Jump to content
新域网络技术论坛

Nginx反向代理配置备忘


Jamers
 Share

Recommended Posts

传统网络结构中经常会出现这么个情况,有两个不同的业务存在于两台服务器上,都使用80端口。外网访问只能够选择一个业务或者需要使用其它端口,导致诸多不便,然后此想法应运而生:采用统一入口分流或者均衡访问请求,我选择了Nginx,相对轻量,如果有静态页面也可以直接使用它进行缓存以减轻其它服务器的压力,这里就没有涉及,有需要的朋友自行调整吧。

 

首先在入口服务器上安装nginx,如果有防火墙或者路由器的把80端口直接给它。安装过程相对简单,不说了,放上配置文件。

 

/usr/local/etc/nginx/nginx.conf


#user  nobody;
user www www;
worker_processes  1;

error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    include /usr/local/etc/nginx/conf/reverse-proxy.conf;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    log_format resv   '$HTTP_X_REAL_IP - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" $HTTP_X_Forwarded_For';

    access_log  logs/access.log  resv;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;

    client_max_body_size 50m; #缓冲区代理缓冲用户端请求的最大字节数,可以理解为保
    client_body_buffer_size 256k;
    client_header_timeout 3m;
    client_body_timeout 3m;
    send_timeout 3m;
    proxy_connect_timeout 300s; #nginx跟后端服务器连接超时时间(代理连接超时)
    proxy_read_timeout 300s; #连接成功后,后端服务器响应时间(代理接收超时)
    proxy_send_timeout 300s;
    proxy_buffer_size 64k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小
    proxy_buffers 4 32k; #proxy_buffers缓冲区,网页平均在32k以下的话,这样设置
    proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2)
    proxy_temp_file_write_size 64k; #设定缓存文件夹大小,大于这个值,将从upstrea
    proxy_ignore_client_abort on; #不允许代理端主动关闭连接
    
    server {
        listen       80 default;
        server_name  localhost;

        charset utf-8;

        #access_log  logs/host.access.log  main;
    
        location / {
            root   /usr/local/www/nginx;
            index  index.html index.htm;
        }
    
        #error_page  404              /404.html;
    
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }
        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}
    
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }
        
          
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000; 
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;
        
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
          
    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

/usr/local/etc/nginx/conf/reverse-proxy.conf

upstream zomew {
        server 192.168.1.81;
}

upstream temp {
        server 192.168.1.120;
}

server
{
        listen 80;
        server_name t1.zomew.com;
        location / {
                proxy_redirect off;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://zomew$request_uri;
        }
        access_log logs/t1_access.log;
}

server
{
        listen 80;
        server_name t2.zomew.com;
        location / {
                proxy_redirect off;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://temp;
        }
        access_log logs/t2_access.log;
}

Link to comment
Share on other sites

如果反向代理肯定要隐藏原来站点的内容,要另外安装http_subs_filter,另外要注意的是压缩过的修改不了,需要解码后才能替换。重新搞的反向代理配置文件,看一下吧。

 

就proxy_set_header Accept-Encoding "";   这么一句,折腾了我至少二个小时。。就因为这句没加导致怎么测试内容都没有替换回来。

upstream zomew {
        server 192.168.1.81;
}

upstream temp {
        server 192.168.1.120;
}

server
{
        listen 80;
        server_name t1.zomew.com;
        location / {
                default_type text/html;
                subs_filter_types text/css text/xml;
                subs_filter '192.168.1.81' 't1.zomew.com' gi;
                proxy_set_header Accept-Encoding "";
 
                proxy_redirect off;
                proxy_set_header Referer http://192.168.1.81;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://zomew$request_uri;
        }
        access_log logs/t1_access.log;
}

server
{
        listen 80;
        server_name t2.zomew.com;
        location / {
                proxy_redirect off;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://temp;
        }
        access_log logs/t2_access.log;
}

Link to comment
Share on other sites

  • 3 weeks later...

反向代理后获取客户端IP地址需要用以下方式,否则默认将全是NGINX的IP。

<?php
function getip() {
$ip = '';
if ($_SERVER["HTTP_X_REAL_IP"]){
  $ip = $_SERVER["HTTP_X_REAL_IP"];
}elseif ($_SERVER["HTTP_X_FORWARDED_FOR"]){
  $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
}elseif ($_SERVER["HTTP_CLIENT_IP"]){
  $ip = $_SERVER["HTTP_CLIENT_IP"];
}elseif ($_SERVER["REMOTE_ADDR"]){
  $ip = $_SERVER["REMOTE_ADDR"];
}elseif (getenv("HTTP_X_REAL_IP")){
  $ip = getenv("HTTP_X_REAL_IP");
}elseif (getenv("HTTP_X_FORWARDED_FOR")){
  $ip = getenv("HTTP_X_FORWARDED_FOR");
}elseif (getenv("HTTP_CLIENT_IP")){
  $ip = getenv("HTTP_CLIENT_IP");
}elseif (getenv("REMOTE_ADDR")){
  $ip = getenv("REMOTE_ADDR");
}else{
  $ip = "Unknown";
}
return $ip;
}
?>
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...