HTTP Proxy)

The HTTP Proxy module (HTTP Proxy) returns the directory. The Digest module can forward requests to other servers. HTTP/1.0 cannot use keepalive (the backend server will create and delete connections for each request ). Nginx sends HTTP/1.1 to the browser and HTTP/1.0 to the backend server, so that the browser can process keepalive for the browser. For example: Location/{proxy_pass http: // localhost: 8000; proxy_set_header X-real-IP $ remote_addr;} when using the HTTP Proxy module (or even FastCGI ), all connection requests are cached by nginx before they are sent to the backend server. Therefore, the progress may be incorrect when measuring data transferred from the backend. · Command proxy_buffer_size Syntax: proxy_buffer_size the_size default value: proxy_buffer_size 4 K/8 K use field: HTTP, server, location set the buffer size for the first part of the response read from the proxy server. Generally, this part of the response contains a small response header. By default, this value is the size of a buffer specified in the instruction proxy_buffers, but it can be set to a smaller value. Proxy_buffering Syntax: proxy_buffering on | off default value: proxy_buffering on field: HTTP, server, and location enable response buffering for the backend server. If caching is enabled, if the proxy server can quickly pass the response and put it into the buffer, you can use proxy_buffer_size and proxy_buffers to set relevant parameters. If the response cannot be fully stored in the memory, write it to the hard disk. If buffering is disabled, responses sent from the backend are immediately sent to the client. Nginx ignores the number of responses and the size of all responses on the proxy server, and accepts the value specified by proxy_buffer_size. This command must be disabled for Long-polling-based comet applications. Otherwise, asynchronous responses will be buffered and comet will not work properly. Proxy_buffers Syntax: proxy_buffers the_number is_size; default value: proxy_buffers 8 4 K/8 K; use field: HTTP, server, location settings for read response (from the proxy server) the number and size of the buffer. The default value is the page size, which may be 4 K or 8 K Depending on the operating system. Proxy_busy_buffers_size Syntax: proxy_busy_buffers_size size; default value: proxy_busy_buffers_size ["# proxy buffer size"] * 2; field used: HTTP, server, location, if unknown. Proxy_cache Syntax: proxy_cache zone_name; default value: none use field: HTTP, server, location set the name of a cache region, a same region can be used in different places. After 0.7.48, the cache follows the backend cache-control, expires, and others. The cache depends on the proxy's buffer. If proxy_buffers is set to off, it will not take effect. Proxy_cache_path Syntax: proxy_cache_path path [levels = number] keys_zone = zone_name: zone_size [inactive = time] [max_size = size]; default value: None field used: the HTTP command specifies the cache path and some other parameters. The cached data is stored in the file. The cached file name and key are the MD5 code of the proxy URL. The levels parameter specifies the number of cached subdirectories, for example, proxy_cache_path/data/nginx/cache levels = keys_zone = one: 10 m; the file name is similar: /data/nginx/Cache/C/29/b7f54b2df7773722d382f4809d42429c all active keys and metadata are stored in the shared memory area, which is specified by the keys_zone parameter, if the cached data is not requested within the time specified by the inactive parameter, the data is deleted. The default value of inactive is 10 minutes. The cache manager process controls the disk cache size. As defined in the max_size parameter, when the disk size is exceeded, the minimum data used will be deleted. The size of a region is set based on the proportion of the number of cached pages. The metadata size of a page (File) is determined by the operating system. The value of FreeBSD/i386 is 64 bytes, freeBSD/amd64 is 128 bytes. When the region is full, the key is processed according to LRU (least recently used algorithm. Proxy_cache_path and proxy_temp_path should be used on the same file system. Proxy_cache_methods Syntax: proxy_cache_methods [get head post]; default value: proxy_cache_methods get head; field: HTTP, server, location get/head used to describe the statement, that is, you cannot disable get/head even if you only use the following statement settings: proxy_cache_methods post; proxy_cache_min_uses Syntax: proxy_cache_min_uses the_number; default value: Limit 1; field used: HTTP, server, after the number of location queries, the response will be cached. The default value is 1. Proxy_cache_valid Syntax: proxy_cache_valid reply_code [reply_code...] time; default value: none use field: HTTP, server, location for different responses set different cache time, for example: proxy_cache_valid 200 302 10 m; proxy_cache_valid 404 1 m; set the cache time to 10 minutes for response code 200 and 302, and 404 code cache for 1 minute. If only the time is defined: proxy_cache_valid 5 m; then only the response code 200,301 and 302 is cached. You can also use the any parameter for any response. Proxy_cache_valid 200 302 10 m; proxy_cache_valid 301 1 h; proxy_cache_valid any 1 m; proxy_cache_use_stale Syntax: proxy_cache_use_stale [error | timeout | updating | invalid_header | http_500 | http_502 | http_503 | http_504 | http_404 | off] [...]; default Value: proxy_cache_use_stale off; field used: HTTP, server, location unknown. The parameters of this command are similar to the proxy_next_upstream command. Proxy_connect_timeout Syntax: proxy_connect_timeout timeout_in_seconds field: HTTP, server, location specifies a timeout time for connecting to the proxy server. This time is not the time when the server returns the page, but the proxy_read_timeout statement. Your proxy server runs normally at any time, but if the server encounters some situations (for example, if there are not enough threads to process the request, the request will be put in a connection pool for delayed processing ), this statement does not help the server establish a connection. Proxy_headers_hash_bucket_size Syntax: proxy_headers_hash_bucket_size size; default value: proxy_headers_hash_bucket_size 64; use fields: HTTP, server, location, if, to set the size of each data stored in the hash table (see ). Proxy_headers_hash_max_size Syntax: proxy_headers_hash_max_size size; default value: proxy_headers_hash_max_size 512; use fields: HTTP, server, location, if to set the maximum value of the hash table (see the description ). Proxy_hide_header Syntax: proxy_hide_header the_header use field: HTTP, server, location nginx is not sent from the proxy server "date", "server ", "X-pad" and "X-accel -... "The response is forwarded. This parameter allows you to hide some other header fields. However, if the header field mentioned above must be forwarded, you can use the proxy_pass_header command, for example: you can use the following configuration to hide MS-officewebserver and ASPnet-version: Location/{proxy_hide_header X-ASPnet-version; proxy_hide_header microsoftofficewebserver ;} this command is useful when X-accel-redirect is used. For example, you may need to set a return header for a file to be downloaded on the backend application server. The X-accel-redirect field is the file, at the same time, there must be an appropriate Content-Type. However, the redirected URL will point to the file server that contains the file, and the server passes its own Content-Type, this may not be correct. In this way, the Content-Type passed by the backend application server is ignored. To avoid this situation, you can use this command: Location/{proxy_pass http: // backend_servers;} location/files/{proxy_pass http: // fileserver; proxy_hide_header content-type; proxy_ignore_client_abort Syntax: proxy_ignore_client_abort [ON | off] default value: proxy_ignore_client_abort off field: HTTP, server, location to prevent the proxy request from being interrupted when the client requests. Proxy_ignore_headers Syntax: proxy_ignore_headers name [name...] default value: none use field: HTTP, server, location this command (0.7.54 +) cannot process responses from proxy server. The fields that can be specified are "X-accel-redirect", "x-accel-Expires", "expires", or "cache-control ". Proxy_intercept_errors Syntax: proxy_intercept_errors [ON | off] default value: proxy_intercept_errors off use field: HTTP, server, location enable nginx to block HTTP response code 400 or higher. By default, all responses from the proxy server will be passed. If it is set to on, nginx will process the blocked code in an error_page command. If no matching processing method exists in this error_page, then, the error response sent by the proxy server is transmitted as is. Proxy_max_temp_file_size Syntax: proxy_max_temp_file_size size; default value: proxy_max_temp_file_size 1g; use the field: HTTP, server, location, if the current buffer is too large, use the maximum value of a temporary file, transfer requests synchronously without writing them to the disk for caching. If this value is set to zero, temporary files are not allowed. Proxy_method Syntax: proxy_method [Method] default value: none use field: HTTP, server, location allows proxy of some other HTTP access methods. If this command is specified, nginx only allows one request containing a single HTTP access method (specified in this command). Therefore, it is not very useful for requests such as subversion proxy. Example configuration: proxy_method PROPFIND; usage Syntax: proxy_next_upstream [error | timeout | invalid_header | http_500 | http_502 | http_503 | http_504 | http_404 | off] default value: accept error timeout field: HTTP, server, location determines under which circumstances the request will be forwarded to the next server: · error-An error occurred when connecting to a server, sending a request, or reading the response. · Timeout-timeout occurs when a server is connected, a request is forwarded, or a response is read. · INVALID _ header-the server returns an empty or incorrect response. · HTTP _ 500-code 500 is returned from the server. · HTTP _ 502-code 502 is returned from the server. · HTTP _ 503-code 503 is returned from the server. · HTTP _ 504-code 504 is returned from the server. · HTTP _ 404-Code 404 is returned from the server. · Off-Prohibit forwarding requests to the next server. The forwarding request only occurs when no data is transmitted to the client. Proxy_pass Syntax: proxy_pass URL default value: No use field: location, if field in location to determine the URL, port and socket to proxy. You can use the host name and port, for example, proxy_pass http: // localhost: 8000/Uri, or UNIX socket: proxy_pass Unix:/path/to/backend. the URI part of the socket request forwarded to the server (the part after the location field) will be the URI of the value specified by proxy_pass. For example, if your location field is/name/and proxy_pass is http: // 127.0.0.1, the request/name/test will be forwarded to http: // 127.0.0.1/test. However, there are two exceptions to the above rules, and then the location: location to be replaced cannot be determined to use a regular expression. Use the rewrite command to change the URI in the location of the proxy. Using this configuration can more accurately process the request (break ): location/name/{rewrite/name/([^/] +)/users? Name = required break; proxy_pass http: // 127.0.0.1;} in these cases, the URI is not passed by ing. In addition, you may need to specify that the URI will be forwarded in the same way, because it is sent from the client rather than in the processed form. In the course of its work: · more than two slashes will be replaced with one: "//" -- "/"; · Delete the referenced Current Directory :"/. /"--"/"; · Delete the referenced previous directory:"/DIR /.. /"--"/". If the URI must be sent in the form of unprocessed on the server, you must use the URL: Location/Some/path/{proxy_pass http: // 127.0.0.1;} using variables in the command is a special case: the requested URL is not used and you must manually mark the URL. This means that the following configuration does not allow you to easily enter a virtual host directory you want. The proxy always forwards it to the same URL (in the configuration of a server field ): location/{proxy_pass http: // 127.0.0.1: 8080/virtualhostbase/https/$ SERVER_NAME: 443/Some/path/virtualhostroot;} the solution is to use a combination of rewrite and proxy_pass: location/{rewrite ^ (. *) $/virtualhostbase/https/$ SERVER_NAME: 443/Some/path/virtualhostroot/ũ break; proxy_pass http: // 127.0.0.1: 8080 ;} in this case, the requested URL will be overwritten, And the trailing slash in proxy_pass does not actually make sense. Proxy_pass_header Syntax: proxy_pass_header the_name field used: HTTP, server, location this command allows forwarding of some blocked response headers. For example: Location/{proxy_pass_header server; proxy_pass_header X-myheader;} proxy_pass_request_body Syntax: proxy_pass_request_body [ON | off]; default value: Login on; field: HTTP, server, available location version: 0.1.29 prepare Syntax: proxy_pass_request_headers [ON | off]; default value: proxy_pass_request_headers on; field used: HTTP, server, location available version: 0.1.29 proxy_redirect Syntax: proxy_redirect [defaul T | off | redirect replacement] default value: proxy_redirect default use field: HTTP, server, location if you need to modify the "location" and "refresh" fields in the response header sent from the proxy server, you can use this command to set. Assume that the location field returned by the proxy server is: http: // localhost: 8000/Two/Some/uri/. This command: proxy_redirect http: // localhost: 8000/Two/HTTP: // frontend/One/; rewrite the location field to http: // frontend/One/Some/uri /. In the field that is replaced, you can leave the server name proxy_redirect http: // localhost: 8000/Two //; to use the basic name and port of the server, even if it comes from a non-port 80. If the "default" parameter is used, it is determined based on the settings of the location and proxy_pass parameters. For example, the following two configurations are equivalent: Location/One/{proxy_pass http: // upstream: Port/Two/; proxy_redirect default;} location/One/{proxy_pass http: // upstream: port/Two/; proxy_redirect http: // upstream: Port/Two // One/;} some variables can be used in the command: proxy_redirect http: // localhost: 8000/HTTP: // $ HOST: $ server_port/; this command can be repeated sometimes: proxy_redirect default; proxy_redirect http: // localhost: 8000 //; proxy_redirect http://www.example.com //; the parameter off will Disable all proxy_redirect commands in this field: proxy_redirect off; proxy_redirect default; proxy_redirect http: // localhost: 8000 //; proxy_redirect http://www.example.com //; this command can be used to add the Host Name: proxy_redirect //; proxy_read_timeout Syntax: proxy_read_timeout the_time default value: proxy_read_timeout 60 field: HTTP, server, location determines the supermarket time for reading the response from the backend server. It determines how long nginx will wait to obtain a request response. Timeout refers to the timeout time when the handshake is completed and the status is established, rather than all the response times. Compared with proxy_connect_timeout, this time can be captured by a server that puts your connection into the connection pool for delay processing and does not transmit data. Be sure not to set this value too low, in some cases, the proxy server takes a long time to obtain page responses (for example, when receiving a report that requires a lot of computing). Of course, you can set multiple different locations. If no data is transmitted by the proxy server within the set time, nginx closes the connection. Proxy_redirect_errors is not recommended. Use proxy_intercept_errors. Proxy_send_lowat Syntax: proxy_send_lowat [ON | off] default value: proxy_send_lowat off; use field: HTTP, server, location, if to set so_sndlowat. This command is only used for FreeBSD. Proxy_send_timeout Syntax: proxy_send_timeout time_in_seconds default value: proxy_send_timeout 60 use field: HTTP, server, location set Proxy Server forwarding request timeout time, also refers to the time after the two handshakes are completed, if no data is forwarded to the proxy server after this time, nginx closes the connection. Proxy_set_body Syntax: proxy_set_body [ON | off] default value: proxy_set_body off; use field: HTTP, server, location, if available version: 0.3.10. Proxy_set_header Syntax: proxy_set_header header value default value: Host and connection use field: HTTP, server, location this command allows the request header sent to the proxy server to be redefined or added some fields. This value can be a text, variable, or a combination of them. When the specified field is not defined, proxy_set_header inherits from its parent field. By default, only two fields can be redefined: proxy_set_header host $ proxy_host; proxy_set_header connection close; unmodified Request Header "host" can be transmitted as follows: proxy_set_header host $ http_host; however, if this field does not exist in the client's request header, no data forwarding will be performed by the proxy server. In this case, it is best to use the $ host variable. Its value is equal to the "host" field in the request header or the server name: proxy_set_header host $ host. In addition, the proxy port and server name can be passed together: proxy_set_header host $ HOST: $ proxy_port; if it is set to an empty string, the header will not be passed to the backend, for example, the following settings disable backend gzip compression: proxy_set_header accept-encoding ""; proxy_store Syntax: proxy_store [ON | off | path] default value: proxy_store off field: HTTP, server, the location command sets which files will be stored. The parameter "on" ensures that the file is consistent with the directory specified by the alias or root command, and the parameter "off" will disable storage, the variable proxy_store/data/WW can be used in the path name. W $ original_uri; the "Last-modified" field in the Response Header sets the last file modification time. To ensure file security, you can use proxy_temp_path to specify a temporary file directory. This command is used to copy files that are not frequently used locally. This reduces the load on the proxy server. Location/images/{root/data/WWW; error_page 404 =/fetch $ URI;} location/fetch {internal; proxy_pass http: // backend; proxy_store on; proxy_store_access User: RW group: RW all: R; proxy_temp_path/data/temp; alias/data/WWW;} or in this way: Location/images/{root/data/WWW; error_page 404 = @ fetch;} location @ fetch {internal; proxy_pass http: // backend; proxy_store on; proxy_store_access User: RW gr OUP: RW all: R; proxy_temp_path/data/temp; root/data/WWW;} note that proxy_store is not a cache and is more like an image. Proxy_store_access Syntax: proxy_store_access users: permissions [users: permission...] default Value: proxy_store_access User: RW use field: HTTP, server, location specifies the permissions related to file creation and directory, such as: proxy_store_access User: RW group: RW all: R; if the group and all permissions are specified correctly, you do not need to specify the user's permission: proxy_store_access group: RW all: R; proxy_temp_file_write_size Syntax: proxy_temp_file_write_size; default value: proxy_temp_file_write_size ["# proxy buffer size"] * 2; field used: HTTP, S Erver, location, and if set the data size when the proxy_temp_path file is written to prevent a working process from being blocked too long during file transfer. Proxy_temp_path Syntax: proxy_temp_path Dir-path [level1 [level2 [level3]; default value: When configure is enabled, -- http-proxy-temp-path specifies the field used: HTTP, server, location is similar to the client_body_temp_path command in the HTTP core module. It specifies an address to buffer large proxy requests. Proxy_upstream_fail_timeout 0.5.0 is not recommended. Use the fail_timeout parameter of the server command in the HTTP Server Load balancer module. Proxy_upstream_fail_timeout 0.5.0 is not recommended. Use the max_fails parameter of the server command in the HTTP Server Load balancer module. · Variables this module contains some built-in variables that can be used in the proxy_set_header command to create a header. $ Proxy_host indicates the host name and port number of the proxy server. $ Proxy_host indicates the port number of the proxy server. $ Proxy_add_x_forwarded_for contains "X-forwarded-for" in the client request header, which is separated from $ remote_addr by commas. If no "X-forwarded-for" Request Header exists, then $ proxy_add_x_forwarded_for is equal to $ remote_addr. · References