nginx http代理、负载均衡、tcp代理转发 配置
一、nginx http 代理
- nginx http 代理
通过proxy_set_header,返回客户端真实IP地址及端口,而不是代理主机ip,
#proxy ngx 代理不支持 https,有https需求可以用squid
server {
listen 9998;
allow 192.168.0.0/24;
deny all;
location / {
access_log /data/logs/proxy_access.log main;
proxy_redirect off;
proxy_pass http://$http_host$request_uri;
proxy_set_header Host $host:$server_port; # 设置请求头:代理IP:port
proxy_set_header X-Real-IP $remote_addr; # 真实客户端地址IP
proxy_set_header X-Real-PORT $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
}
}- nginx http转发
server {
listen 21000;
server_name 127.0.0.1;
location / {
proxy_read_timeout 1800;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://10.10.20.34:21000;
}
}- nginx 负载均衡
cat vhosts/down_fdfs_19080.conf
server {
listen 19080;
server_name 127.0.0.1;
location / {
proxy_read_timeout 1800;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://down_fdfs;
}
}
cat upstream/down_fdfs.conf
upstream down_fdfs{
server 10.10.20.54:80 max_fails=2 fail_timeout=30s weight=10;
server 10.10.20.55:80 max_fails=2 fail_timeout=30s weight=10;
keepalive 64;
}- 匹配url,转发到不同主机
这里对url的转换稍微难理解一点,比如多个”//”等。
对于proxy_pass的值,去掉主机,就剩了”/”, 这里就是将 “/api_test/” 替换为 “/” 。这样就很清楚匹配url到底需不需要将”/”了。
location /api_test/ {
default_type 'text/plain';
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_connect_timeout 10;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://api.system/;
}
upstream api.system{
server 192.168.6.119:8901 max_fails=2 weight=1;
keepalive 64;
}
二、nginx TCP 反向代理
1、编译相关模块
支持TCP代理和负载均衡的stream模块
ngx_stream_core_module,在1.90版本后将被启用。但是并不会默认安装,需要在编译时通过指定 –with-stream 参数来激活这个模块。
- 对于低版本nginx
下面操作步骤只让nginx支持tcp_proxy,没有加入prce、gzip、ssl等功能,如需要,可自行在编译时加上相关参数。
wget https://github.com/yaoweibin/nginx_tcp_proxy_module/archive/master.zip
unzip master.zip
cd nginx-1.8.1
patch -p1 <../nginx_tcp_proxy_module-master/tcp.patch
./configure --add-module=../nginx_tcp_proxy_module-master
make
make install2、配置 nginx tcp 代理
==注意:新版本关键字为stream,低版本为tcp==
- 新版本nginx
stream {
upstream backend {
hash $remote_addr consistent;
server backend1.example.com:12345 weight=5;
server 127.0.0.1:12345 max_fails=3 fail_timeout=30s;
server unix:/tmp/backend3;
}
server {
listen 12345;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass backend;
}
server {
listen [::1]:12345;
proxy_pass unix:/tmp/stream.socket;
}
}- 低版本nginx
events { ...
}
http { ...
}
tcp {
upstream backend {
server 127.0.0.1:12345 max_fails=3 fail_timeout=30s;
}
server {
listen 2345;
proxy_pass backend;
}
}3、nginx tcp proxy 转发超时问题
==nginx tcp proxy 连接保持设置==
根据前文Nginx tcp proxy module试用的设置,在测试环境中发现tcp连接经常掉线。
其实就是少了几个设置,README的配置不能用于生产环境。
配置如下,现在工作正常了:
tcp {
timeout 1d;
proxy_read_timeout 10d;
proxy_send_timeout 10d;
proxy_connect_timeout 30;
# rsync
upstream proxy_rsync {
server 10.10.20.42:30873 max_fails=3;
}
server {
listen 30888;
proxy_pass proxy_rsync;
}
}转载请务必保留此出处:http://blog.csdn.net/fgf00/article/details/79276127
附:nginx 优化 配置文件参考
注:最后几行的tcp部分,如果没有编译,可以注释掉
user nginx nginx;
worker_processes 24;
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
error_log /data/logs/nginx/error.log notice;
pid logs/nginx.pid;
events {
use epoll;
multi_accept on;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
charset UTF-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 128k;
large_client_header_buffers 8 128k;
client_max_body_size 20g;
sendfile on;
tcp_nopush on;
open_file_cache max=51200 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
keepalive_timeout 60;
tcp_nodelay on;
server_tokens off;
server_tag off;
server_info off;
fastcgi_connect_timeout 600;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
fastcgi_buffer_size 512k;
fastcgi_buffers 16 256k;
fastcgi_busy_buffers_size 512k;
fastcgi_temp_file_write_size 512k;
fastcgi_intercept_errors on;
client_header_timeout 6m;
client_body_timeout 6m;
send_timeout 6m;
connection_pool_size 256;
request_pool_size 8k;
output_buffers 8 64k;
postpone_output 1460;
client_body_buffer_size 1024k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 3;
gzip_proxied any;
gzip_types text/plain application/x-javascript application/json text/css application/xml;
gzip_vary on;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_ignore_client_abort on;
proxy_next_upstream error;
proxy_buffer_size 64k;
proxy_temp_path /dev/shm/nginx_proxy_temp;
proxy_cache_path /dev/shm/proxy_cps_cache levels=1:2 keys_zone=cache_cps:1024m inactive=2d max_size=8g;
proxy_cache_path /dev/shm/proxy_cpsSimhash_cache levels=1:2 keys_zone=cache_cpsSimhash:1024m inactive=2d max_size=8g;
proxy_cache_path /dev/shm/proxy_search_cache levels=1:2 keys_zone=cache_search:1024m inactive=2d max_size=8g;
proxy_pass_header Set-Cookie;
log_format main '$http_host $remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" "$http_user_agent" '
'"$http_x_forwarded_for" "$upstream_cache_status" $request_time $host';
include upstream/*.conf;
include vhosts/*.conf;
}
tcp {
timeout 1d;
proxy_read_timeout 10d;
proxy_send_timeout 10d;
proxy_connect_timeout 30;
include tcp_proxy/*.conf;
}转载请务必保留此出处:http://blog.csdn.net/fgf00/article/details/79276127