nginx 反向代理
nginx 七层负载
在nginx.conf主配置文件中添加:
include /usr/local/nginx/conf.d/*.conf;
编辑conf.d下的配置文件:
1 [root@nginx conf]# cat ../conf.d/vhost.conf
2 upstream tomcat {
3 server X.X.X.X:443 weight=100;
4 }
5 upstream raptor_tomcat {
6 server X.X.X.X:8081 weight=100;
7 }一)https反向代理
1 server {
2 listen 8443 ssl;
3 server_name *.example.cn;
4 root html;
5 ssl on;
6 ssl_certificate /usr/local/nginx/certs/example.crt;
7 ssl_certificate_key /usr/local/nginx/certs/example.cn.key;
8 ssl_session_cache shared:SSL:20m;
9 ssl_session_timeout 20m;
10 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
11 access_log /var/log/nginx/example_https.log;
12 location / {
13 proxy_http_version 1.1;
14 proxy_set_header Connection "";
15 proxy_pass http://raptor_tomcat;
16 #Proxy Settings
17 proxy_redirect off;
18 proxy_set_header Host $host;
19 proxy_set_header X-Real-IP $remote_addr;
20 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
21 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
22 proxy_max_temp_file_size 0;
23 proxy_ignore_client_abort on;
24 proxy_connect_timeout 90;
25 proxy_send_timeout 90;
26 proxy_read_timeout 90;
27 proxy_buffer_size 4k;
28 proxy_buffers 4 32k;
29 proxy_busy_buffers_size 64k;
30 proxy_temp_file_write_size 64k;
31 }
32 }##如果后端代理的同样是一个https的服务,则需要把红色位置改成 proxy_pass https://tomcat; 一个大坑,特别需要留意是使用https。
二)http代理:
[root@nginx conf]# cat ../conf.d/http.conf
server {
listen 18001;
access_log /var/log/nginx/example_http.log;
location /status {
stub_status on;
access_log off;
allow 127.0.0.1;
allow 10.0.17.27;
allow 10.0.1.142;
deny all;
}
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass https://tomcat;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_ignore_client_abort on;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
nginx 四层负载
nginx自nginx-1.9以后支持七层负载均衡的同时也兼备了四层负载均衡,但是需要加入--with-stream模块
如果一开始没有编译到nginx中,可以使用nginx -V来查看当时的编译参数,例如:
[root@nginx sbin]# ./nginx -V nginx version: nginx/1.14.0 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lo ck-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --http-client-body-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fcgi --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre --with-file-aio --with-http_secure_link_module
只需要在后面添加--with-stream 然后make 不用make install 不然就会覆盖之前的
配置负载均衡:
1 stream {
2 upstream zifangsky {
3 hash $remote_addr consistent;
4 server X.X.X.X:8080;
5 }
6 server {
7 listen 8080;
8 proxy_connect_timeout 5s;
9 proxy_timeout 5s;
10 proxy_pass zifangsky;
11 }
12 }##千万记住不要配置到http里面,网上一些博客写的都是配置到了http里面,巨坑!!!
四层tcp代理到https
stream {
upstream zifangsky {
hash $remote_addr consistent;
server X.X.X.X:8080;
}
server {
listen 8080 ssl;
proxy_connect_timeout 5s;
proxy_timeout 5s;
proxy_pass zifangsky;
}需要添加stream的ssl模块 --with-stream_ssl_module