nginx反向代理

一、nginx.conf结构

events{}        #nginx性能
stream{
        upstream{
        }
        server{
                location{
                }
        }
}        #四层转发
http{
        upstream{
        }
        server{
                location{
                }
        }
}            #七层转发

http {
    include /usr/local/nginx/conf.d/*.conf;        #调用/usr/local/nginx/conf.d/下的配置文件
}

二三使用的upstream模块
upstream tomcat {
        server X.X.X.X:443 weight=100;
}
upstream raptor_tomcat {
        server X.X.X.X:8081 weight=100;
}

二、server http代理http
server {
        listen   18001;
        access_log  /var/log/nginx/bl_http.log ngx_accss_json;
        location /status {
                stub_status on;
                access_log off;
                allow 127.0.0.1;
                allow 10.0.17.27;
                allow 10.0.1.142;
                deny all;
        }
        location / {
                proxy_http_version 1.1;
                proxy_set_header Connection "";
                proxy_pass http://bl_tomcat;
                #Proxy Settings
                proxy_redirect     off;
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                #proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
                proxy_set_header   X-Forwarded-For  $http_x_forwarded_for;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
                proxy_ignore_client_abort  on;
                proxy_max_temp_file_size 0;
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
        }
}
#####http代理https
如果代理的后端是https服务，需要把黄色的代码改为https://bl_tomcat;




三、server https代理https
server {
        listen       8443 ssl;
        server_name  *.intellicredit.cn;
        root         html;
        ssl    on;
        ssl_certificate      /usr/local/nginx/certs/intellicre.crt;
        ssl_certificate_key  /usr/local/nginx/certs/intellicredit.cn.key;
        ssl_session_cache    shared:SSL:20m;
        ssl_session_timeout  20m;
        ssl_protocols    TLSv1 TLSv1.1 TLSv1.2;
        access_log  /var/log/nginx/bl_https.log;
        location / {
                proxy_http_version 1.1;
                proxy_set_header Connection "";
                proxy_pass https://tomcat;
                #Proxy Settings
                proxy_redirect     off;
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
                proxy_max_temp_file_size 0;
                proxy_ignore_client_abort  on;
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
        }
}
#####
如果代理的后端是http服务，需要把黄色的代码改为http://tomcat;




四、四层TCP代理TCP，使用stream模块，nginx -V查看是否支持stream模块
stream {
        upstream test {
                hash $remote_addr consistent;
                server 1.1.1.1:80 weight=100;
        }
        server {
                listen 8080;
                proxy_connect_timeout 5s;
                proxy_timeout 5s;
                proxy_pass test;
        }
}