Shulou(Shulou.com)06/02 Report--

This article mainly explains how to solve the network isolation of Nginx, the content is clear, interested friends can learn, I believe it will be helpful after reading.

Demand

Recently, Node online services need to be migrated, so two new online servers have been applied for.

After deploying the server, you need to verify that the service is normal, and that the office environment is isolated from the online environment network and cannot be accessed directly; however, the online server can be accessed through the deployment server, while the office network can access the deployment machine.

Therefore, by configuring the agent on the deployment machine, the office environment requests the deployment machine, and then proxies the request to the online service to verify whether the service is normal.

The entire network structure is shown in the following figure:

Nginx installation

download

Download page: http://nginx.org/en/download.html selected version right mouse button copy link address

# download [work@40-10-14 opt] $wget http://nginx.org/download/nginx-1.18.0.tar.gz# decompression file [work@40-10-14 opt] $tar-xvf nginx-1.18.0.tar.gz

Installation

# 1. Default installation: root permission to enter the extracted directory, execute the following command to install [root@40-10-14 nginx-1.18.0] #. / configure & & make & & make install# 2. Specified directory: install to the specified / opt/nginx directory [work@40-10-14 opt] $mkdir / opt/nginx [work@40-10-14 nginx-1.18.0] $. / configure-- prefix=/opt/nginx & & make & & mae install

Default installation, non-root permissions will report the following error

Mkdir: cannot create directory `/ usr/local/nginx': Permission deniedmake [1]: * * [install] Error 1make [1]: Leaving directory` / opt/nginx-1.18.0'make: * [install] Error 2

After the default installation, look at the installation directory of nginx and you can see that it is installed in the / usr/local/nginx directory

[root@40-10-14 opt] # whereis nginxnginx: / usr/local/nginx

1. It is recommended to install in the specified directory. If you switch to root permission to install, root permission is also required for subsequent modifications of config files.

two。 Or after root is installed, it is OK to change the permissions to ordinary users.

Add soft chain

Add a soft chain to make the nginx command accessible globally, without having to switch to the installation directory each time you run it.

# add soft chain [root@40-10-14 sbin] # ln-s / opt/nginx/sbin/nginx / usr/local/bin/# View version [root@40-10-14 sbin] # nginx-vnginx version: nginx/1.18.0

Common command

Start: nginx stop: nginx-s stop restart: nginx-s reload help command: nginx-h

Force stop:

# View linux process id [root@40-10-14 ~] # ps-ef | grep nginxnobody 45198 10 16:12? 00:00:00 nginx: worker processroot 51261 50692 0 17:00 pts/0 00:00:00 grep nginx# shutdown process [root@40-10-14 ~] # kill 45198# processes have been shut down [root@40-10-14 ~] # ps-ef | grep nginxroot 51277 50692 0 17:00 pts/0 00:00:00 grep nginx

Configure the agent

Configure request forwarding for two machines, and edit the nginx/conf/nginx.conf file in the nginx installation directory

# user nobody;worker_processes 1 the errorless log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;events {worker_connections 1024;} http {include mime.types; default_type application/octet-stream # log_format main'$remote_addr-$remote_user [$time_local] "$request" #'$status $body_bytes_sent "$http_referer" #'"$http_user_agent"$http_x_forwarded_for"; # access_log logs/access.log main; sendfile on; # tcp_nopush on; # keepalive_timeout 0; keepalive_timeout 65; # gzip on # requests need to be forwarded to the following two machines to split the traffic equally; specify IP and port upstream zpserver {server xx.xx.xx.22:10001; server xx.xx.xx.23:10001;} server {# nginx service port 80 listen 80; server_name localhost; # charset koi8-r; # access_log logs/host.access.log main # / user root path requests are forwarded to location / user {root html; index index.html index.htm; proxy_pass http://zpserver;} # error_page 404 / 404.html; # redirect server error pages to the static page / 50x.html # error_page 500502 503 504 / 50x.hml; location = / 50x.html {root html } # proxy the PHP scripts to Apache listening on 127.0.0.1 location 80 # location ~. Php$ {# proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1 proxy_pass 9000 # # location ~. Php$ {# root html; # fastcgi_pass 127.0.1 location 9000; # fastcgi_index index.php # fastcgi_param SCRIPT_FILENAME / scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # # location ~ /\ .ht {# deny all; #} # another virtual host using mix of IP-, name-, and port-based configuration # # server {# listen 8000; # listen somename:8080 # server_name somename alias another.alias; # location / {# root html; # index index.html index.htm; #} #} # HTTPS server # # server {# listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m # ssl_prefer_server_ciphers on; # location / {# root html; # index index.html index.htm; #} #}}

Note: after modifying the configuration file of nginx, you need to run nginx-s reload to take effect.

Verification

Since many online services need to be logged in, you need to use a domain name instead of IP, because cookie is bound to a domain name.

To solve this problem, it is easy to configure native host.

# IP is Nginx server IPxx.xx.xx.14 xxx.daojia.com

Through the above configuration, if you request xxx.daojia.com on the local browser, you can indirectly access the online service through the Nginx on the deployment machine, so as to test whether the service is correct in the private network; when the service is normal, you can switch the online traffic over.

After reading the above content, do you have a further understanding of how Nginx solves the network isolation? if you want to learn more, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.