1、反向代理单台 web 服务器
使用nginx server(192.168.1.51)代理web服务器(192.168.1.52)
![图片[1]-部署反向代理-李佳程的个人主页](http://www.lijiach.com/wp-content/uploads/2022/12/image-5.png)
[root@nginx01 ~]# vim /apps/nginx/conf/conf.d/52.conf
server {
listen 80;
server_name 192.168.1.51;
location / {
proxy_pass http://192.168.1.52/;
}
}
[root@nginx01 ~]# systemctl reload nginx
![图片[2]-部署反向代理-李佳程的个人主页](http://www.lijiach.com/wp-content/uploads/2022/12/image-6.png)
2、指定 location 实现反向代理
2.1、针对指定的loaction
[root@nginx01 ~]# vim /apps/nginx/conf/conf.d/52.conf
server {
listen 80;
server_name 192.168.1.51;
location /static {
proxy_pass http://192.168.1.52/;
}
location / {
index index.html index.php;
root /apps/nginx/html;
}
}
[root@nginx01 ~]# systemctl reload nginx[root@centos79-base01 ~]# curl http://192.168.1.51
192.168.1.51 Hello World
[root@centos79-base01 ~]# curl http://192.168.1.51/static
192.168.1.52 Hello World
2.2、针对特定的资源实现代理
![图片[3]-部署反向代理-李佳程的个人主页](http://www.lijiach.com/wp-content/uploads/2022/12/image-7.png)
[root@nginx01 ~]# vim /apps/nginx/conf/conf.d/52.conf
server {
listen 80;
server_name 192.168.1.51;
location /static {
proxy_pass http://192.168.1.52/;
}
location / {
index index.html index.php;
root /apps/nginx/html;
}
location ~ \.(jp?g|png|bmp|gif)$ {
proxy_pass http://192.168.1.11;
}
}
[root@nginx01 ~]# systemctl reload nginx
![图片[4]-部署反向代理-李佳程的个人主页](http://www.lijiach.com/wp-content/uploads/2022/12/image-8.png)
3、缓存功能
缓存功能默认关闭状态,需要先动配置才能启用
proxy_cache zone_name | off; 默认off
# 指明调用的缓存,或关闭缓存机制;Context:http, server, location
# zone_name 表示缓存的名称.需要由proxy_cache_path事先定义proxy_cache_key string;
# 缓存中用于“键”的内容,默认值:proxy_cache_key $scheme$proxy_host$request_uri;proxy_cache_valid [code ...] time;
# 定义对特定响应码的响应内容的缓存时长,定义在http{...}中
# 示例:
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;proxy_cache_path;
# 定义可用于proxy功能的缓存;Context:http
proxy_cache_path path [levels=levels] [use_temp_path=on|off]
keys_zone=zone_name:size [inactive=time] [max_size=size] [manager_files=number]
[manager_sleep=time] [manager_threshold=time] [loader_files=number]
[loader_sleep=time] [loader_threshold=time] [purger=on|off]
[purger_files=number] [purger_sleep=time] [purger_threshold=time];
# 示例:在http配置定义缓存信息
proxy_cache_path /var/cache/nginx/proxy_cache #定义缓存保存路径,proxy_cache会自动创建
levels=1:2:2 #定义缓存目录结构层次,1:2:2可以生成2^4x2^8x2^8=2^20=1048576个目录
keys_zone=proxycache:20m #指内存中缓存的大小,主要用于存放key和metadata(如:使用次数),一般1M可存放8000个左右的key
inactive=120s #缓存有效时间
max_size=10g; #最大磁盘占用空间,磁盘存入文件内容的缓存空间最大值
# 调用缓存功能,需要定义在相应的配置段,如server{...};或者location等
proxy_cache proxycache;
proxy_cache_key $request_uri; #对指定的数据进行MD5的运算做为缓存的key
proxy_cache_valid 200 302 301 10m; #指定的状态码返回的数据缓存多长时间
proxy_cache_valid any 1m; #除指定的状态码返回的数据以外的缓存多长时间,必须
设置,否则不会缓存proxy_cache_use_stale error | timeout | invalid_header | updating | http_500 |
http_502 | http_503 | http_504 | http_403 | http_404 | off ; #默认是off
# 在被代理的后端服务器出现哪种情况下,可直接使用过期的缓存响应客户端
# 示例
proxy_cache_use_stale error http_502 http_503;proxy_cache_methods GET | HEAD | POST ...;
# 对哪些客户端请求方法对应的响应进行缓存,GET和HEAD方法总是被缓存
# 清理缓存
方法1: rm -rf 缓存目录
方法2: 第三方扩展模块ngx_cache_purge # 准备缓存配置
[root@nginx01 ~]# vim /apps/nginx/conf/nginx.conf
proxy_cache_path /apps/nginx/proxycache levels=1:1:1 keys_zone=proxycache:20m inactive=120s max_size=1g;
[root@nginx01 ~]# vim /apps/nginx/conf/conf.d/52.conf
server {
listen 80;
server_name 192.168.1.51;
location /static {
proxy_pass http://192.168.1.52/;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 5m;
}
location / {
index index.html index.php;
root /apps/nginx/html;
}
location ~ \.(jp?g|png|bmp|gif)$ {
proxy_pass http://192.168.1.11;
}
}
[root@nginx01 ~]# systemctl reload nginx
[root@nginx01 ~]# ll -d /apps/nginx/proxycache/
drwx------ 2 nginx root 6 Dec 12 08:22 /apps/nginx/proxycache/
[root@nginx01 ~]# tree /apps/nginx/proxycache/
/apps/nginx/proxycache/
0 directories, 0 files# 验证
[root@centos79-base01 ~]# curl http://192.168.1.51/static/log.html
[root@centos79-base01 ~]# ab -n 2000 -c200 http://192.168.1.51/static/log.html
Concurrency Level: 200
Time taken for tests: 12.323 seconds
Complete requests: 2000
Failed requests: 0
Write errors: 0
Total transferred: 3029186000 bytes
HTML transferred: 3028706000 bytes
Requests per second: 162.30 [#/sec] (mean)
Time per request: 1232.305 [ms] (mean)
Time per request: 6.162 [ms] (mean, across all concurrent requests)
Transfer rate: 240053.41 [Kbytes/sec] received
[root@nginx01 ~]# tree /apps/nginx/proxycache/
/apps/nginx/proxycache/
└── d
└── b
└── e
└── a971fce2cfaae636d54b5121d7a74ebd
3 directories, 1 file
[root@nginx01 ~]# head -n20 /apps/nginx/proxycache/d/b/e/a971fce2cfaae636d54b5121d7a74ebd
ctcgW"639672f8-171b71"
KEY: /static/log.html
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 12 Dec 2022 00:23:51 GMT
Content-Type: text/html
Content-Length: 1514353
Last-Modified: Mon, 12 Dec 2022 00:16:56 GMT
Connection: close
ETag: "639672f8-171b71"
Accept-Ranges: bytes
Nov 8 14:54:25 ubuntu2004 journal: Runtime journal is using 8.0M (max allowed 188.5M, trying to leave 282.8M free of 1.8G available → current limit 188.5M).
Nov 8 14:54:25 ubuntu2004 kernel: Initializing cgroup subsys cpuset
Nov 8 14:54:25 ubuntu2004 kernel: Initializing cgroup subsys cpu
Nov 8 14:54:25 ubuntu2004 kernel: Initializing cgroup subsys cpuacct
Nov 8 14:54:25 ubuntu2004 kernel: Linux version 3.10.0-1160.el7.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) ) #1 SMP Mon Oct 19 16:18:59 UTC 2020
Nov 8 14:54:25 ubuntu2004 kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-1160.el7.x86_64 root=/dev/mapper/centos-root ro crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet LANG=en_US.UTF-8
Nov 8 14:54:25 ubuntu2004 kernel: e820: BIOS-provided physical RAM map:
Nov 8 14:54:25 ubuntu2004 kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009ebff] usable
4、添加响应报文的头部信息
nginx基于模块ngx_http_headers_module可以实现对后端服务器响应给客户端的报文中添加指定的响应首部字段
Syntax: add_header name value [always];
Default: —
Context: http, server, location, if in location
# 添加响应报文的自定义首部:
add_header name value [always];
# 示例:
add_header X-Via $server_addr; # 当前nginx主机的IP
add_header X-Cache $upstream_cache_status; # 是否缓存命中
add_header X-Accel $server_name; # 客户访问的FQDN
# 添加自定义响应信息的尾部,使用较少,1.13.2版后支持
add_trailer name value [always];# Nginx 配置
location /static {
proxy_pass http://192.168.1.52/;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 1h;
proxy_cache_valid any 1m;
add_header X-Via $server_addr;
add_header X-Cache $upstream_cache_status;
add_header X-Accel $server_name;
}# 验证
[root@centos79-base01 ~]# curl -I http://192.168.1.51/static/log.html
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 12 Dec 2022 00:33:34 GMT
Content-Type: text/html
Content-Length: 1514353
Connection: keep-alive
Last-Modified: Mon, 12 Dec 2022 00:16:56 GMT
ETag: "639672f8-171b71"
X-Via: 192.168.1.51
X-Cache: MISS # 第一次无缓存
X-Accel: 192.168.1.51
Accept-Ranges: bytes
[root@centos79-base01 ~]# curl -I http://192.168.1.51/static/log.html
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 12 Dec 2022 00:42:47 GMT
Content-Type: text/html
Content-Length: 1514353
Connection: keep-alive
Last-Modified: Mon, 12 Dec 2022 00:16:56 GMT
ETag: "639672f8-171b71"
X-Via: 192.168.1.51
X-Cache: HIT # 第二次无缓存
X-Accel: 192.168.1.51
Accept-Ranges: bytes5、实现反向代理客户端 IP 透传
5.1、一级代理实现客户端IP透传
[root@nginx01 nginx-1.20.2]# vim /apps/nginx/conf/conf.d/52.conf
server {
listen 80;
server_name 192.168.1.51;
location /static {
proxy_pass http://192.168.1.52/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
index index.html index.php;
root /apps/nginx/html;
}
location ~ \.(jp?g|png|bmp|gif)$ {
proxy_pass http://192.168.1.11;
}
}
[root@nginx01 ~]# systemctl restart nginx
# 后端Apache配置:
[root@nginx02 html]# vim /etc/httpd/conf/httpd.conf
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@nginx02 html]# systemctl restart httpd
[root@nginx02 html]# cat /var/log/httpd/access_log
192.168.1.1 192.168.1.51 - - [12/Dec/2022:08:50:21 +0800] "GET / HTTP/1.0" 200 25 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Edg/108.0.1462.42"
[root@nginx02 html]# tail -f /var/log/httpd/access_log
192.168.1.1 192.168.1.51 - - [12/Dec/2022:08:50:21 +0800] "GET / HTTP/1.0" 200 25 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Edg/108.0.1462.42"
[root@nginx01 ~]# tail -f /apps/nginx/logs/access.log
192.168.1.11 - - [12/Dec/2022:08:33:31 +0800] "HEAD /static/log.html HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.1.11 - - [12/Dec/2022:08:33:32 +0800] "HEAD /static/log.html HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.1.11 - - [12/Dec/2022:08:33:32 +0800] "HEAD /static/log.html HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.1.11 - - [12/Dec/2022:08:33:33 +0800] "HEAD /static/log.html HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.1.11 - - [12/Dec/2022:08:33:33 +0800] "HEAD /static/log.html HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.1.11 - - [12/Dec/2022:08:33:33 +0800] "HEAD /static/log.html HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.1.11 - - [12/Dec/2022:08:33:34 +0800] "HEAD /static/log.html HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.1.11 - - [12/Dec/2022:08:33:34 +0800] "HEAD /static/log.html HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.1.11 - - [12/Dec/2022:08:42:47 +0800] "HEAD /static/log.html HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.1.1 - - [12/Dec/2022:08:50:21 +0800] "GET /static HTTP/1.1" 200 25 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Edg/108.0.1462.42"
5.2、多级代理实现客户端IP透传
# 第一个代理服务器
[root@nginx1 ~]#vim /apps/nginx/conf/nginx.conf
# 开启日志格式,记录x_forwarded_for
http {
include mime.types;
default_type application/octet-stream;
proxy_cache_path /data/nginx/proxycache levels=1:1:1
keys_zone=proxycache:20m inactive=120s max_size=1g;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
# 定义反向代理
[root@nginx1 ~]#vim /apps/nginx/conf/conf.d/pc.conf
server {
location / {
proxy_pass http://192.168.1.52;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
.......
}
# 第二个代理服务器
[root@nginx2 ~]#vim /apps/nginx/conf/nginx.conf
# 开启日志格式,记录x_forwarded_for
http {
include mime.types;
default_type application/octet-stream;
proxy_cache_path /data/nginx/proxycache levels=1:1:1
keys_zone=proxycache:20m inactive=120s max_size=1g;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
# 定义反向代理
[root@nginx2 ~]#vim /etc/nginx/nginx.conf
server {
location / {
proxy_pass http://192.168.1.11;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
.....
}
# 在第一个proxy上面查看日志
[root@nginx1 ~]#tail /apps/nginx/logs/access.log -f
192.168.1.1 - - [12/Dec/2022:08:33:34 +0800] "GET /index.html HTTP/1.1" 200 11 "-" "curl/7.58.0" "-"
# 在第二个proxy上面查看日志
[root@nginx2 ~]#tail /apps/nginx/logs/access.log -f
192.168.1.51 - - [12/Dec/2022:08:33:34 +0800] "GET /index.html HTTP/1.0" 200 11 "-" "curl/7.58.0" "10.0.0.7"
# 后端服务器配置日志格式
[root@centos7.9 ~]#vim /etc/httpd/conf/httpd.conf
LogFormat "\"%{x-Forwarded-For}i\" %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%
{User-Agent}i\"" testlog CustomLog "logs/access_log" testlog
# 测试访问
[root@centos7 ~]#curl 192.168.1.51/index.html
<h1> web site on 192.168.1.11 </h1>
# 后端服务器查看日志
[root@centos7.9 ~]#tail -f /var/log/httpd/access_log
"192.168.1.1, 192.168.1.51" 192.168.1.52 - - [12/Dec/2022:08:33:34 +0800] "GET
/index.html HTTP/1.0" 200 34 "-" "curl/7.29.0"
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
