Nginx reverse proxy configuration process

Reverse proxy can be divided into two types from transmission: Synchronous mode (apache-mod_proxy and squid) asynchronous mode (Lighttpd and nginx)

Synchronous transmission:The browser initiates a request, and the request is immediately forwarded to the background, so a channel is established between the browser and the background. This channel always exists when the request is initiated until the request is complete.
Asynchronous transmission:When a browser initiates a request, the request is not immediately forwarded to the background. Instead, the request data (header) is first received on nginx, and then nginx sends the request to the backend, after the backend completes processing, it returns the data to nginx. nginx sends the data stream to the browser, which is a little different from Lighttpd. Lighttpd sends the data to the browser only after the backend data is fully received.

Conclusion: The reverse direction of Apache and squid will increase the burden on the backend web, because each user request will establish a persistent connection with the backend server on the proxy, knowing that the connection will not disappear before the data is obtained. Because the WAN speed is different from the LAN speed, although the speed between the LAN is extremely fast, the user's WAN connection determines this time. The asynchronous mode of Lighttpd and nginx is to collect and contact the backend, regardless of the size of the data you require. This is very fast, therefore, the proxy and the backend connection time will be very short, and dozens of m items will also be within a few seconds. The backend does not need to maintain so many connections. Lighttpd is different from nginx in asynchronous mode. Lighttpd is switched to the customer's browser after receiving the data, while nginx is switched to the user's browser while receiving the data.

Environment:

Two private web servers: 192.168.1.12 static HTML web page IP Address: 192.168.1.13 dynamic PHP Web Page

Private IP address of a proxy server: 192.168.1.11 public IP Address: 202.106.0.1

IP address of a public network customer: 202.106.0.20

Requirements:

1: Internet customers can access the company's homepage www.sw.com through the nginx Proxy Server

2: nginx allows dynamic and static web pages to access different Web servers separately

3: Anti-leech Protection

Steps:

1: Install the nginx source code package on the server and set it to start at startup. Back up the main configuration file.

[[Email protected] ~] # Useradd-m-S/sbin/nologin nginx // Add system user nginx, no home directory or login prohibited

[[Email protected] ~] # Yum-y install GCC gcc-C ++ make PCRC-devel OpenSSL-devel // install the compiling environment development kit

[[Email protected] ~] # Mkdir/nginx // create a storage folder

[[Email protected] nginx-0.8.55] #./configure -- prefix =/nginx \ // convert source code, specify the installation directory

> -- User = nginx -- group = nginx // specify the process owner and group

> -- With-http_stub_status_module -- with-http_ssl_module; // load view status module, SSL module

[[Email protected] nginx-0.8.55] # Make & make install // compile and install

[[Email protected] ~] # Vim/etc/rc. Local // Add to startup script

/nginx/sbin/nginx

[[Email protected] ~] # Cp-P/nginx/CONF/{nginx. conf, nginx. conf. Bak} // back up the master configuration file

2: configure the master configuration file and restart the service.

[[Email protected] ~] # Vim/nginx/CONF/nginx. conf

... 3 worker_processes 1; // number of processes. We recommend that you use the same number of CPU cores... 12 events {13 worker_connections 1024; // maximum number of concurrent connections per process 14 }... 17 HTTP {... 20 upstream web {// define the web address pool group 21 server 192.168.1.12: 80 Weight = 4; // the weight of this server is 4, and the proportion of Access to the poll server is 4: 122 server 192.168.1.13: 80; 23 ip_hash; // allows the same IP address to access the same web server 24 }... 122 server {123 listen 80; 124 SERVER_NAME www.sw.com; 125 location/{128 proxy_pass http: // web; // call the web address pool 129} 130 location ~ *\. PHP $ {// when the access end is Php, proxy to 192.168.1.13131 proxy_pass http: // 192.168.1.13; 132 client_max_body_size 10 m; // maximum number of single file bytes allowed for client requests: 133 client_body_buffer_size: 128 K; // maximum number of bytes cached by the buffer proxy client request, 134 proxy_connect_timeout 90; // nginx and backend server connection timeout (proxy connection timeout) 135 proxy_send_timeout 90; // backend server data return time (proxy sending timeout) 136 proxy_read_timeout 90; // after successful connection, backend server response time (proxy receiving timeout) 137 proxy_buffer_size 4 K; // set the buffer size of the proxy server (nginx) to save user header information 138 proxy_bu Ffers 4 32 K; // proxy_buffers buffer, set 139 proxy_busy_buffers_size 64 K on average for webpages below 32 K; // buffer size under high load (proxy_buffers * 2) 140 proxy_temp_file_write_size 64 K; // If the cache value is greater than this value, the system will transmit 141} 142 location ~ From the upstream server ~ *\. (GIF | PNG | JPG | MP3 | RM | FLV) $ {// anti-Leech, which only allows direct access to 143 valid_referers none blocked .sw.com in this domain; 144 if ($ invalid_referer) {rewrite ^/http: // 192.168.1.11/error.htm;} 145} 146 }... 156}

[[Email protected] ~] #/Nginx/sbin/nginx-S Stop // stop the service

[[Email protected] ~] #/Nginx/sbin/nginx // start the service

 

 

 

 

This article is from the "sleepcat" blog, please be sure to keep this source http://sw5720.blog.51cto.com/8812314/1440079

Nginx reverse proxy configuration process