• Nginx基本功能及其原理,配置原理




    相关内容原文地址:

    简书:joyitsai:Nginx基本功能及其原理
    博客园:得你归去来:nginx 配置管理



    一、正向代理、反向代理

    1. 正向代理:

      正向代理的过程,它隐藏了真实的请求客户端,服务端不知道真实的客户端是谁,客户端请求的服务都被代理服务器代替来
      请求,某些科学上网工具扮演的就是典型的正向代理角色。用浏览器访问google时,被残忍的block,于是你可以在国外搭建一台代理服务器,让代理帮我去请求google,代理把请求返回的相应结构再返回给我。

    在这里插入图片描述

    1. 反向代理:

      反向代理隐藏了真实的服务端,当我们请求ww.baidu.com 的时候,就像拨打10086一样,背后可能有成千上万台服务器为我们服务,但具体是哪一台,你不知道,也不需要知道,你只需要知道反向代理服务器是谁就好了,www.baidu.com 就是我们的反向代理服务器,反向代理服务器会帮我们把请求转发到真实的服务器那里去。Nginx就是性能非常好的反向代理服务器,用来做负载均衡。

    在这里插入图片描述

    两者的区别在于代理的对象不一样: 正向代理是为客户端代理,反向代理是为服务端代理

    nginx能实现负载均衡,什么是负载均衡呢?就是我的项目部署在不同的服务器上,但是通过统一的域名进入,nginx则对请求进行分发,减轻了服务器的压力。

    在上面这两种情况下,nginx服务器的作用都只是作为分发服务器,真正的内容,我们可以放在其他的服务器上,这样来,还能起到一层安全隔壁的作用,nginx作为隔离层

    其次,nginx还能解决跨域的问题

    二、Nginx配置文件的整体结构

    在这里插入图片描述

    在这里插入图片描述

    三、Nginx配置SSL及HTTP跳转到HTTPS

    # Settings for a TLS enabled server.
    
    # 如果是http请求默认访问80端口,此时return强行301重定向到https://www.joyitsai.com
    
    server {
    
      listen 80;
    
      server_name www.joyitsai.com;
    
      return 301 https://www.joyitsai.com$request_uri;
    
      # 把http重定向到https使用了nginx的重定向命令,之前老版本的nginx可能使用了以下类似的格式:
      # rewrite ^/(.*)$ http://www.joyitsai.com/$1 permanent;
      # 或者:
      # rewrite ^ http://www.joyitsai.com$request_uri? permanent;
      # 现在nginx新版本已经换了种写法,上面这些已经不再推荐。现在网上可能还有很多文章写的是第一种。
      # 新的写法比较推荐方式是:return 301 https://www.joyitsai.com$request_uri;
    }
    
    server {
    
      listen 443;
      server_name www.joyitsai.com;
      root /data/release/weapp/uploadFiles;
    
      # 开启ssl功能
      ssl on;
    
      # 配置ssl证书,直接用.pem和.key文件的绝对路径
    
      ssl_certificate/data/release/nginx/1535530361992.pem;
    
      ssl_certificate_key/data/release/nginx/1535530361992.key;
    
      ssl_session_timeout 5m;
    
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
      ssl_ciphers ECDHE - RSA - AES128 - GCM - SHA256: ECDHE: ECDH: AES: HIGH: !NULL: !aNULL: !MD5: !ADH: !RC4;
    
      ssl_prefer_server_ciphers on;
    
      location / {
    
         proxy_pass http://app_weapp;
    
         proxy_http_version 1.1;
    
         proxy_set_header Upgrade $http_upgrade;
    
         proxy_set_header Connection 'upgrade';
    
         proxy_set_header Host $host;
    
         proxy_cache_bypass $http_upgrade;
    
      }
    
      location /images/ {
        autoindex on;
      }
    
      # 配置uri, ~用于正则uri前,其中.(png|jpg)为正则表达式,如果后缀是.png或.jpg的url请求,则匹配成功
      # root用于配置接收到请求以后查找资源的根目录路径
    
      location ~ .(png|jpg) {
         root /data/release/weapp/uploadFiles;
      }
    
      error_page 404 /404.html;
    
      location = /40x.html {
      }
    
      error_page 500 502 503 504 /50x.html;
    
      location = /50x.html {
      }
    }
    

    四、nginx 配置管理

    博客园:得你归去来:nginx 配置管理

    nginx.conf,作为最外层的配置文件,主要设置一些基础的配置就好了,如内存配置,日志格式配置,线程配置等,最后使用一个include conf.d/* 将其他配置文件包含进来即可。

    【nginx.conf 基础配置】

    user  nginx;
    worker_processes  auto;
    
    error_log  /data/var/log/nginx/error.log debug;
    #error_log  logs/error.log  notice;
    #error_log  logs/error.log  info;
    
    #pid        logs/nginx.pid;
    
    
    events {
        worker_connections  1024;
    }
    
    # load modules compiled as Dynamic Shared Object (DSO)
    #
    #dso {
    #    load ngx_http_fastcgi_module.so;
    #    load ngx_http_rewrite_module.so;
    #}
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
        autoindex off;
        server_tokens off;
            
        server_names_hash_bucket_size 128;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 20m;
        client_body_buffer_size 256k;
          
        sendfile on;
        tcp_nopush     on;
        keepalive_timeout 60;
        tcp_nodelay on;
      
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 128k;
        fastcgi_buffers 32 256k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
    
        gzip  on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_comp_level 2;
        gzip_min_length 1k;
        gzip_buffers 4 16k;
        gzip_http_version 1.1;
        gzip_types text/plain application/x-javascript text/css application/xml application/javascript;
    
        log_format main '$request_time $upstream_response_time $remote_addr - $upstream_addr [$time_local] '
        '"$host" "$request" $status $bytes_sent '
        '"$http_referer" "$http_user_agent" "$gzip_ratio" "$http_x_forwarded_for" - "$server_addr" ';
    
        access_log /data/var/log/nginx/access.log main;
    
        include conf.d/*.conf;
    
    }
    

    【conf.d/*, 具体的域名配置,http://】

    upstream 3ctest_x123_com {
        server 192.168.1.103:81;
        keepalive 8;
    }
    upstream mytest_x123_com {
        server 192.168.1.103:80;
        keepalive 8;
    }
    upstream 3capi_x123_com {
        server 192.168.1.103:9002;
        keepalive 8;
    }
    upstream yhapi_x123_com {
        server 192.168.1.103:8089;
        keepalive 8;
    }
    
    server {
            listen 80;
            server_name 3ctest.x123.com;
            location / {
                    proxy_pass http://3ctest_x123_com;
                    proxy_set_header Host $host;
                    proxy_redirect off;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_connect_timeout 60;
                    proxy_read_timeout 600;
                    proxy_send_timeout 600;
            }
    }
    
    
    server {
            listen 80;
            server_name mytest.x123.com;
            location / {
                    proxy_pass http://mytest_x123_com;
                    proxy_set_header Host $host;
                    proxy_redirect off;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_connect_timeout 60;
                    proxy_read_timeout 600;
                    proxy_send_timeout 600;
                    }
    }
    
    server {
            listen 80;
            server_name 3capi.x123.com;
            location / {
                    proxy_pass http://3capi_x123_com;
                    proxy_set_header Host $host;
                    proxy_redirect off;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_connect_timeout 60;
                    proxy_read_timeout 600;
                    proxy_send_timeout 600;
                    }
    }
    
    server {
            listen 80;
            server_name yhapi.x123.com;
            location / {
                    proxy_pass http://yhapi_x123_com;
                    proxy_set_header Host $host;
                    proxy_redirect off;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_connect_timeout 60;
                    proxy_read_timeout 600;
                    proxy_send_timeout 600;
                    }
    }
    
    
    server {
            listen 80;
            server_name 192.168.1.22;
            location / {
                    proxy_pass http://192.168.1.22;
                    proxy_set_header Host $host;
                    proxy_redirect off;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_connect_timeout 60;
                    proxy_read_timeout 600;
                    proxy_send_timeout 600;
            }
    }
    
    upstream 192.168.1.22 {
        server 192.168.1.22:88;
        keepalive 8;
    }
    

    【Https:// 配置】

    server {
        listen       443 ssl;
        server_name  wx.mysite1.com;
        ssl         on;
        ssl_certificate /etc/nginx/conf.d/ssl/mysite1.crt;
        ssl_certificate_key /etc/nginx/conf.d/ssl/mysite1.key;
        ssl_session_cache shared:SSL:200m;
        ssl_session_timeout 20m;
    
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    
        location / {
            #proxy_set_header    Host              $http_host;
        
        #proxy_set_header Host $http_host;
        #proxy_set_header X-Forwarded-For $remote_addr;
            
        # online
            #proxy_redirect      http://192.168.1.22/  http://$http_host/;
            #proxy_pass          http://shmc.mysite1.com;
    
            #proxy_pass          http://192.168.1.22/;
            #index index.html;
            #root /data/www/;
    
    #       if ( $cookie_COOKIE ~* "(.*)$") {
    #                set $all_cookie $1;
    #        }
    #        proxy_set_header Cookie "$http_cookie; node_id=018";
    
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
        add_header Access-Control-Allow-Origin *;
            proxy_pass          http://192.168.1.22;
            proxy_redirect off;
        }
    }
    
    server {
        listen       80;
        server_name  wx.mysite1.com;
        location / {
            proxy_set_header    Host              $host;
            # online
            #proxy_redirect      http://192.168.1.22/  http://$http_host/;
            #proxy_pass          http://shmc.mysite1.com;
            proxy_pass          http://192.168.1.22/;
            #index index.html;
            #root /data/www/;
        }
    }
    
  • 相关阅读:
    js处理select操作总结
    IntelliJ IDEA 下载 安装
    PropertiesConfiguration处理properties
    CentOS操作系统,安装完毕后只能在“命令行模式”下登陆,无法进入“图形化界面”
    java客户端Ip获取
    加载依赖的jar包在命令行编译和运行java文件
    request.getSession(true)和request.getSession(false)的区别
    Spring在web请求中定义编码(org.springframework.web.filter.CharacterEncodingFilter)
    java操作redis
    【http】生命周期和http管道技术 整理中
  • 原文地址:https://www.cnblogs.com/aixing/p/13327243.html
Copyright © 2020-2023  润新知