Nginx07---反向代理
小程序使用nginx反向代理https和wss
user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
include mime.types;
#include luawaf.conf;
include proxy.conf;
default_type application/octet-stream;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
access_log off;
server
{
listen 888;
server_name www.bt.cn;
index index.html index.htm index.php;
root /www/server/phpmyadmin;
#error_page 404 /404.html;
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /www/wwwlogs/access.log;
}
server {
listen 443 http2;
server_name www.kangyuzhe.com;
ssl on;
ssl_certificate /www/server/nginx/1_www.kangyuzhe.com_bundle.crt;
ssl_certificate_key /www/server/nginx/2_www.kangyuzhe.com.key ;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location ^~/ {
proxy_pass http://106.13.37.131:80;
proxy_set_header Accept-Encoding "";
proxy_set_header Referer "http://106.13.37.131/";
add_header Access-Control-Allow-Origin *;
sub_filter 'http://106.13.37.131' 'https://www.kangyuzhe.com';
sub_filter_types text/css text/xml text/html text/javascript application/json application/javascript;
sub_filter_once off;
}
location ~* \.(?:css|js|ttf|woff|svg|ico|png|jpg)$ {
proxy_set_header Accept-Encoding "";
proxy_set_header Referer "http://106.13.37.131/";
proxy_pass http://106.13.37.131/$request_uri;
add_header Access-Control-Allow-Origin *;
sub_filter 'http://106.13.37.131' 'https://www.kangyuzhe.com';
sub_filter_types text/css text/xml text/html text/javascript application/javascript application/json;
sub_filter_once off;
}
location /ws/chat{
proxy_pass http://106.13.37.131:80;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Origin "";
}
}
include /www/server/panel/vhost/nginx/*.conf;
}map指令的作用:
根据客户端请求中$http_upgrade 的值,来构造改变$connection_upgrade的值
即根据变量$http_upgrade的值创建新的变量$connection_upgrade,
创建的规则就是{}里面的东西。其中的规则没有做匹配,因此使用默认的.
即 $connection_upgrade 的值会一直是 upgrade。然后如果 $http_upgrade为空字符串的话,
那值会是 close。
以上是nginx配置websocket,下面是由于自己在配置的时候发现对nginx还很生疏,就进行学习
什么是反向代理?
1、 proxy_pass:配置反向代理的路径。 需要注意的是如果 proxy_pass 的 url 最后为 /,则表示绝对路径。
否则(不含变量下)表示相对路径,所有的路径都会被代理过去
反向代理是指以代理服务器来接受网络上的连接请求, 然后将请求转发给内部网络上的服务器,
并将从服务器上得到的结果返回给请求连接的客户端, 此时代理服务器对外就表现为一个反向代理服务器。
什么是负载均衡?
2、 upstream:配置负载均衡,upstream 默认是以轮询的方式进行负载, 另外还支持四种模式,分别是:
(1)weight:权重,指定轮询的概率,weight 与访问概率成正比
(2)ip_hash:按照访问 IP 的 hash 结果值分配
(3)fair:按后端服务器响应时间进行分配,响应时间越短优先级别越高
(4)url_hash:按照访问 URL 的 hash 结果值分配
其背后一般有多台 server,系统会根据配置的策略 (例如 Nginx 有提供四种选择)来进行动态调整,
尽可能的达到各节点均衡,从而提高系统整体的吞吐量和快速响应
eg:
upstream api.niu12.com {
server 127.0.0.1:8001;
server 127.0.0.1:8002;
}
server {
listen 80;
server_name api.niu12.com;
location / {
proxy_pass http://api.niu12.com/;
}
}