Nginx反向代理配置

Nginx反向代理配置    

    Nginx反向代理的指令不需要新增额外的模块，默认自带proxy_pass指令，只需要修改配置文件就可以实现反向代理。

1、环境

代理服务器ip:    192.168.1.106,

后端服务器1:     192.168.1.112,

后端服务器2:     192.168.1.113.

访问www.jason.com指向192.168.1.112服务器。访问www.jason.com/admin指向192.168.1.113服务器。

2、修改配置文件

(1)、代理服务器配置文件

user nobody;

worker_processes  1;

pid nginx.pid;

error_log logs/error.log  notice;

worker_rlimit_nofile 65535;

events {

   worker_connections  65535;

   use epoll;

}

 

http {

   include       mime.types;

   default_type application/octet-stream;

   log_format  main  '$remote_addr - $remote_user [$time_local]"$request" '

                      '$status $body_bytes_sent"$http_referer" '

                     '"$http_user_agent" "$http_x_forwarded_for"';

   log_format  download  '$remote_addr - $remote_user [$time_local]"$request" '

                      '$status $body_bytes_sent"$http_referer" '

                     '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  logs/access.log  main;

  client_max_body_size 20M;

  client_header_buffer_size    4k;

  large_client_header_buffers  4 8k;

  client_header_timeout  10;

  client_body_timeout    10;

  send_timeout           10;

  sendfile         on;

  tcp_nopush       on;

  tcp_nodelay      on;

  keepalive_timeout  60;

  

  gzip on;

  gzip_min_length  1k;

  gzip_http_version 1.1;

  gzip_buffers     4 8k;

  gzip_comp_level 2;

  gzip_types       text/plainapplication/x-javascript text/css application/xml;

  gzip_vary on;

  

  server {

       listen 80; 

       server_name www.jason.com; 

       access_log logs/access.log main; 

       location / { 

                index index.html;

                proxy_pass http://10.18.199.112;

                proxy_redirect          off;

                proxy_set_header        Host            $host;

                proxy_set_header        X-Real-IP       $remote_addr;

                proxy_set_header        X-Forwarded-For$proxy_add_x_forwarded_for;

                proxy_connect_timeout   90;

                proxy_send_timeout      90;

                proxy_read_timeout      90;

                proxy_buffers           32 4k;

                proxy_buffer_size          4k;

                proxy_busy_buffers_size    64k;

                proxy_temp_file_write_size64k;       

}

 location /admin {

                index index.html;

                proxy_pass http://10.18.199.113;

                proxy_redirect          off;

                proxy_set_header        Host            $host;

                proxy_set_header        X-Real-IP       $remote_addr;

                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_connect_timeout   90;

                proxy_send_timeout      90;

                proxy_read_timeout      90;

                proxy_buffers           32 4k;

                proxy_buffer_size          4k;

                proxy_busy_buffers_size    64k;

                proxy_temp_file_write_size 64k;

       }

       location ~ /\.ht {

           deny  all;

       }

    }

}

（2）、后端服务器1

user nobody;

worker_processes  1;

pid nginx.pid;

error_log logs/error.log  notice;

worker_rlimit_nofile 65535;

 

events {

   worker_connections  65535;

   use epoll;

}

 

http {

   include       mime.types;

   default_type application/octet-stream;

   log_format  main  '$remote_addr - $remote_user [$time_local]"$request" '

                     '$status$body_bytes_sent "$http_referer" '

                     '"$http_user_agent" "$http_x_forwarded_for"';

   log_format  download  '$remote_addr - $remote_user [$time_local]"$request" '

                      '$status $body_bytes_sent"$http_referer" '

                     '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  logs/access.log  main;

  client_max_body_size 20M;

  client_header_buffer_size    4k;

  large_client_header_buffers  4 8k;

  client_header_timeout  10;

   client_body_timeout    10;

  send_timeout           10;

  sendfile         on;

  tcp_nopush       on;

  tcp_nodelay      on;

  keepalive_timeout  60;

        

  gzip on;

  gzip_min_length  1k;

  gzip_http_version 1.1;

  gzip_buffers     4 8k;

  gzip_comp_level 2;

  gzip_types       text/plainapplication/x-javascript text/css application/xml;

  gzip_vary on;

   

  server {

       listen 80; 

       server_name www.jason2.com; 

       access_log logs/access.log main; 

  

       location / { 

                index index.html; 

                root/usr/local/nginx/html/jason2; 

       }

       error_page  404              /404.html;

       error_page   500 502 503 504  /50x.html;

       location = /50x.html {

                                root   /usr/local/nginx/html;

       }

       location = /favicon.ico {

                log_not_found off;

                access_log off;

       }

       #location /status {

       #        stub_status on;

       #        access_log/usr/local/nginx/logs/status.log;

       #        auth_basic"NginxStatus";

       #        auth_basic_user_file/usr/local/nginx/conf/htpasswd;}

               

       location ~ /\.ht {

           deny  all;

       }

    }

}

（3）后端服务器2：

user nobody;

worker_processes  1;

pid nginx.pid;

error_log logs/error.log  notice;

worker_rlimit_nofile 65535;

 

events {

   worker_connections  65535;

   use epoll;

}

 

http {

   include       mime.types;

   default_type application/octet-stream;

   log_format  main  '$remote_addr - $remote_user [$time_local]"$request" '

                      '$status $body_bytes_sent"$http_referer" '

                     '"$http_user_agent" "$http_x_forwarded_for"';

   log_format  download  '$remote_addr - $remote_user [$time_local]"$request" '

                      '$status $body_bytes_sent"$http_referer" '

                     '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  logs/access.log  main;

   client_max_body_size 20M;

  client_header_buffer_size    4k;

  large_client_header_buffers  4 8k;

  client_header_timeout  10;

  client_body_timeout    10;

  send_timeout           10;

  sendfile         on;

  tcp_nopush       on;

  tcp_nodelay      on;

  keepalive_timeout  60;

  

  gzip on;

  gzip_min_length  1k;

  gzip_http_version 1.1;

  gzip_buffers     4 8k;

  gzip_comp_level 2;

  gzip_types       text/plainapplication/x-javascript text/css application/xml;

  gzip_vary on;

 

   server{

       listen 80; 

       server_name www.jason3.com; 

       access_log logs/access.log main;   

  

       location /admin { 

                index index.html; 

                root /usr/local/nginx/html;

       }

 

       error_page  404              /404.html;

       error_page   500 502 503 504  /50x.html;

       location = /50x.html {

              root   /usr/local/nginx/html;

       }

       location = /favicon.ico {

                log_not_found off;

                access_log off;

       }

       #location /status {

       #        stub_status on;

       #        access_log/usr/local/nginx/logs/status.log;

       #        auth_basic"NginxStatus";

       #        auth_basic_user_file/usr/local/nginx/conf/htpasswd;}

               

       location ~ /\.ht {

           deny  all;

       }

    }

 

}

3、测试：

启动代理服务器、后端服务器1、后端服务器2。

访问www.jason.com出现如下页面

 

访问www.jason.com/admin出现如下页面

 

更多方向代理参数可查看官方详细解释http://nginx.org/en/docs/http/ngx_http_proxy_module.html

备注：

1、后端服务器默认端口为非80端口时，还稍微有点不一样。如下：

        location / {  

                index index.html;

                proxy_pass http://10.18.199.112:9080/;

                proxy_redirect          off;

                proxy_set_header        Host            $host;

                proxy_set_header        X-Real-IP       $remote_addr;

                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_connect_timeout   90;

                proxy_send_timeout      90;

                proxy_read_timeout      90;

                proxy_buffers           32 4k;

                proxy_buffer_size          4k;

                proxy_busy_buffers_size    64k;

                proxy_temp_file_write_size 64k;        

}

 location /admin {

                index index.html;

                proxy_pass http://10.18.199.113:9080/admin/;

                proxy_redirect          off;

                proxy_set_header        Host            $host;

                proxy_set_header        X-Real-IP       $remote_addr;

                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_connect_timeout   90;

                proxy_send_timeout      90;

                proxy_read_timeout      90;

                proxy_buffers           32 4k;

                proxy_buffer_size          4k;

                proxy_busy_buffers_size    64k;

                proxy_temp_file_write_size 64k;

        }

    红色字体部分location /admin与proxy_pass http://10.18.199.113:9080/admin/中的uri必须同时存在，location /admin中的URI将会被proxy_pass指令中指定的URI替代并传送到后端服务器；80端口时location /admin会被传送到后端服务器，proxy_pass可以不写URI。

官方说明：

Syntax:	proxy_pass URL;
Default:	—
Context:	location, if in location, limit_except

Sets the protocol and address of a proxied server and an optional URI to which a location should be mapped. As a protocol, “http” or “https” can be specified. The address can be specified as a domain name or IP address, and an optional port:

proxy_pass http://localhost:8000/uri/;

or as a UNIX-domain socket path specified after the word “unix” and enclosed in colons:

proxy_pass http://unix:/tmp/backend.socket:/uri/;

If a domain name resolves to several addresses, all of them will be used in a round-robin fashion. In addition, an address can be specified as a server group.

A request URI is passed to the server as follows:

• If the proxy_pass directive is specified with a URI, then when a request is passed to the server, the part of a normalized request URI matching the location is replaced by a URI specified in the directive:

  location /name/ {
      proxy_pass http://127.0.0.1/remote/;
  }

• If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing the changed URI:

  location /some/path/ {
      proxy_pass http://127.0.0.1;
  }

  Before version 1.1.12, if  proxy_pass is specified without a URI, the original request URI might be passed instead of the changed URI in some cases.

In some cases, the part of a request URI to be replaced cannot be determined:

• When location is specified using a regular expression.

  In this case, the directive should be specified without a URI.

• When the URI is changed inside a proxied location using the rewrite directive, and this same configuration will be used to process a request (break):

  location /name/ {
      rewrite    /name/([^/]+) /users?name=$1 break;
      proxy_pass http://127.0.0.1;
  }

  In this case, the URI specified in the directive is ignored and the full changed request URI is passed to the server.

A server name, its port and the passed URI can also be specified using variables:

proxy_pass http://$host$uri;

or even like this:

proxy_pass $request;

In this case, the server name is searched among the described server groups, and, if not found, is determined using a resolver.

WebSocket proxying requires special configuration and is supported since version 1.3.13

2、nginx监听端口非80时，正确配置如下：

server {

    listen 8080;

    server_name localhost;

    location / {

        proxy_pass http://10.18.199.112:8081;

        proxy_set_header Host $host:8080;  ##必须指定监听端口

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }

}