一、nginx.conf结构 events{} #nginx性能 stream{ upstream{ } server{ location{ } } } #四层转发 http{ upstream{ } server{ location{ } } } #七层转发 http { include /usr/local/nginx/conf.d/*.conf; #调用/usr/local/nginx/conf.d/下的配置文件 } 二三使用的upstream模块 upstream tomcat { server X.X.X.X:443 weight=100; } upstream raptor_tomcat { server X.X.X.X:8081 weight=100; } 二、server http代理http server { listen 18001; access_log /var/log/nginx/bl_http.log ngx_accss_json; location /status { stub_status on; access_log off; allow 127.0.0.1; allow 10.0.17.27; allow 10.0.1.142; deny all; } location / { proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass http://bl_tomcat; #Proxy Settings proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_ignore_client_abort on; proxy_max_temp_file_size 0; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } } #####http代理https 如果代理的后端是https服务,需要把黄色的代码改为https://bl_tomcat; 三、server https代理https server { listen 8443 ssl; server_name *.intellicredit.cn; root html; ssl on; ssl_certificate /usr/local/nginx/certs/intellicre.crt; ssl_certificate_key /usr/local/nginx/certs/intellicredit.cn.key; ssl_session_cache shared:SSL:20m; ssl_session_timeout 20m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; access_log /var/log/nginx/bl_https.log; location / { proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass https://tomcat; #Proxy Settings proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_ignore_client_abort on; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } } ##### 如果代理的后端是http服务,需要把黄色的代码改为http://tomcat; 四、四层TCP代理TCP,使用stream模块,nginx -V查看是否支持stream模块 stream { upstream test { hash $remote_addr consistent; server 1.1.1.1:80 weight=100; } server { listen 8080; proxy_connect_timeout 5s; proxy_timeout 5s; proxy_pass test; } }