Install Nginx in CentOS 7 for reverse proxy

Install Nginx in CentOS 7 for reverse proxy
Question

Nginx reverse proxy is required. The test environment is centos + NGINX 1.8.0.

Skip some tedious issues and directly record the core

Procedure

(1) install centos In the VM, so pay attention to network connection issues (2) install nginx using the yum feature with network (3) configure the centos firewall, you need to enable port 80 (4) nginx reverse proxy configuration (5) Performance Optimization settings (subsequent work ...)

Implementation

1. Install nginx in yum
Add the nginx source to test the latest nginx 1.8.0.

rpm -ivh  http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm 

Run the following command:

yum install nginxservice nginx start

If nothing happens, enter 127.0.0.1: 80 in the browser to see the welcome interface of nginx.

2. View nginx Configuration

Rpm-ql nginx this command can view nginx configuration information

3. Disable firewall and configure iptables

Centos uses firewall to configure the port and network by default, but most of the information on the Internet is iptables. For the reason of sufficient information, use iptalbes instead.

Use static firewall rules of iptables and ip6tables
If you want to use your own iptables and ip6tables static firewall rules, install iptables-services and disable firewalld and enable iptables and ip6tables:

yum install iptables-servicessystemctl mask firewalld.servicesystemctl enable iptables.servicesystemctl enable ip6tables.service

After iptables is enabled, you need to set ports and access rules.

(1) edit/etc/sysconfig/iptables (2) clear rule (3) Add the required Rule

Example:

# Allow established or related connections
-A input-m state-state ESTABLISHED, RELATED-j ACCEPT
# Allow local loopback Interfaces
-A input-s 127.0.0.1-d 127.0.0.1-j ACCEPT
# Allow external access from the Local Machine
-A output-j ACCEPT
# Allow access to the SSH port. If the port is modified, you can change the corresponding port number.
-A input-p tcp-dport 22-j ACCEPT
# Allow access to port 80 (HTTP)
-A input-p tcp-dport 80-j ACCEPT
# Allowed access to FTP ports: 21 and 20
-A input-p tcp-dport 21-j ACCEPT
-A input-p tcp-dport 20-j ACCEPT
# Allow access to port 161 (SNMP:
-A input-p udp-dport 161-j ACCEPT

Based on the above configuration, you can access each other's websites in the LAN.

4. Configure the reverse proxy function of nginx

This operation only uses the reverse proxy function. Therefore, the nginx Server Load balancer function is not involved.

The reverse proxy function uses the proxy_pass and sub_filter modules.

Location/{proxy_pass IP address to be Proxy; # Proxy Settings proxy_redirect off; proxy_set_header Host $ host; proxy_set_header X-Real-IP $ remote_addr; proxy_set_header X-Forwarded-For $ limit 0; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4 k; proxy_buffers 4 32 k; Listen 64 k; # When performing reverse proxy, IP address jump occurs directly, no proxy IP is used, because sub_filter.sub_filter is required to use the proxy IP nginx local server; sub_filter_once off ;}

Summary:

The nginx reverse proxy concept is relatively simple and easy to configure. Next, we need to perform a stress test to see the actual results.

[1] http://www.centoscn.com/centos/intermediate/2015/0313/4879.htmluse iptables

[2] http://www.centoscn.com/centos/2013/0413/293.htmlconfigure iptablesports and rules

[3] http://www.nginx.cn/927.htmlreverse proxy

[4] http://zhaochen.blog.51cto.com/2029597/379233/

[5] https://github.com/yaoweibin/ngx_http_substitutions_filter_module

[6] http://www.xxorg.com/archives/3608