|@.@.eE.........B.L7.C.F\,....^.(.....
.|...|..
20:20:36.988889 IP localhost.8012 > localhost.39234: Flags [F.], seq 247, ack 74, win 342, options [nop,nop,TS val 276600256 ecr 2766002
E..4.k@.@.~V.........L.BF\,.7.C....V.(.....
.|...|..
20:20:36.988915 IP localhost.39234 > localhost.8012: Flags [.], ack 248, win 350, options [nop,nop,TS val 276600256 ecr 276600256], leng
E..4.}@.@.eD.........B.L7.C.F\,....^.(.....
.|...|..

  

 

接收客户端请求的包体:是否收完整体在转发,还是边收变转发

1
2
3
4
5
Syntax: proxy_request_buffering on | off;
Default: proxy_request_buffering on;
Context: http, server, location
on: 客户端网速慢;上游服务并发处理能力低,适合高吞吐量场景;表示:收完客户端包体在进行准发
off:更及时得到相应;降低nginx读写磁盘的消耗,一旦开始发送内容proxy_next_upstream 功能:表示:边接受,边转发

  客户端包体的接收

1
2
3
4
5
6
7
8
9
10
11
12
13
Syntax: client_body_buffer_size size;
Default: client_body_buffer_size 8k|16k;
Context: http, server, location
Syntax: client_body_in_single_buffer on | off;
Default: client_body_in_single_buffer off;
Context: http, server, location
 
 
 
存在包体时接收包体所分配的内存
若接收头部时已经接收完全部包体,则部分配
若剩余待接收包体的长度小于client_body_buffer_size,则仅分配所需大小
分配client_body_in_single_buffer 大小内存接收包体。关闭包体缓存,该内存的内容及时发送给上游;打开包体缓存:该内存用完时,写入临时文件,释放内存

  设置最大包体限制

1
2
3
4
5
6
Syntax: client_max_body_size size;
Default: client_max_body_size 1m;   最大包体大小默认1M
Context: http, server, location
 
 
仅对请求头部中包含有Content-Length 有效超出最大长度后,返回413错误

  接收用户请求body临时文件路径

1
2
3
4
5
6
Syntax: client_body_temp_path path [level1 [level2 [level3]]];  指定目录
Default: client_body_temp_path client_body_temp;
Context: http, server, location
Syntax: client_body_in_file_only on | clean | off;  #on用户请求处理完后,还存在本机。clean用户请求完成后就删除;off表示非常小的时候不会存文件里
Default: client_body_in_file_only off;
Context: http, server, location

  读取包体的超时时间;超时后包403错误

1
2
3
Syntax: client_body_timeout time;
Default: client_body_timeout 60s;
Context: http, server, location

  

 

 

  

posted @   烟雨楼台,行云流水  阅读(387)  评论(0编辑  收藏  举报
编辑推荐:
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
阅读排行:
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· 葡萄城 AI 搜索升级:DeepSeek 加持,客户体验更智能
· 什么是nginx的强缓存和协商缓存
· 一文读懂知识蒸馏
点击右上角即可分享
微信分享提示