Nginx Implements reverse proxy

I. TEST environment

Os:rhel6

LIB1:192.168.10.100 # #前端代理服务器

lib2:192.168.10.111 # #后端web服务器, Nginx requires additional Http_realip_module module installation

Two. Principle of reverse Proxy

Put a proxy server in front of the Web server, when the client needs to access the Web server, direct access to the proxy server and the proxy server to determine whether to send the package user's request message to the Web server, the reverse proxy is transparent to the outside, the user does not know that he is accessing a proxy server.

Three. Implementing a reverse Proxy

1. Install nginx-1.8.0 on both the Web server and the reverse proxy server to provide Web services (the installation process is not mentioned here)

2. Configure Proxy_pass on the proxy server (192.168.10.110) for reverse proxy functionality

3. #vim/etc/nginx/.nginx.conf Add

Location/forum {

Proxy_pass http://192.168.10.111/test;

}

PS: If you want to use regular expression matching here, Proxy_pass can only refer to one server address. In this case, you need to create a matching directory on the Web server (192.168.10.111), such as a matching forum directory

Location ~*^/forum {

Proxy_pass http://192.168.10.111;

}

4. #mkdir/usr/html/forum

5. #vim/usr/html/forum/index.html # #提供测试页面

6. #service Nginx Restart

7. #访问代理服务器看web服务是否能正常访问

8. Create a Test catalog file on the Web server (192.168.10.111)

#mkdir/usr/html/test

#vim/usr/html/test/index.html

#service nginx Restart

9. Visit 192.168.10.110/forum on the browser to see if the test page is accessed (192.168.10.111) and if so, the experiment is successful ....

10. Check the access log on the 192.168.10.111 and discover that the client IP is the IP of the proxy server, which is not good for late log analysis, how to solve?

The first method:

192.168.10.110 (front-end proxy server)

Location/forum {

Proxy_pass http://192.168.10.111/test;

Proxy_set_header X-real-ip $remote _addr; # # #添加http首部

Proxy_set_header Host $host;

}

192.168.10.111 (Back-end Web server) is added within the server segment

Set_real_ip_from 192.168.10.0/24;

Real_ip_header X-real-ip; # #在编译时需要安装http_realip_module模块

Real_ip_recursive on;

The second method:

192.168.10.110 (front-end proxy server)

Location/forum {

Proxy_pass http://192.168.10.111/test;

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for; # # #添加http首部

Proxy_set_header Host $host;

}

192.168.10.111 (Back-end Web server) is added within the server segment

Set_real_ip_from 192.168.10.0/24;

Real_ip_header x-forwarded-for; # #在编译时需要安装http_realip_module模块

Real_ip_recursive on;

Ps:set_real_ip_from: The IP address or IP segment of a proxy on a real server can write multiple lines.
Real_ip_header: The header from which to retrieve the IP address.
real_ip_recursive: Recursive exclusion IP Address, IP string from right to left to exclude set_real_ip_from inside the IP, if there is no IP segment, then this IP will be considered the IP of the user.

      In general, X-forwarded-for is used to record agent information, each through the first agent (except anonymous proxy), the proxy server will be the source of the request IP appended to the x-forwarded-for,X-real-ip, in general, only logs the client IP that actually makes the request.

One. #tail/var/log/nginx/access.log # # #查看是否显示真实客户端ip

Four. How to use the real client IP in the case of the back-end server using Apache

1.192.168.10.110 (front-end proxy server)

Location/forum {

Proxy_pass http://192.168.10.111/test;

Proxy_set_header X-real-ip $remote _addr; # # #添加http首部

}

2. Modify the/etc/httpd/conf/httpd.conf file on the back-end server

Logformat%h to% (X-REAL-IP) I

Five. How to delegate access to the backend for the entire site

Location /{

Proxy_pass http://192.168.1.113;

Proxy_set_header X-real-ip $remote _addr;

}

This article is from "Luo Chen's blog" blog, please be sure to keep this source http://luochen2015.blog.51cto.com/9772274/1698802

Nginx Implements reverse proxy