Because the company intranet has more than one server HTTP service to map to the corporate extranet static IP, if you use the port map of the route to do, only one intranet server 80 port mapped to the external network 80 port, the other server's 80 port can only be mapped to the external network of non-80 port. Non-80 port mapping in the time of access to the domain name plus port, more trouble. And the company portal route can only do up to 20 port mappings. Definitely not enough for later.
Then found in the intranet can build a Nginx reverse proxy server, the Nginx reverse proxy Server 80 mapping to the external IP 80, so that the domain name to the company's external IP address of the HTTP request will be sent to the Nginx reverse proxy server, Using Nginx reverse proxy to forward the request of different domain name to the port of different machine in the intranet, it has the effect of "automatically forwarding to the specific port of the corresponding server according to the domain name", and the router's port mapping is only "automatically forwarded to the specific port of the corresponding server according to different ports".
The goal of this experiment is to do: in the browser input xxx123.tk can access to the intranet machine 192.168.10.38 3000 port, input xxx456.tk can access to the intranet machine 192.168.10.40 80 port.
Vim nginx.conf
worker_processes 1;error_log logs/error.log;pid logs/nginx.pid;worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535;} http { include mime.types; default_type application/octet-stream; include /usr/local/nginx/conf/reverse-proxy.conf; sendfile on; keepalive_timeout 65; gzip on; client_max_body_size 50m; #缓冲区代理缓冲用户端请求的最大字节数, can be understood to be saved to local and then passed to the user client_body_buffer_size 256k; client_header_timeout 3m; client_body_timeout 3m; send_timeout 3m; proxy_connect_timeout 300s; #nginx跟后端服务器连接超时时间 (proxy connection timeout) proxy_read_timeout 300s; #连接成功后, back-end server response time (proxy receive timeout) proxy_send_timeout 300s; proxy_ buffer_size 64k; #设置代理服务器 (nginx) buffer size for saving user header information proxy_buffers 4 32k; #proxy_buffers缓冲区, the average page below 32k, so set proxy_busy_buffers_size 64k; # Buffer size under high load (proxy_buffers*2) proxy_temp_file_write_size 64k; #设定缓存文件夹大小, greater than this value, Requests will be delivered from the upstream server without buffering to disk proxy_ignore_client_abort on; #不允许代理端主动关闭连接 server { listen 80; server_name localhost; location / { root html; index index.html Index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }}
server{ listen 80; server_name xxx123.tk; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote _addr; proxy_set_header X-Forwarded-For $proxy _add_x_forwarded_for; proxy_pass http://192.168.10.38:3000; } access_log logs/xxx123.tk_access.log;} server{ listen 80; server_name xxx456.tk; location / { proxy_redirect off; proxy_set_header host $host; proxy_set_header x-real-ip $remote _addr; proxy_set_header X-Forwarded-For $proxy _add_x_forwarded_ for; proxy_pass http://192.168.10.40:80; } access_log logs/xxx456.tk_access.log;}
Enter xxx123.tk in the browser when accessing the intranet server 192.168.10.38 3000 port, enter the role of xxx456.tk access 192.168.10.40 80 port. If you want to load balance the back-end machine, like the following configuration can be distributed to the nagios.xxx123.tk request to the network of 131 and 132 of the two machines do load balance.
upstream monitor_server { server 192.168.0.131:80; server 192.168.0.132:80;} server{ listen 80; server_name nagios.xxx123.tk; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote _addr; proxy_set_header X-Forwarded-For $proxy _add_x_forwarded_for; proxy_pass http://monitor_server; } access_log logs/nagios.xxx123.tk_access.log;}
The following is not configured before, and occasionally the 504 Gateway timeout is present during the visit
Proxy_connect_timeout 300s; Proxy_read_timeout 300s; Proxy_send_timeout 300s; Proxy_buffer_size 64k; Proxy_buffers 4 32k; Proxy_busy_buffers_size 64k; Proxy_temp_file_write_size 64k; Proxy_ignore_client_abort on;
Constructing Nginx reverse proxy for intranet domain name forwarding