⑧nginx 反向代理
| 反向代理模式 | Nginx配置模块 |
|---|---|
| http websocket https | ngx_http_proxy_module |
| fastcgi | ngx_http_fastcgi_module |
| uwsgi | ngx_http_uwsgi_module |
| grpc | ngx_http_v2_module |
proxy_pass
Syntax: proxy_pass URL;
Default: —
Context: location, if in location, limit_except
http://localhost:8000/uri/
http://192.168.56.11:8000/uri/
http://unix:/tmp/backend.socket:/uri/
示例:
cat /etc/nginx/conf.d/tank_proxy.conf
server {
listen 80;
server_name tank.test.com;
error_log /var/log/nginx/tank_error.log warn;
access_log /var/log/nginx/tank_access.log main;
location / {
proxy_pass http://192.168.1.214;
proxy_set_header Host $http_host; #12--->200--->214 12请求200 host_name tank.test.com 200请求214 host_name http://192.168.1.214 server_name不被214接收
}
}
X-Forwarded-For 把真实的ip传递到后端
- 用户 ip 192.168.1.21
- SLB01 ip 192.168.1.5
- SLB02 ip 192.168.1.6
- web ip 192.168.1.7
用户(192.168.1.21) --> SLB01(192.168.1.5) --> SLB02(192.168.1.6) --> WEB01(192.168.1.7)
SLB01的配置文
server {
listen 80;
server_name web.yangyijing.cn;
location / {
#proxy_pass http://192.168.1.7:8080;
proxy_pass http://192.168.1.6;
proxy_set_header Host $http_host; #把Host请求传递给后端的服务器
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
SLB02的配置文件
server {
listen 80;
server_name web.yangyijing.cn;
location / {
proxy_pass http://192.168.1.7:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
WEB01配置文件
server {
listen 8080;
server_name web.yangyijing.cn;
access_log /var/log/nginx/web_access.log main;
error_log /var/log/nginx/web_error.log;
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For; #确定变量 提取真实IP地址
real_ip_recursive on; #取第一个存储的ip地址为真实ip 赋值给remote_addr
location / {
root /code;
index index.html;
}
}
验证
192.168.1.21 - - [16/Jun/2022:13:58:52 +0800] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" "192.168.1.21, 192.168.1.5"
连接到后端的tcp连接 响应 返回等超时时间
nginx代理与后端服务器连接超时时间(代理连接超时)
Syntax: proxy_connect_timeout time;
Default: proxy_connect_timeout 60s;
Context: http, server, location
nginx代理等待后端服务器的响应时间
Syntax: proxy_read_timeout time;
Default: proxy_read_timeout 60s;
Context: http, server, location
后端服务器数据回传给nginx代理时间
Syntax: proxy_send_timeout time;
Default: proxy_send_timeout 60s;
Context: http, server, location
缓冲buffer
nginx会把后端返回的内容先放到缓冲区 然后再返回给客户端 边收边传 不是全部接收后再传送给客户端
Syntax: proxy_buffering on | off;
Default: proxy_buffering on;
Context: http, server, location
Syntax: proxy_buffers number size;
Default: proxy_buffers 8 4k|8k;
Context: http, server, location
示例
cat /usr/local/openresty/nginx/conf/conf.d/nginx_openc2p_params
charset utf-8;
location = /favicon.ico {
return 404;
}
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
client_max_body_size 200m;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_redirect off;
proxy_buffering off;
incloud 进来
server {
listen 80;
server_name openc2p.com;
location / {
proxy_pass http://49.233.72.230;
include conf.d/nginx_openc2p_params;
}
}
浙公网安备 33010602011771号