Shulou(Shulou.com)06/01 Report--

This article mainly explains "how CentOS configures Nginx reverse proxy". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how CentOS configures Nginx reverse proxy".

Description of reverse proxy and demonstration environment

1. Reverse proxy

In a computer network, a reverse proxy is a proxy server that retrieves resources from one or more servers on behalf of clients. These resources are then returned to the client as if they were derived from the Web server itself. In contrast to a forward proxy, a forward proxy is an intermediary for a client associated with it to contact any server, and a reverse proxy is an intermediary for any client to contact its associated server.

For more information about forward agents, please refer to: configuring Nginx forward agents based on CentOS 7

2. Several servers in this demo

II. General reverse proxy configuration

1. Backend server configuration (Apache)

Backend Apache server hostname and IP

# hostname centos7-web.example.com# more / etc/redhat-release CentOS Linux release 7.2.1511 (Core) # ip addr | grep inet | grep global inet 172.24.8.128 take 24 brd 172.24.8.255 scope global eno16777728# systemctl start httpd.service# echo "This is a httpd test page." > / var/www/html/index.html# curl http://localhost This is a httpd test page.

2. Configuration of front-end Nginx reverse proxy server

Hostname and IP of the front-end Nginx server

# hostname centos7-router # more / etc/redhat-release CentOS Linux release 7.2.1511 (Core) # ip addr | grep inet | grep global inet 172.24.8.254 scope global eno16777728 inet 24 brd 172.24.8.255 scope global eno16777728 inet 192.168.1.175 scope global dynamic eno33554960 24 brd 192.168.1.255

Nginx version

# nginx-V nginx version: nginx/1.10.2

Add a new profile to use as a reverse proxy

# vim / etc/nginx/conf.d/reverse_proxy.conf server {listen 8090; server_name localhost; location / {proxy_pass http://172.24.8.128; # reverse proxy core instruction proxy_buffers 256 4k; proxy_max_temp_file_size 0; proxy_connect_timeout 30; proxy_cache_valid 200 302 10m; proxy_cache_valid 301 1h; proxy_cache_valid any 1m } # systemctl reload nginx# ss-nltp | grep nginx | grep 8090LISTEN 0 128 *: 8090 *: * users: (("nginx", pid=78023,fd=8), ("nginx", pid=78021,fd=8)) # curl http://localhost:8090 # # based on local test This is a httpd test page.

View Apache server log

# more / var/log/httpd/access_log # # request IP address is 172.24.8.254, and this IP172.24.8.254 is also 172.24.8.254 when requested from other machines-[30/Oct/2017:14:02:38 + 0800] "GET / HTTP/1.0" 20027 "-" curl/7.29.0 "

3. Reverse proxy server and back-end server log format settings

Add the proxy_set_header directive to the Nginx server, modified as follows

# grep proxy_set_header-B2 / etc/nginx/conf.d/reverse_proxy.conf location / {proxy_pass http://172.24.8.128; proxy_set_header X-Real-IP $remote_addr;} # systemctl reload nginx.service

Apache log format settings for backend servers

# vim / etc/http/conf/httpd.conf# LogFormat "% h% l% u% t\"% r\ "% > s% b\"% {Referer} I\ "\"% {User-Agent} I\ "" combined # comment this line Add the next line LogFormat "% {X-Real-IP} I% u% t\"% r\ "% > s% b\"% {Referer} I\ "\"% {User-Agent} I\ "" combined # key description {X-Real-IP} i# ip addr | grep inet | grep global # access inet 192.168.1.244 brd 192.168.1.255 scope global eth0# curl http://192.168.1. from a 1.132 host 175 8090 # access This is a httpd test page# from 1.244 host to view apache access log again The following is no longer the proxy server IP address, which appears as 1.244 192.168.1.244-[30/Oct/2017:15:49:07 + 0800] "GET / HTTP/1.0" 20027 "-" curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh3/1.4.2 "3. Reverse proxy based on directory matching

The back-end server is configured with Nginx

# more / etc/redhat-release # # os platform and ip address CentOS release 6.7 (Final) # ip addr | grep eth0 | grep global inet 192.168.1.132 and 24 brd 192.168.1.255 scope global eth0# nginx-v # # nginx version nginx version: nginx/1.10.2# mkdir-pv / usr/share/nginx/html/images # # create an image directory mkdir: created directory `/ usr/share/nginx/html/images'# cp / usr/share/backgrounds/nature/* .jpg / usr/share/nginx/html/images/. # # copy image file # cp / etc/nginx/conf.d/default.conf / etc/nginx/conf.d/default.conf.bk# vim / etc/nginx/conf.d/default.conf # # modify the default configuration file server {listen 80 default_server; listen [::]: 80 default_server; server_name _; root / usr/share/nginx/html;# Load configuration files for the default server block directly here. Include / etc/nginx/default.d/*.conf; location / {} location / images {alias / usr/share/nginx/html/images; # # aliases are configured here} error_page 404 / 404.html; location = / 40x.html {} error_page 500502 503504 / 50x.hml; location = / 50x.html {}} # / etc/init.d/nginx reloadReloading nginx: [OK]

Front-end Nginx configuration

# vim / etc/nginx/conf.d/reverse_proxy.conf server {listen 8090; server_name localhost; location / {proxy_pass http://172.24.8.128; proxy_set_header X-Real-IP $remote_addr;} location / images {# # Agent the files in the images directory to 192.168.1.132 proxy_pass http://192.168.1.132; proxy_set_header X-Real-IP $remote_addr;} # systemctl reload nginx

Verify the agent and test the request for jpg files in the images directory when ip is 192.168.1.244

# ip addr | grep inet | grep global inet 192.168.1.244 scope global eth0# curl 24 brd 192.168.1.255 scope global eth0# curl-I http://192.168.1.175:8090/images/Garden.jpg HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Tue, 31 Oct 2017 01:48:18 GMT Content-Type: image/jpeg Content-Length: 264831 Connection: keep-alive Last-Modified: Mon 30 Oct 2017 08:21:28 GMT ETag: "59f6e108-40a7f" Accept-Ranges: bytes IV, reverse proxy configuration based on specific file types

Php server-side configuration (ip 192.168.1.132)

# ss-nltp | grep php LISTEN 0 128 192.168.1.132 users 9000 *: * users: ("php-fpm", 7147 8), ("php-fpm", 7148J 0), ("php-fpm" 7149etc/init.d/nfslock start# 0) # mkdir-pv / data # store the php code # echo "/ data 192.168.1.0 rw" > / etc/exports# / etc/init.d/rpcbind start# / etc/init.d/nfslock start# / etc/init.d/nfs start# echo "> / data/index.php

Nginx proxy configuration (ip 192.168.1.175)

# mkdir / data# mount-t nfs 192.168.1.132:/data / data# ls / data index.php# vim / etc/nginx/conf.d/reverse_proxy.conf server {listen 8090; server_name localhost; location / {proxy_pass http://172.24.8.128; proxy_set_header X-Real-IP $remote_addr;} location / images {proxy_pass http://192.168.1.132; proxy_set_header X-Real-IP $remote_addr } location ~\ .php$ {root / data; fastcgi_pass 192.168.1.132 data; fastcgi_pass 9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME / scripts$fastcgi_script_name; include fastcgi_params;}} # systemctl restart nginx

Test reverse proxy to php

[root@ydq05 ~] # ip addr | grep inet | grep global inet 192.168.1.244 take 24 brd 192.168.1.255 scope global eth0 [root@ydq05 ~] # curl-I http://192.168.1.175:8090/index.php HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Tue, 31 Oct 2017 03:22:59 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.0 V, reverse proxy based on upstream configuration to tomcat

The Nginx upstream directive can also proxy the request to the back-end server as shown in the following example, combined with the upstream instruction to demonstrate proxying it to tomcat

# vim / etc/nginx/conf.d/tomcat.confupstream app {server localhost:8080; keepalive 32;} server {listen 80; server_name localhost; location / {proxy_set_header Host $host; proxy_set_header x-for $remote_addr; proxy_set_header x-server $host; proxy_set_header x-agent $http_user_agent; proxy_pass http://app; } [root@node132 conf.d] # ss-nltp | grep javaLISTEN 0 1:: ffff:127.0.0.1:8005: * users: (("java", 39559 users 45)) LISTEN 0 100: 8009: * users: (("java", 39559J.43)) LISTEN 0 100: 8080: * users: (("java") 39559 573.el6.x86_64Architecture 42) tomcat version [root@node132 conf.d] # / usr/local/tomcat/bin/catalina.sh versionUsing CATALINA_BASE: / usr/local/tomcatUsing CATALINA_HOME: / usr/local/tomcat.... Server version: Apache Tomcat/7.0.69Server built: Apr 11 2016 07:57:09 UTCServer number: 7.0.69.0OS Name: LinuxOS Version: 2.6.32-573.el6.x86_64Architecture: amd64JVM Version: 1.7.0_79-b15JVM Vendor: Oracle Corporation verification result # curl http://localhost. VI. Description of proxy module instructions

There are many configuration instructions available to the proxy module, which are used to define many properties of the proxy module when it works, such as the connection timeout, the use of the http protocol version when the agent is acting, and so on. The following is a brief description of the commonly used instructions.

The maximum interval for proxy_read_timeout    to receive read operations from the receiving upstream server twice before the connection is disconnected

An example is as follows:

Proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 30; proxy_send_timeout 15; proxy_read_timeout 15 Thank you for reading, the above is the content of "how to configure Nginx reverse proxy for CentOS". After the study of this article, I believe you have a deeper understanding of how to configure Nginx reverse proxy for CentOS, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.