nginx反向代理配置介绍
近期搭建portal网站,发现了nginx的强大,跟大家分享一下,背景知识,nginx代理过程
发现:nginx中也可以加入第三方扩展来增强其功能,通常就是下载该模块然后再重新编译nginx加入该模块,比如:https://github.com/openresty/headers-more-nginx-module
此外还有一些打包好的nginx增强包,不用编译,可以直接用apt-get install 来安装
一、nginx 包合集介绍:
nginx 除了我们日常使用的nginx版本之外还有其他包:
nginx-light: "basic version"
The minimal set of modules for basic functionality.
nginx-naxsi: "version with naxsi"
The minimal set, plus the hardened "Nginx Anti Xss & Sql Injection" configuration and its required plugins.
nginx-core: "core version"
The standard nginx deployment, less the third-party modules.
This is the first Canonical-supported nginx package. It's in the Ubuntu "main" repository instead of the community-supported "universe" repository. See the announcement "nginx-core is now in Ubuntu Trusty 14.04 Main!" on an archive of the maintainer's unofficial (older and now defunct) blog or on the copy of the old post on the maintainer's unofficial blog:
none of the already-established flavors of nginx are included in Ubuntu Main (nginx-light, nginx-full, nginx-extras, and nginx-naxsi). The Ubuntu Security Team has said that the third-party modules are wildly different in coding and therefore cannot be supported.
To that end, we created a package called nginx-core which has been included in the Main repository. This package contains only the modules that ship with the stock nginx tarball. We do not include any third-party modules with this package, just the modules that come from NGINX upstream.
nginx-full: "standard version"
The standard nginx deployment, including frequently-used third-party modules.
nginx-extras: "extended version"
The standard nginx deployment plus several infrequently-used and largish modules.
功能最全面的就是nginx-extras了,安装方法 apt-get install nginx-extras,更详细的信息可以查看https://askubuntu.com/questions/553937/what-is-the-difference-between-the-core-full-extras-and-light-packages-for-ngi
二、nginx配置使用简介,及其增强功能
比较实用的第三方模块 headers-more-nginx-module,通过引入该模块,然后就可以对服务器的返回值进行个性化修改(去除某些安全性限制)
如下配置文件示例:
load_module modules/ngx_http_headers_more_filter_module.so; #此句引入了增强模块 headers-more-nginx-module
......
server {
listen 8080;
server_name localhost;
location / {
if ($request_method = 'OPTIONS') { #可以通过逻辑判断进行配置
return 204;
}
root /app/frontend/dist;
try_files $uri $uri/ /app/frontend/dist/index.html /index.html index.html =404;
}
}
# 监听jenkins
server {
listen 8081;
server_name localhost;
location / {
resolver 10.96.0.10 ipv6=off;
proxy_set_header X-Real-IP $remote_addr; #proxy_set_header 对应转发到服务器的request header设置
add_header X-Forwarded-For $remote_addr; #add_header 对应从服务器返回给客户端的response header 设置
proxy_pass https://atp-jenkins.mcd.megvii-inc.com;
more_set_headers 'X-Frame-Options: ALLOWALL'; #可以重新修改返回值
proxy_redirect https://atp-jenkins.mcd.megvii-inc.com/ http://10.122.130.254:38081/;
}
}
}