- Reverse proxy: reverse proxy is also called reverse proxy. It refers to a way to proxy the request of the external network user to the internal specified web server and return the data to the user. This is a more frequently used way
- In addition to providing high-performance web services in enterprises, Nginx can also forward requests that it does not own to other servers for processing through a predefined protocol. Different protocols are a specification for communication between Nginx servers and other servers. The main purpose is to use the following modules in different scenarios to achieve different functions:
- Production environment deployment structure:
1. Implement http reverse proxy
- Objective: to forward the user's request for domain www.bokebi.net to the back-end server for processing
Official file: https://nginx.org/en/docs/http/ngx_http_proxy_module.html
- Environmental preparation:
- Access logic diagram
1.1 deploy backend Apache server
//172.20.26.24 apt install apache2 -y echo "web1 172.20.26.24" > /var/www/html/index.html systemctl start httpd && systemctl enable httpd //172.20.26.34 apt install apache2 -y echo "web2 172.20.26.34" >> /var/www/html/index.html systemctl start httpd && systemctl enable httpd //Access test curl http://172.20.26.24 web1 192.168.7.103 curl http://172.20.26.34 web2 192.168.7.104
1.2 getting started with nginx HTTP reverse proxy
Official file: https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
1.2.1 reverse agent configuration parameters
proxy_pass; #It is used to set the host of the back-end server to which the client requests are forwarded. It can be either the host name, IP address, port mode, or the proxy to the preset The host group needs the support of module GX ﹣ http ﹣ upstream ﹣ module. location /web { index index.html; proxy_pass http://172.20.26.24:80; #The / web to be accessed without slash is equal to the back-end server http://172.20.26.24:80/web/index.html, that is, the back-end service The root directory of the site configured by the server must have a web directory to be accessed. This is an append / web to the back-end server http://servername:port/WEB/INDEX.HTML operation proxy_pass http://172.20.26.24:80/; #With a slash, the content of http://172.20.26.24:80/index.html that accesses the back-end server is returned to the client } #Restart Nginx to test the access effect: # curl -L http://www.bokebi.net/web/index.htmlproxy_hide_header field; #When nginx is used as the reverse proxy, when it returns the http response to the client, it hides the corresponding header information of the backend service version, which can be set in the http/server or location Block, location /web { index index.html; proxy_pass http://172.20.26.24:80/; proxy_hide_header ETag; }proxy_pass_header field; #By default, nginx does not transfer parameters such as Date, Server, X-Pad, X-Accel of the first field of the back-end server in the response message. If the The proxy pass header field declaration is used to pass the value returned by the backend server to the client.
proxy_pass_request_body on | off; #Whether to send HTTP package part to back-end server,Can be set in http/server or location Block, on by default
proxy_pass_request_headers on | off; #Whether to forward the request header of the client to the back-end server can be set at http/server or location Block, on by defaultproxy_set_header; #You can change or add the request header information content of the client and forward it to the back-end server, for example, when the back-end server wants to obtain the real IP address of the client The header of each message should be changed as follows: #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $remote_addr; #Add HOST to the message header. If the client accesses the Internet for NAT, its value is the shared public IP address of the client. It is often used to record the client's Real IP address.
proxy_connect_timeout time; #Configure the timeout for nginx server and backend server to try to establish a connection. The default is60Second, as follows: proxy_connect_timeout 60s; #60s For customization nginx Timeout for establishing connection with backend server
proxy_read_time time; #Configure the timeout for waiting after the nginx server initiates a read request to the back-end server or server group. The default is60s proxy_send_time time; #Configure the timeout for waiting after the nginx backend server or server group initiates a write request. Default60s
proxy_http_version 1.0; #Used to set the version of HTTP protocol for nginx to provide proxy service, default http 1.0proxy_ignore_client_abort off; #When the client network interrupts the request, the nginx server interrupts its request to the back-end server. That is, if this item is set to on, the server will ignore customers The client interrupts and waits for the proxy service to return. If off is set, Nginx will interrupt the client's request and record 499 days immediately after the client interrupts Log, the default is off.
proxy_headers_hash_bucket_size 128; #When the proxy hide header and proxy set header are configured, they are used to set the hash table on which nginx stores the HTTP message header //Limit. proxy_headers_hash_max_size 512; #Set the maximum free space of proxy header hash bucket size server_namse_hash_bucket_size 512; #Server? Name hash table request space size server_names_hash_max_szie 512; #Set the maximum size of the server name hash table
1.2.2 reverse proxy example - single web server
server { listen 80; server_name www.bokebi.net; location / { proxy_pass http://172.20.26.24:80/; } } #Restart Nginx and access the test
1.2.3: reverse proxy example - specify location
server { listen 80; server_name www.bokebi.net; location / { index index.html index.php; root /data/nginx/html/pc; } location /web { #proxy_pass http://172.20.26.24:80 /; ා pay attention to the following /, proxy_pass http://172.20.26.34:80/; } } #The back-end web server must have a relative access URL //172.20.26.24 mkdir /var/www/html/web echo "web1 page for apache" > /var/www/html/web/index.html //172.20.26.34 mkdir /var/www/html/web echo "web2 page for apache" > /var/www/html/web/index.html
- Restart Nginx and access the test
//To view the access log of 172.20.26.14 Apache: tail -f /var/log/httpd/access_log 172.20.26.14 - - [09/Jan/2020:20:24:36 +0800] "GET / HTTP/1.0" 304 143 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36" 172.20.26.14 - - [09/Jan/2020:20:24:37 +0800] "GET / HTTP/1.0" 304 143 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36" 172.20.26.14 - - [09/Jan/2020:20:24:38 +0800] "GET / HTTP/1.0" 304 143 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"Nanjing_bokebi 104 original articles published, 67 praised, 4795 visited Private letter follow