关于nginx的反向reverse正向forward代理
nginx reverse and forward proxy proxy_store proxy_cache
正向代理(forward proxy),是一个位于客户端和源服务器之间的服务器,为了从源服务器取得内容,客户端向代理发送一个请求并指定目标(源服务器),然后代理向源服务器转交请求并将获得的内容返回给客户端。客户端能够访问源服务器
一般Linux服务器编译安装需要的几个依赖包
yum -y install pcre pcre-devel zlib zlib-devel openssl-devel openssl
Nginx服务器设置http/https正向代理,使用ngx_http_proxy_connect_module模块
http://nginx.org/en/docs/http/ngx_http_proxy_module.html
一般配置如下:
server { listen 443; # dns resolver used by forward proxying resolver 119.29.29.29; # forward proxy for CONNECT request proxy_connect; proxy_connect_allow 443; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; # forward proxy for non-CONNECT request location / { proxy_pass http://$host; proxy_set_header Host $host; } }一般情况下我们配置nginx server都是作为反向代理服务器的reverse proxy
nginx配置中proxy_pass或者upstream
Client-request==>ServerName[www.abc.com]===>proxy_pass or upsteam ==>> application server
wget https://tengine.taobao.org/download/tengine-2.3.2.tar.gz tar zxvf tengine-2.3.2.tar.gz cd tengine-2.3.2 useradd -s /sbin/nologin -M nginx ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module make && make install我这里贴一个我以前用的简单的做proxy的配置
/usr/local/nginx/conf/vhosts# cat /usr/local/nginx/conf/nginx.conf user nginx; worker_processes 4; worker_rlimit_nofile 204800; pid /usr/local/nginx/sbin/nginx-tengine.pid; events { use epoll; worker_connections 204800; } http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 64m; sendfile on; server_tokens off; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; add_header Xdebug proxy01; proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 512k; proxy_busy_buffers_size 512k; proxy_temp_file_write_size 512k; proxy_ignore_client_abort on; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain text/css application/json application/x-javascript text/xml text/javascript image/png image/jpgi application/javascripti image/jpeg; gzip_vary on; log_format log '$remote_addr - $remote_user [$time_local] "$request" "$request_body" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for'; log_format tongji '$remote_addr\t-\t$remote_user\t$time_iso8601\t' '$request_method\t$uri\t?$query_string\t$scheme\t' '$status\t$body_bytes_sent\t"$http_referer"\t$request_method' '"$http_user_agent"\t"$http_x_forwarded_for"\t'; include vhosts/*.conf ; } 关于 include vhosts/*.conf ;
/usr/local/nginx/conf/vhosts# cat apapi.domain.com.conf server { listen 443; server_name apapi.domain.com; index index.html index.htm index.php; root html; access_log /usr/local/nginx/logs/apapi.domain.com_access.log; ssl on; ssl_certificate /usr/local/nginx/conf/sslkey/domain.com.pem; ssl_certificate_key /usr/local/nginx/conf/sslkey/domain.com.key; ssl_session_timeout 5m; #ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1; ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://apapi/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 30s; proxy_read_timeout 30s; proxy_ignore_client_abort on; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; access_log off; } error_page 404 /404.html; location = /404.html { root html; access_log off; } error_page 403 /403.html; location = /403.html { root html; access_log off; } location /tengine_status { check_status; access_log off; allow 172.30.0.0/23; deny all; } location /nginx_status { stub_status on; access_log off; allow 172.30.0.0/23; deny all; } } 这个就是一个最简单配置,个人觉得也不用理会什么正反【当然理解会更好】,反正就是使用
而且要说正反,应该也是针对的把谁定义为服务端,或者客户端的关系。
综上。