Shulou(Shulou.com)06/03 Report--

Nginx reverse proxy, virtual host

1. Configure virtual host

1. Configure virtual hosts based on port

1.1 profile:

[root@localhost conf.d] # vim vhost.conf server {listen 8080; root / usr/share/nginx/html; location / {}} server {listen 8081; root / usr/share/nginx/html; location / {}}

1.2 Verification:

two。 Configure virtual hosts based on IP addresses:

2.1 profile:

[root@localhost conf.d] # vim vhost.conf server {listen 172.20.10.9 listen 8080; root / usr/share/nginx/html; location / {}} server {listen 172.20.10.11 virtual 8080; root / usr/share/nginx/html; location / {}}

2.2 Verification:

3. Configure virtual host based on domain name

3.1nginx profile:

[root@localhost conf.d] # vim vhost.conf server {listen 80; server_name www.a.com; root / data/a/html; location / {}} server {listen 80; server_name www.b.com; root / data/b/html; location / {}}

3.2 configure root paths for virtual hosts respectively

[root@localhost /] # mkdir-pv / data/a/html/ [root@localhost html] # vim / data/a/html/index.html www.a.com [root@localhost /] # mkdir-pv / data/b/html/ [root@localhost html] # vim / data/b/html/index.html www.b.com

3.3client side configuration hosts file

Configure the hosts file for the windows host under C:\ Windows\ System32\ drivers\ etc:

(4) Verification:

2. Nginx reverse proxy:

1. Reverse proxy configuration parameters:

1.1proxy_pass:

It is used to set the backend server host to which the client request is forwarded, either by hostname, IP address: Port, or by proxy to a preset host group, which needs module ngx_http_upstream_module support.

Location / web {index index.html proxy_pass http://172.20.10.8:80; # the / web that will be accessed without a slash is equal to the access to the back-end server http://172.20.10.8/web/index.html, that is, the root directory of the site configured by the back-end server can only be accessed with the web directory This is an operation that appends / web to the back-end server http://servername:port/WEB/INDEX.HTML, proxy_pass http://172.20.10.8:80/ # with a slash, which is equal to accessing the http://172.20.10.8:80/index.html content of the back-end server and returning the client}

1.2proxy_hide_header

# when nginx is used as a reverse proxy, when the client http response is returned, the information of the corresponding header of the back-end server version is hidden, which can be set in the http/server or location block

Location / web {index index.html; proxy_pass http://172.20.10.8:80; proxy_hide_header ETag;}

1.3 proxy_pass_request_body on | off

# whether to HTTP the packet part of the backend server, which can be set in http/server or location block. Default is enabled.

1.4 proxy_pass_request_headers on | off

# whether to forward the request header of the client to the backend server, which can be set in http/server or location block. Default is enabled.

1.5proxy_set_header

# you can change or add the content of the request header of the client and forward it to the back-end server. For example, when the back-end server wants to obtain the real IP of the client, you need to change the header of each header, as follows:

Proxy_set_header X-Forward-For $proxy_add_x_forward_for

# proxy_set_header HOST $remote_addr

# add HOST to the header of the message. If the client is NAT, then it is the real public network IP address shared by the client.

1.6proxy_hide_header field:

# used to hide the response header specific to the backend server. By default, nginx does not pass the header field Date,Server,X-Pad,X-Accel of the backend server in the response message.

1.7proxy_connect_timeout 60

# configure the timeout for trying to establish a connection between the nginx server and the backend server. Default is 60s.

Proxy_connect_timeout 60s

60s is the timeout for custom nginx to establish a connection with the back-end server

1.8proxy_read_time time

# configure the timeout for waiting after nginx server initiates read read request to backend server or server group. Default is 60s.

Proxy_send_time time

# configure the timeout for waiting after a nginx backend server or server group initiates a write request. Default is 60s.

1.9proxy_http_version 1.0:

# it is used to set the version of HTTP protocol that nginx provides proxy service. Default is http1.0.

1.10proxy_ignore_client_abort off

# when the client network is interrupted, the nginx server interrupts its request to the back-end server. That is, if this setting is set to ON, the server ignores the client interrupt and waits for the proxy server to perform the return. If set to off, nginx will also interrupt the client and log immediately after the client interrupt. The default is off.

1.11proxy_headers_hash_bucket_size 64

# when configuring proxy_hide_header and proxy_set_header, it is used to set the upper limit of the hash table on which nginx saves HTTP messages.

Proxy_headers_hash_max_size 512

# set the maximum available space for proxy_headers_hash_max_size

Server_name_hash_bucket_size 512

# set the application space size for server_name_hash table

Server_names_hash_size 512

# set the upper limit size of the hash table for service names

two。 Reverse proxy example:

2.1 single web server

Location / {proxy_pass http://172.20.10.8;}

2.2 specify location

Location / web {proxy_pass http://172.20.10.8:80/;}

Pay attention to the following /

Test:

[root@node7 ~] # curl 172.20.10.9/web172.20.10.8 index page

3 caching function:

3.1proxy_cache zone | off; default off

# indicate the caching of the call or disable the caching mechanism; Context:http, server, location

3.2proxy_cache_key string

# content used for "key" in the cache. Default value: proxy_cache_key $scheme$proxy_host$request_uri

3.3proxy_cach# defines how long to cache the response content of a specific response code, as defined in http {.}

Example:

Proxy_cache_valid 200 302 10m governance cacheology valid 404 1m politics eigenvalid [code...] Time

3.4proxy_cache_path

Define the cache that can be used for proxy functions; Context:http

Proxy_cache_path path [levels=levels] [use_temp_path=on | off] keys_zone=name: Sze [inactive = time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on | off] [purger_files=number] [purger_sleep=time] [purger_threshold=time]

Example: define cache information in http configuration

Proxy_cache_path / var/cache/nginx/proxy_cache # defines the cache save path, and proxy_cache automatically creates levels=1:2:2 # defines the cache directory structure hierarchy. At 1:2:2, it can generate 2 ^ 4x2 ^ 8x2 ^ 8 = 1048576 directories keys_zone=proxycache:20m # refers to the size of the cache in memory, which is mainly used to store key and metadata (e.g. number of uses) inactive=120s # cache effective time max_size=1g; # maximum disk footprint, maximum cache space for disk storage of file content

3.The caching function needs to be defined in the corresponding configuration segment, such as server {...}; or location, etc.

Proxy_cache proxycache

Proxy_cache_key $request_uri

Proxy_cache_valid 200 302 301 1h

Proxy_cache_valid any 1m

3.6proxy_cache_use_stale

# in which case of the proxied backend server, the expired cache can be used directly to respond to the client

Proxy_cache_use_stale error | timeout | invalid_header | updating | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | off; # default is off3.7proxy_cache_methods GET | HEAD | POST.

# caches the responses corresponding to which client request methods. GET and HEAD methods are always cached

3.8proxy_set_header field value

# set the value of the request header of the request message sent to the backend host Context: http, server, locationproxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; the standard format of the request message is as follows: X-Forwarded-For: client1, proxy1, proxy2

3.9 Cache configuration:

Proxy_cache_path / data/nginx/proxycache levels=1:1:1 keys_zone=proxycache:20m inactive=120s max_size=1g;location / web {proxy_pass http://172.20.10.8:80; proxy_set_header clientip $remote_addr; proxy_cache proxycache; proxy_cache_key $request_uri; proxy_cache_valid 200 302 301 1h; proxy_cache_valid any 1m;}

4. Add header message information:

4.1nginx can add a specified key and a value of # to a custom header based on the module ngx_http_headers_module, as follows:

Add_header name value [always]; add_header X-Via $server_addr;add_header X-Cache $upstream_cache_status;add_header X-Accel $server_name;add_trailer name value [always]; add the tail of custom response information, supported after version 1.13.2

4.2nginx configuration:

Location / web {proxy_pass http://172.20.10.8:80; proxy_set_header clientip $remote_addr; proxy_cache proxycache; proxy_cache_key $request_uri; proxy_cache_valid 200 302 301 1h; proxy_cache_valid any 1m; add_header X-Via $server_addr Add_header X-Cache $upstream_cache_status; add_header X-Accel $server_name;}

4.3 verify header information:

5. Reverse proxy Advanced applications:

Nginx can provide server grouping based on ngx_http_upstream_module module

Advanced functions such as forwarding, weight distribution, state monitoring, scheduling algorithm, etc.

5.1http_upstream_module configuration parameters

Upstream name {} # customize a set of servers and configure server address [parameters] in http; # configure a back-end web server, configured in upstream, with at least one server server configuration. The parameters supported by # server is as follows: weight=number # sets the weight. Default is 1. Max_conns=number # sets the maximum number of active links for the current server. The default is 0, which means there is no limit. Max_fails=number # marks as unavailable how many times it fails to monitor the back-end server continuously. The single monitoring timeout of fail_timeout=time # for backend servers is 10 seconds by default. Backup # is set as the backup server, and the secondary server will be re-enabled when all servers are unavailable. Down # is marked as down status. Resolve # when server defines a hostname, when the A record changes, the new IP is automatically applied without restarting Nginx. Hash KEY consistent;# calculates hash based on the specified key and uses consistent parameters. Ketama consistent hash algorithm is used, which is suitable for use when the backend is a Cache server (such as varnish). The consistent definition uses consistent hash operation, and the consistent hash is based on modular operation. The so-called modular operation is to calculate the remainder after the division of two numbers, such as 10% 7% 3, 7%4=3hash $request_uri consistent; # haship_hash;# source address hash scheduling method based on the uri requested by the user, and the client remote_addr (source address) based on hash calculation to achieve session persistence, least_conn;# least connection scheduling algorithm, giving priority to scheduling client requests to the back-end server with the least number of connections.

5.2 reverse proxy configuration example-multiple web servers:

Upstream webserver {# hash $request_uri consistent; # ip_hash; # least_conn; server 172.20.10.10 request_uri consistent; 80 weight=1 fail_timeout=5s max_fails=3; server 172.20.10.8 least_conn; server 172.20.10.9 least_conn; server 80 weight=1 fail_timeout=5s max_fails=3 backup } location / web {index index.html; proxy_pass http://webserver/;}

5.3 reverse proxy example-client IP transparently:

(1) nginx configuration file:

Upstream webserver {# hash $request_uri consistent; # ip_hash; # least_conn; # server 172.20.10.10 ip_hash; 80 weight=1 fail_timeout=5s max_fails=3; server 172.20.10.8 least_conn; 80 weight=1 fail_timeout=5s max_fails=3; server 172.20.10.9 request_uri consistent; 80 weight=1 fail_timeout=5s max_fails=3 backup;} location / web {index index.html Proxy_pass http://webserver/; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}

(2) backend httpd server configuration

[root@node6 conf] # vim httpd.conf # # The following directives define some format nicknames for use with # a CustomLog directive (see below) # LogFormat "% {X-Forwarded-For} I% h% l% u% t\" r\ "% > s% b\"% {Referer} I\ "\"% {User-Agent} I\ "" combined

# restart apache to access the web interface and verify the apache log:

[root@node6 conf] # tail-2 / var/log/httpd/access_log-172.20.10.2-- [01/Dec/2019:15:45:21 + 0800] "GET / web/ HTTP/1.1" 20022 "-" Mozilla/5.0 (Windows NT 10.0; Win64; x64 Rv:70.0) Gecko/20100101 Firefox/70.0 "- 172.20.10.2-- [01/Dec/2019:15:45:21 + 0800]" GET / favicon.ico HTTP/1.1 "404209"-"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0"

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.