• 使用nginx配置带有权限验证的反向代理


    环境:centos6u3

    1、安装nginx

    (1)上传nginx

    nginx-1.14.0.tar.gz。可以从nginx官网下载http://nginx.org/en/download.html

    (2)解压

    tar zxvf nginx-1.14.0.tar.gz

    (3)安装依赖包:

    yum install gcc gcc-c++ glibc automake pcre zlip zlib-devel openssl-devel pcre-devel wget lrzsz

    (4)配置账号:

    groupadd www
    useradd -s /sbin/nologin -g www -M www

    (5)编译、安装

    cd nginx-1.14.0
    ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module
    make
    make install

    (6)配置service
    vim /etc/init.d/nginx

    #!/bin/bash
    # nginx Startup script for the Nginx HTTP Server
    # it is v.0.0.2 version.
    # chkconfig: - 85 15
    # description: Nginx is a high-performance web and proxy server.
    #              It has a lot of features, but it's not for everyone.
    # processname: nginx
    # pidfile: /var/run/nginx.pid
    # config: /usr/local/nginx/conf/nginx.conf
    nginxd=/usr/local/nginx/sbin/nginx
    nginx_config=/usr/local/nginx/conf/nginx.conf
    nginx_pid=/var/run/nginx.pid
    RETVAL=0
    prog="nginx"
    # Source function library.
    . /etc/rc.d/init.d/functions
    # Source networking configuration.
    . /etc/sysconfig/network
    # Check that networking is up.
    [ ${NETWORKING} = "no" ] && exit 0
    [ -x $nginxd ] || exit 0
    # Start nginx daemons functions.
    start() {
    if [ -e $nginx_pid ];then
       echo "nginx already running...."
       exit 1
    fi
       echo -n $"Starting $prog: "
       daemon $nginxd -c ${nginx_config}
       RETVAL=$?
       echo
       [ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
       return $RETVAL
    }
    # Stop nginx daemons functions.
    stop() {
            echo -n $"Stopping $prog: "
            killproc $nginxd
            RETVAL=$?
            echo
            [ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid
    }
    # reload nginx service functions.
    reload() {
        echo -n $"Reloading $prog: "
        #kill -HUP `cat ${nginx_pid}`
        killproc $nginxd -HUP
        RETVAL=$?
        echo
    }
    # See how we were called.
    case "$1" in
    start)
            start
            ;;
    stop)
            stop
            ;;
    reload)
            reload
            ;;
    restart)
            stop
            start
            ;;
    status)
            status $prog
            RETVAL=$?
            ;;
    *)
            echo $"Usage: $prog {start|stop|restart|reload|status|help}"
            exit 1
    esac
    exit $RETVAL

    2、配置反向代理

    vim /usr/local/nginx/conf/nginx.conf

    #user  nobody;
    worker_processes  1;
    
    #error_log  logs/error.log;
    #error_log  logs/error.log  notice;
    #error_log  logs/error.log  info;
    
    #pid        logs/nginx.pid;
    
    
    events {
        worker_connections  1024;
    }
    
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
    
        #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
        #                  '$status $body_bytes_sent "$http_referer" '
        #                  '"$http_user_agent" "$http_x_forwarded_for"';
    
        #access_log  logs/access.log  main;
    
        sendfile        on;
        #tcp_nopush     on;
    
        #keepalive_timeout  0;
        keepalive_timeout  65;
    
        #gzip  on;
    
        server {
            listen       80;
            server_name  localhost;
    
            #charset koi8-r;
    
            #access_log  logs/host.access.log  main;
    
            location / {
                root   html;
                index  index.html index.htm;
            }
    
            location /public/ {
                proxy_pass http://ip:port/;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
                proxy_max_temp_file_size 0;
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
                proxy_buffer_size          64m;
                proxy_buffers              4 64m;
                proxy_busy_buffers_size    64m;
                proxy_temp_file_write_size 64m;
            }
    
            location /user/checkauth {
                proxy_pass http://ip:port/user/checkbotpageauth;
                proxy_pass_request_body off;
                proxy_set_header Content-Length "";
                proxy_set_header X-Original-URI $request_uri;
            }
    
            location /url/ {
                proxy_pass http://ip:port/url/;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
                proxy_max_temp_file_size 0;
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         1800;
                proxy_buffer_size          256m;
                proxy_buffers              4 256m;
                proxy_busy_buffers_size    256m;
                proxy_temp_file_write_size 256m;
    
                auth_request /user/checkauth;
            }
    
    
            #error_page  404              /404.html;
    
            # redirect server error pages to the static page /50x.html
            #
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
    
            # proxy the PHP scripts to Apache listening on 127.0.0.1:80
            #
            #location ~ .php$ {
            #    proxy_pass   http://127.0.0.1;
            #}
    
            # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
            #
            #location ~ .php$ {
            #    root           html;
            #    fastcgi_pass   127.0.0.1:9000;
            #    fastcgi_index  index.php;
            #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            #    include        fastcgi_params;
            #}
    
            # deny access to .htaccess files, if Apache's document root
            # concurs with nginx's one
            #
            #location ~ /.ht {
            #    deny  all;
            #}
        }
    
    
        # another virtual host using mix of IP-, name-, and port-based configuration
        #
        #server {
        #    listen       8000;
        #    listen       somename:8080;
        #    server_name  somename  alias  another.alias;
    
        #    location / {
        #        root   html;
        #        index  index.html index.htm;
        #    }
        #}
    
    
        # HTTPS server
        #
        #server {
        #    listen       443 ssl;
        #    server_name  localhost;
    
        #    ssl_certificate      cert.pem;
        #    ssl_certificate_key  cert.key;
    
        #    ssl_session_cache    shared:SSL:1m;
        #    ssl_session_timeout  5m;
    
        #    ssl_ciphers  HIGH:!aNULL:!MD5;
        #    ssl_prefer_server_ciphers  on;
    
        #    location / {
        #        root   html;
        #        index  index.html index.htm;
        #    }
        #}
    
    }

    注意,其中ip、port需要替换为具体ip、端口,/public、/url、/user/checkauth等为示例地址,需要根据具体情况修改。/user/checkauth接口,通过session判断是否有权限,没有权限返回http code 403,有权限返回200

    3、主页自动跳转

    vim /usr/local/nginx/html/index.html

    <html>
    <head>
    <title>欢迎</title>
    <meta http-equiv="refresh" content="0;url=/public/">
    </head>
    <body>
    <h1>正在跳转。。。</h1>
    </body>
    </html>

    4、启动nginx

    service nginx start

  • 相关阅读:
    study os
    open source [license]
    work serises------------patch
    interest in history-----------先秦
    python学习-----------argparse
    problems fixed
    work serises------------adb 使用
    零碎积累之--------------java环境相关
    Hash Table Five Finish
    Hash Table Four
  • 原文地址:https://www.cnblogs.com/oceanking/p/11896825.html
Copyright © 2020-2023  润新知