Shulou(Shulou.com)06/02 Report--

Schematic diagram

# https://coding.net/u/aminglinux/p/nginx/git/blob/master/proxy/pic.md

Nginx forward agent

# https://coding.net/u/aminglinux/p/nginx/git/blob/master/proxy/z_proxy.md

Nginx reverse proxy

# https://coding.net/u/aminglinux/p/nginx/git/blob/master/proxy/f_proxy.md

# caching and caching https://coding.net/u/aminglinux/p/nginx/git/blob/master/proxy/bu_ca.md

Nginx forward proxy configuration

Nginx forward proxy usage scenarios are rare.

Requirement scenario 1:

If in the computer room, only one machine can be connected to the Internet, and the other machines only have an intranet, the machines in the intranet want to use yum to install software packages and configure a forward agent on the machines that can be connected to the Internet.

Nginx forward Agent profile

Server {

Listen 80 default_server

Resolver 119.29.29.29

Location /

{

Proxy_pass http://$host$request_uri;

}

}

Nginx forward Agent configuration execution instructions

Resolver

Syntax: resolver address

Address is the address of the DNS server. DNS 119.29.29.29, which is commonly used in China, is provided by dnspod. International DNS 8.8.8.8 or 8.8.4.4 is provided for google.

For others, please refer to http://dns.lisect.com/

Example: resolver 119.29.29.29

Default_server

The reason why it is set as the default virtual host is that there is no need to set server_name, and any domain name can be accessed normally.

Proxy_pass

This directive is used to set the target url to be proxied, and the forward proxy server setting can keep this fixed value. A detailed explanation of this directive is in the reverse proxy configuration.

The forward proxy proxy_pass we use online is followed by a specific interface address. The private network environment is only used to access this private network address as shown in the figure below.

Nginx reverse proxy configuration

Nginx reverse proxies are widely used in production environments.

Scenario 1:

If the domain name is not put on record, you can resolve the domain name to a CVM in Hong Kong and act as an agent in a foreign CVM, while the data of the website is on the server in the mainland.

Example 1:

Server

{

Listen 80

Server_name aminglinux.com

Location / {proxy_pass http://123.23.13.11/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}

}

Configuration description

Proxy_pass

This instruction has already been used in the forward agent.

The format is simple: proxy_pass URL

URL includes: transport protocol (http://, https://, etc.), hostname (domain name or IP:PORT), uri.

Examples are as follows:

Proxy_pass http://www.aminglinux.com/;

Proxy_pass http://192.168.200.101:8080/uri;

Proxy_pass unix:/tmp/www.sock

There are several situations that need to be noted for the configuration of proxy_pass.

Example 2:

Location / aming/

{

Proxy_pass http://192.168.1.10;

...

}

Example 3:

Location / aming/

{

Proxy_pass http://192.168.1.10/;

...

}

Example 4:

Location / aming/

{

Proxy_pass http://192.168.1.10/linux/;

...

}

Example 5:

Location / aming/

{

Proxy_pass http://192.168.1.10/linux;

...

}

Suppose server_name is www.aminglinux.com

When a http://www.aminglinux.com/aming/a.html is requested, the result accessed by examples 2-5 above is

Example 2: http://192.168.1.10/aming/a.html

Example 3: http://192.168.1.10/a.html

Example 4: http://192.168.1.10/linux/a.html

Example 5: http://192.168.1.10/linuxa.html

Proxy_set_header

Proxy_set_header is used to set the header information received by the proxy server.

Syntax: proxy_set_header field value

Field is the project to be changed, and it can also be understood as the name of the variable, such as host

Value is the value of the variable

If proxy_set_header is not set, the default value of host is the domain name followed by proxy _ pass or IP (usually write IP)

For example, in example 4, when the request is sent to the backend server, the complete request uri is: http://192.168.1.10/linux/a.html

If you set proxy_set_header, such as proxy_set_header host $host

For example, in example 4, the complete uri of the server requested to the backend is: http://www.aminglinux.com/linux/a.html

Proxy_set_header X-Real-IP $remote_addr; and proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for

It is used to set the remote client IP received by the proxy. If it is not set, the IP address of the remote real client will not be transmitted through the header information.

You can test it with the following example:

Example 6 (principal side)

Server {

Listen 8080

Server_name www.aminglinux.com

Root / tmp/123.com_8080

Index index.html

Location / linux/ {

Echo "$host"

Echo $remote_addr

Echo $proxy_add_x_forwarded_for

}

}

Example 7 (on proxy server)

Server {

Listen 80

Server_name www.aminglinux.com

Location / aming/ {proxy_pass http://192.168.1.10:8080/linux/;proxy_set_header host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}

}

Proxy_redirect

This directive is used to modify the Location header field and "refresh" header field in the response header returned by the proxy server.

The grammatical structure is:

Proxy_redirect redirect replacement

Proxy_redirect default

Proxy_redirect off

Example 8:

Server {

Listen 80

Server_name www.aminglinux.com

Index index.html

Location / {proxy_pass http://127.0.0.1:8080;proxy_set_header host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}

}

When the requested link is http://www.aminglinux.com/aming

The result returns 301 and is directed to http://www.aminglinux.com:8080/aming/.

Note: there are several prerequisites for returning 301

Location must be followed by /; the URL after proxy_pass cannot add uri, can only end with IP or IP:port, and cannot end with /; the accessed uri must be a real directory, for example, the aming here must exist, cannot end with /, but can only be www.aminglinux.com/aming

Although these four conditions are harsh, similar requests will be encountered. The solution is to add a line of proxy_redirect http://$host:8080/ /

Example 9:

Server {

Listen 80

Server_name www.aminglinux.com

Index index.html

Location / {proxy_pass http://127.0.0.1:8080;proxy_set_header host $host;proxy_redirect http://$host:8080/ /; proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}

}

Proxy_buffering and proxy_cache of nginx

Both are parameters related to memory settings in the nginx agent.

Proxy_buffering Settin

Proxy_buffering mainly realizes the asynchronism between the data of the proxy server and the request of the client.

For ease of understanding, we define three roles, An is the client, B is the proxy server, and C is the proxied server.

When proxy_buffering is enabled, An initiates a request to BMagazine B and then to C Magistrate C to send the feedback data to the buffer of B.

B then decides when to start transmitting the data to A based on the proxy_busy_buffer_size. In the process, if all buffer is full

The data will be written to temp_file.

Conversely, if proxy_buffering is turned off, the data fed back by C is transmitted to A through B in real time.

The following configurations are for each http request.

Proxy_buffering on

This parameter sets whether to enable the buffer function of proxy. The value of the parameter is on or off.

If this is set to off, then the proxy_buffers and proxy_busy_buffers_size instructions will be invalidated.

However, regardless of whether proxy_buffering is enabled or not, proxy_buffer_size takes effect.

Proxy_buffer_size 4k

This parameter is used to set a special buffer size.

The first part of the response data obtained from the proxied server (C) is stored on the proxy server (B), usually header, in this buffer.

If the parameter setting is too small, a 502 error code will appear because this part of the buffer is not enough to store header information. It is recommended to set it to 4k.

Proxy_buffers 8 4k

This parameter sets the number of buffer stored by the data on the proxy server and the size of each buffer.

The size of all buffer is the product of these two numbers.

Proxy_busy_buffer_size 16k

In all buffer, we need to specify a part of the buffer to transmit its own stored data to A, and this part of the buffer is called busy_buffer.

The proxy_busy_buffer_size parameter is used to set the size of the buffer in the busy state.

My personal understanding of when the data in the buffer on B will be transmitted to An is as follows:

1) if the complete data size is less than the busy_buffer size, when the data transfer is completed, it will be transmitted to An immediately.

2) if the complete data size is not less than the busy_buffer size, send it to An as soon as the busy_buffer is filled.

Proxy_temp_path

Syntax: proxy_temp_path path [level1 level2 level3]

Defines the directory where temporary files for proxy exist and the level of the directory.

Example: proxy_temp_path / usr/local/nginx/proxy_temp 1 2

Where / usr/local/nginx/proxy_temp is the directory where the temporary files are located, 1 indicates that the directory name of level 1 is a number (0-9), and 2 indicates that the directory name of level 2 is 2 digits (00-99)

Proxy_max_temp_file_size

Sets the total size of temporary files, such as proxy_max_temp_file_size 100m

Proxy_temp_file_wirte_size

Sets the total amount of data written to the temporary file at the same time. It is usually set to 8k or 16k.

Proxy_buffer example

Server

{

Listen 80

Server_name www.aminglinux.com

Proxy_buffering on

Proxy_buffer_size 4k

Proxy_buffers 2 4k

Proxy_busy_buffers_size 4k

Proxy_temp_path / tmp/nginx_proxy_tmp 1 2

Proxy_max_temp_file_size 20M

Proxy_temp_file_write_size 8k

Location / {proxy_pass http://192.168.10.110:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}

}

Proxy_cache Settin

Proxy_cache stores the data obtained from C to B (memory + disk) according to the preset rules and keeps them for standby.

When A requests B, B will give the cached data directly to A without having to get it from C.

The prerequisite for proxy_cache-related functions to take effect is that proxy_buffering on needs to be set.

Main parameters of proxy_cache

Proxy_cache

Syntax: proxy_cache zone | off

The default is off, which turns off the proxy_cache function, and zone is the name of the memory area used to store the cache.

Example: proxy_cache my_zone

Starting from nginx version 0.7.66, when the proxy_cache mechanism is turned on, the "Cache-Control" and "Expire" header fields in the HTTP response header of the principal side will be detected.

For example, when Cache-Control is no-cache, data is not cached.

Proxy_cache_bypass

Syntax: proxy_cache_bypass string

This parameter sets when the request does not read the cache but gets the resource directly from the back-end server.

The string here is usually some variable of nginx.

Example: proxy_cahce_bypass $cookie_nocache $arg_nocache$arg_comment

It means that if the values of $cookie_nocache $arg_nocache$arg_comment these variables are not zero or empty,

The response data is not obtained from the cache, but directly from the back-end server.

Proxy_no_cache

Syntax: proxy_no_cache string

This parameter is similar to proxy_cache_bypass and is used to set when it is not cached.

Example: proxy_no_cache $cookie_nocache $arg_nocache $arg_comment

Indicates that data is not cached if only one item of the value of $cookie_nocache $arg_nocache $arg_comment is not zero or empty.

Proxy_cache_key

Syntax: proxy_cache_key string

Define cache key, such as: proxy_cache_key $scheme$proxy_host$uri$is_args$args; (this value is the default value, which is generally not set)

Proxy_cache_path

Syntax: proxy_cache_path path [levels=levels] keys_zone=name:size [inactive=time] [max_size=size]

Path sets the path where cached data is stored

Levels sets the directory level, such as levels=1:2, to indicate that there are two levels of subdirectories, with the first directory name taking the penultimate value of MD5 value and the second directory name taking the second and third values of MD5 value. As shown below:

Image

Keys_zone sets the name and size of the memory zone, such as keys_zone=my_zone:10m

Inactive sets how long the cache will expire. When the cached data on the hard disk has not been accessed within that period, it will become invalid, and the data will be deleted. The default is 10s.

Max_size sets the maximum amount of data that can be cached on the hard disk, and when that value is reached, nginx deletes the least accessed data.

Example: proxy_cache_path / data/nginx_cache/ levels=1:2 keys_zone=my_zone:10m inactive=300s max_size=5g

Proxy_cache example

Http

{

...

Proxy_cache_path / data/nginx_cache/ levels=1:2 keys_zone=my_zone:10m inactive=300s max_size=5g;...;server {listen 80; server_name www.aminglinux.com; proxy_buffering on; proxy_buffer_size 4k; proxy_buffers 24k; proxy_busy_buffers_size 4k; proxy_temp_path / tmp/nginx_proxy_tmp 12; proxy_max_temp_file_size 20m; proxy_temp_file_write_size 8k Location / {proxy_cache my_zone; proxy_pass http://192.168.10.110:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}}

}

Description: the core configuration is the proxy_cache_path line.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.