nginx 反向代理
nginx 七层负载
在nginx.conf主配置文件中添加:
include /usr/local/nginx/conf.d/*.conf;
编辑conf.d下的配置文件:
1 [root@nginx conf]# cat ../conf.d/vhost.conf 2 upstream tomcat { 3 server X.X.X.X:443 weight=100; 4 } 5 upstream raptor_tomcat { 6 server X.X.X.X:8081 weight=100; 7 }
一)https反向代理
1 server { 2 listen 8443 ssl; 3 server_name *.example.cn; 4 root html; 5 ssl on; 6 ssl_certificate /usr/local/nginx/certs/example.crt; 7 ssl_certificate_key /usr/local/nginx/certs/example.cn.key; 8 ssl_session_cache shared:SSL:20m; 9 ssl_session_timeout 20m; 10 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 11 access_log /var/log/nginx/example_https.log; 12 location / { 13 proxy_http_version 1.1; 14 proxy_set_header Connection ""; 15 proxy_pass http://raptor_tomcat; 16 #Proxy Settings 17 proxy_redirect off; 18 proxy_set_header Host $host; 19 proxy_set_header X-Real-IP $remote_addr; 20 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 21 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 22 proxy_max_temp_file_size 0; 23 proxy_ignore_client_abort on; 24 proxy_connect_timeout 90; 25 proxy_send_timeout 90; 26 proxy_read_timeout 90; 27 proxy_buffer_size 4k; 28 proxy_buffers 4 32k; 29 proxy_busy_buffers_size 64k; 30 proxy_temp_file_write_size 64k; 31 } 32 }
##如果后端代理的同样是一个https的服务,则需要把红色位置改成 proxy_pass https://tomcat; 一个大坑,特别需要留意是使用https。
二)http代理:
[root@nginx conf]# cat ../conf.d/http.conf server { listen 18001; access_log /var/log/nginx/example_http.log; location /status { stub_status on; access_log off; allow 127.0.0.1; allow 10.0.17.27; allow 10.0.1.142; deny all; } location / { proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass https://tomcat; #Proxy Settings proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_ignore_client_abort on; proxy_max_temp_file_size 0; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }
nginx 四层负载
nginx自nginx-1.9以后支持七层负载均衡的同时也兼备了四层负载均衡,但是需要加入--with-stream模块
如果一开始没有编译到nginx中,可以使用nginx -V来查看当时的编译参数,例如:
[root@nginx sbin]# ./nginx -V nginx version: nginx/1.14.0 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lo ck-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --http-client-body-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fcgi --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre --with-file-aio --with-http_secure_link_module
只需要在后面添加--with-stream 然后make 不用make install 不然就会覆盖之前的
配置负载均衡:
1 stream { 2 upstream zifangsky { 3 hash $remote_addr consistent; 4 server X.X.X.X:8080; 5 } 6 server { 7 listen 8080; 8 proxy_connect_timeout 5s; 9 proxy_timeout 5s; 10 proxy_pass zifangsky; 11 } 12 }
##千万记住不要配置到http里面,网上一些博客写的都是配置到了http里面,巨坑!!!
四层tcp代理到https
stream { upstream zifangsky { hash $remote_addr consistent; server X.X.X.X:8080; } server { listen 8080 ssl; proxy_connect_timeout 5s; proxy_timeout 5s; proxy_pass zifangsky; }
需要添加stream的ssl模块 --with-stream_ssl_module
