CentOS7下搭建nginx反向代理服务器使得外网可以二级域名访问内网应用

创建nginx的本地yum源

[root@localhost ~]# yum list |grep nginx
No package nginx available.
[root@localhost ~]# //给跪了,什么鬼,怎么没有nginx的rpm?算了,直接自己手动配一个官网repo吧
[root@localhost ~]# //访问nginx官网,进入dowload页面,翻到底部的Pre-Build Package,选stable version
---------------------------
To set up the yum repository for RHEL/CentOS, create the file named /etc/yum.repos.d/nginx.repo with the following contents:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/OS/OSRELEASE/$basearch/
gpgcheck=0
enabled=1
Replace “OS” with “rhel” or “centos”, depending on the distribution used, and “OSRELEASE” with “5”, “6”, or “7”, for 5.x, 6.x, or 7.x versions, respectively.
---------------------------
[root@localhost ~]#
[root@localhost ~]# //大意就是:创建/etc/yum.repos.d/nginx.repo文件,贴入模板内容,替换相应的系统和软件版本号
[root@localhost ~]#
[root@localhost ~]# cd /etc/yum.repos.d
[root@localhost yum.repos.d]# vi nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

:wq

以yum方式安装nginx

[root@localhost yum.repos.d]# yum list |grep nginx
nginx.x86_64                               1:1.10.0-1.el7.ngx          nginx    
nginx-debug.x86_64                         1:1.8.0-1.el7.ngx           nginx    
nginx-debuginfo.x86_64                     1:1.10.0-1.el7.ngx          nginx    
nginx-module-geoip.x86_64                  1:1.10.0-1.el7.ngx          nginx    
nginx-module-image-filter.x86_64           1:1.10.0-1.el7.ngx          nginx    
nginx-module-njs.x86_64                    1:1.10.0.0.0.20160414.1c50334fbea6-1.el7.ngx
                                                                       nginx    
nginx-module-perl.x86_64                   1:1.10.0-1.el7.ngx          nginx    
nginx-module-xslt.x86_64                   1:1.10.0-1.el7.ngx          nginx    
nginx-nr-agent.noarch                      2.0.0-9.el7.ngx             nginx    
pcp-pmda-nginx.x86_64                      3.10.6-2.el7                base

[root@localhost yum.repos.d]# yum install nginx.x86_64 
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * rpmforge: mirrors.neusoft.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 1:1.10.0-1.el7.ngx will be installed
--> Finished Dependency Resolution

Dependencies Resolved

####################################################################################
 Package                   Arch                       Version                                Repository                 Size
####################################################################################
Installing:
 nginx                     x86_64                     1:1.10.0-1.el7.ngx                     nginx                     640 k

Transaction Summary
####################################################################################
Install  1 Package

Total download size: 640 k
Installed size: 2.1 M
Is this ok [y/d/N]: y
Downloading packages:
nginx-1.10.0-1.el7.ngx.x86_64.rpm                                                                     | 640 kB  00:00:18     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 1:nginx-1.10.0-1.el7.ngx.x86_64                                                                           1/1 
----------------------------------------------------------------------

Thanks for using nginx!

Please find the official documentation for nginx here:
* http://nginx.org/en/docs/

Commercial subscriptions for nginx are available on:
* http://nginx.com/products/

----------------------------------------------------------------------
  Verifying  : 1:nginx-1.10.0-1.el7.ngx.x86_64                                                                                                         1/1 

Installed:
  nginx.x86_64 1:1.10.0-1.el7.ngx                                                                                                                          

Complete!
[root@localhost yum.repos.d]# nginx -v
nginx version: nginx/1.10.0

[root@localhost yum.repos.d]# service nginx start
Redirecting to /bin/systemctl start  nginx.service
● nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2016-05-10 10:19:20 CST; 3s ago
     Docs: http://nginx.org/en/docs/
  Process: 29730 ExecStart#/usr/sbin/nginx -c /etc/nginx/nginx.conf (code#exited, status#0/SUCCESS)
  Process: 29729 ExecStartPre#/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code#exited, status#0/SUCCESS)
 Main PID: 29733 (nginx)
   CGroup: /system.slice/nginx.service
           ├─29733 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
           └─29734 nginx: worker process

May 10 10:19:20 localhost systemd[1]: Starting nginx - high performance web server...
May 10 10:19:20 localhost nginx[29729]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
May 10 10:19:20 localhost nginx[29729]: nginx: configuration file /etc/nginx/nginx.conf test is successful
May 10 10:19:20 localhost systemd[1]: Failed to read PID from file /run/nginx.pid: Invalid argument
May 10 10:19:20 localhost systemd[1]: Started nginx - high performance web server.

[root@localhost yum.repos.d]# curl localhost //或者打开浏览器访问http://localhost/
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href#"http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href#"http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

ok安装好了,下面就是配置的事情

配置nginx为反向代理服务器

设置nginx开机自启动

[root@localhost yum.repos.d]# cd /etc/nginx
[root@localhost nginx]# chkconfig nginx on
Note: Forwarding request to 'systemctl enable nginx.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

设置nginx的反向代理规则

[root@localhost nginx]# vi nginx.conf
user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush on;

    keepalive_timeout  65;

    gzip  on;

    #modify@2016-05-10 11:30
    include /etc/nginx/conf.d/reverse-proxy.conf;

    client_max_body_size        50m;    #缓冲区代理缓冲用户端请求的最大字节数,可以理解为保存到本地再传给用户
    client_body_buffer_size     256k;
    client_header_timeout       3m;
    client_body_timeout         3m;
    send_timeout                3m;

    proxy_connect_timeout       300s;   #nginx跟后端服务器连接超时时间(代理连接超时)
    proxy_read_timeout          300s;   #连接成功后,后端服务器响应时间(代理接收超时)
    proxy_send_timeout          300s;
    proxy_buffer_size           64k;    #设置代理服务器(nginx)保存用户头信息的缓冲区大小
    proxy_buffers       4       32k;    #proxy_buffers缓冲区,网页平均在32k以下的话,这样设置
    proxy_busy_buffers_size     64k;    #高负荷下缓冲大小(proxy_buffers*2)
    proxy_temp_file_write_size  64k;    #设定缓存文件夹大小,大于这个值,将从upstream服务器传递请求,而不缓冲到磁盘
    proxy_ignore_client_abort   on;     #不允许代理端主动关闭连接

    server {
        listen          80;
        server_name     localhost;
        location / {
            root html;
            index       index.html index.htm;
        }
        error_page      500 502 503 504 /50x.html;
        location # /50x.html {
            root html;
        }
    }
    #modification is done!

}

:wq

[root@localhost nginx]# cd conf.d/
[root@localhost conf.d]# vi reverse-proxy.conf
## wiki.myweb.org -> http://10.1.1.230:8013
server
{
    listen 80;
    server_name         wiki.myweb.org;
    location / {
        proxy_redirect  off;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.1.1.230:8013;
    }
    access_log /var/log/nginx/wiki_access.log;
}

## zentao.myweb.org/zentao -> http://10.1.1.240:49017/zentao
server
{
    listen 80;
    server_name         zentao.myweb.org;
    location / {
        proxy_redirect  off;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.1.1.240:49017;
    }
    access_log /var/log/nginx/zentao_access.log;
}

## trac.myweb.org -> http://10.1.1.240:8000/
server
{
    listen 80;
    server_name         trac.myweb.org;
    location / {
        proxy_redirect  off;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.1.1.240:8000;
    }
    access_log /var/log/nginx/trac_access.log;
}

## kb2.myweb.org -> http://10.1.1.230:8080/
server
{
    listen 80;
    server_name         kb2.myweb.org;
    location / {
        proxy_redirect  off;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.1.1.230:8080;
    }
    access_log /var/log/nginx/iphmk_admin_kb2_access.log;
}

:wq
[root@localhost conf.d]# service start nginx

最后一步

因为我们nginx的反向代理服务器是部署在10.1.1.230上,它本身也是内网服务器,所以需要在路由器上配一个路由转发规则:
所有从外网80端口进来的请求,都转发到nginx所在的服务器,由nginx来负责转发。

路由器设置:虚拟服务器
WAN口        wan1    
WAN端口       80      常用服务:  DNS(53)
LAN端口       80
内网IP      10.1.1.230
协议:     全部

ok,大公告成~

本文参考以下博文来实现部署:
http://blog.csdn.net/hejingyuan6/article/details/47262419 (考虑做window的测试)
http://www.ttlsa.com/nginx/use-nginx-proxy/
http://blog.csdn.net/isresultxal/article/details/50674378
http://blog.csdn.net/xshalk/article/details/51313101 (后续我也要做证书授权的说)

后续的改进

我这种代理配置,看着不怎么美观,我记得有更优美的配置方式的,等悠闲的时候,可以继续优化。

【重要补充:】
对了,还忘记了交代:还需要一个自己的域名(myweb.org),才可以这样去使用二级域名来解析内网应用。
如果没有,可以申请阿里云服务,然后在路由器上,来绑定内网入口的网络服务商分配给动态IP(这步很简单,就是路由器上设置填上申请的动态域名就好了)
这里的工作,属于准备期工作,申请啊备案啊,还是很繁琐的,本次没有记录下来~

你可能感兴趣的:(nginx,centos,反向代理服务器,内网暴露)