1. What is reverse proxy?
First, let's give a metaphor:
In a residential area, if two households share the same name and surname, it is difficult to find the correct target object without specifying the first floor of the House.
If the above situation is reflected in the server and LAN:
That is, two or more servers in a LAN may use the same port, for example, HTTP standard port 80 ). In this case, because both servers have a public IP after the vro), either force one of the servers to switch to the default port 80, for example, 81, then, the vro maps port 81 on the Internet to port 80 on the target server of the Intranet), or forwards all requests directed to port 80 to the same proxy server, then the proxy server is allocated to select different servers based on different URLs)
The proxy server mentioned above is the "reverse proxy" to be set up in this article ". This is called "reverse" because the server first obtains external requests and then correctly directs the requests to the Intranet server. This process is called "reverse ". Instead, if an intranet computer sends an Internet request to the proxy server, then the proxy server forwards the correct Internet URL and website information to the Intranet computer, this process is called "forward", that is, the "Proxy Server" that we generally understand is the one that can help you navigate through the wall ).
2. Platform Selection
After knowing what "reverse proxy" is, the next step is the selection of the system platform and software platform. As mentioned above, I only need a simple reverse proxy function. On this premise, I decided to choose the simplest and most stable platform-this first ruled out the combination of Windows + ISA.
Speaking of stability, we generally think of Linux, and I am no exception. However, even in Linux, there are graphic interfaces with and without UIS ). Considering that after the reverse proxy is set, maintenance is basically no longer required unless the Server IP address changes, which is usually fixed), I finally decided to discard the Windows platform, ubuntu Server is not the desktop version. The system does not have a graphical interface, but it can also be installed)
There are two well-known software that can implement reverse proxy in Linux): Apache and NginX
The latter is famous for its simplicity and convenience, so I chose the latter.
So I will summarize my Reverse Proxy Server Runtime Environment:
Hardware Platform: Virtual Machine above Hyper-V, MB memory dynamic)
System Platform: Ubuntu Server 12.04.1 has no graphical interface. Select the OpenSSH environment for installation)
Software Platform: NginX + OpenSSL
3. Install software
OpenSSH should have been installed when the environment is selected. If not, run the following command to complete the installation:
Sudo apt-get install openssh-server
You can install the server. It is mainly used to edit documents under Windows to facilitate file transfer )......
After OpenSSH is installed, you can directly use it without any settings. However, we recommend that you replace the default port 22 with the Public/Private Key, but this is not covered in this article)
Next, install NginX and run the following command:
Sudo apt-get install nginx
After the installation is complete, the service is directly enabled. All we need to do is edit the control file. next article will introduce it). Now we will do other preparation work first.
Convert the format of the Domain Name Certificate of Windows Home Server to provide SSL support in NginX)
WHS Domain Name Certificate everywhere approach see: http://cnbeta.blog.51cto.com/1234897/1032880
The exported File is uploaded to the Linux server via SSH. I use SSH Secure File Transfer)
Note: If the upload fails or an error is reported, it is usually the Chmod command that you do not have the permission to change)
I put the whs2011.pfx Domain Name Certificate in the $ home directory under Linux, and then perform the following operations:
Openssl pkcs12-in whs2011.pfx-nokeys-out whs. pem
Openssl pkcs12-in whs2011.pfx-out whs. key-nocerts-nodes
650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/03243A2Z-0.png "border =" 0 "alt =" "/>
The required password is the one you set when exporting the certificate.
After the above files are generated, copy these files to the ssl folder that does not exist under etc \ nginx \ ssl \. Please create your own)
This article is from the "www.DIYPCs.com" blog, please be sure to keep this source http://cnbeta.blog.51cto.com/1234897/1032897