一、nginx.conf结构
events{} #nginx性能
stream{
upstream{
}
server{
location{
}
}
} #四层转发
http{
upstream{
}
server{
location{
}
}
} #七层转发
http {
include /usr/local/nginx/conf.d/*.conf; #调用/usr/local/nginx/conf.d/下的配置文件
}
二三使用的upstream模块
upstream tomcat {
server X.X.X.X:443 weight=100;
}
upstream raptor_tomcat {
server X.X.X.X:8081 weight=100;
}
二、server http代理http
server {
listen 18001;
access_log /var/log/nginx/bl_http.log ngx_accss_json;
location /status {
stub_status on;
access_log off;
allow 127.0.0.1;
allow 10.0.17.27;
allow 10.0.1.142;
deny all;
}
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://bl_tomcat;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_ignore_client_abort on;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
#####http代理https
如果代理的后端是https服务,需要把黄色的代码改为https://bl_tomcat;
三、server https代理https
server {
listen 8443 ssl;
server_name *.intellicredit.cn;
root html;
ssl on;
ssl_certificate /usr/local/nginx/certs/intellicre.crt;
ssl_certificate_key /usr/local/nginx/certs/intellicredit.cn.key;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
access_log /var/log/nginx/bl_https.log;
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass https://tomcat;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_ignore_client_abort on;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
#####
如果代理的后端是http服务,需要把黄色的代码改为http://tomcat;
四、四层TCP代理TCP,使用stream模块,nginx -V查看是否支持stream模块
stream {
upstream test {
hash $remote_addr consistent;
server 1.1.1.1:80 weight=100;
}
server {
listen 8080;
proxy_connect_timeout 5s;
proxy_timeout 5s;
proxy_pass test;
}
}
浙公网安备 33010602011771号