Nginx Reverse Proxy

Module used: Ngx_http_proxy_module

Official Document: Http://nginx.org/en/docs/http/ngx_http_proxy_module.html#example

Example:

Location/{proxy_pass///Specify UPSTREM server address to which Web server Proxy_set_header Host $host to send the request message; When the client requests the host name entered in the browser, the hostname is recorded in order to implement the virtual host mapping Proxy_set_header X-real-ip $remote _addr;//Client passes the proxy server when the source IP is encapsulated as the proxy server IP, Use X-real-ip to record her original IP for the log}

Location/uri {

Proxy_pass Http://back_server:port/newuri;

Rewrite

}

1. The/uri here will be mapped to the Newuri directory

2. However, if it is a pattern match, such as ~*/uri, then the URI here will be newuri after the back_server:port/cannot take any path

3. If URL rewriting is used, subsequent newurl will be invalidated, and the rewritten results will be directly appended to the back_server:port/after the response

Example:

Location/{#root html;    #proxy_pass http://192.168.3.139/;        Index index.html index.htm;    }location/forum/{Proxy_pass http://192.168.3.139/bbs/; #proxy_pass http://192.168.3.139/;        #将url的forum映射到根目录而不是补到后面 index index.html index.htm; } #下面的例子中 \. (Jpg|png|gif) is just a pattern and will not do the same as above URL mapping location ~* \.        (jpg|png|gif) $ {proxy_pass http://192.168.3.139; }

Log Client Real IP

Location/{#root html;    Proxy_pass http://192.168.3.139/;    Index index.html index.htm;    Proxy_set_header Host $host;         Proxy_set_header X-real-ip $remote _addr; }

Edit back-end host http.conf

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/74/78/wKioL1YeZYbwS_VoAABvWLpwH9w084.jpg "title=" 3.png " alt= "Wkiol1yezybws_voaabvwlpwh9w084.jpg"/>

View back-end host logs after Access:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/74/7C/wKiom1YeZjbjI9laAADHuxW5Bjo401.jpg "title=" 4.png " alt= "Wkiom1yezjbji9laaadhuxw5bjo401.jpg"/>

Proxy_set_header Host $host;

When multiple virtual hosts are also configured on the back-end Web server, the header is used to differentiate the host name from the reverse proxy. Set in each server module to differentiate each virtual host.

Proxy_set_header x-forwarded-for $remote _addr;

If the program on the back-end Web server needs to obtain the user IP, obtain from the header

Proxy_cache: The cache is based on the key-value store, the storage format is defined by the following, the key is stored in memory and the value is stored on the file system

proxy_cache_path    path    [levels=levels]    [use_temp_path=on|off]    keys_zone=name:size    [inactive=time]    [max_size=size]

Max_size Specify the maximum amount of space to cache

proxy_cache zoneUsed to keys_zone=name:size call this space after the cache memory space name is specified

Proxy_cache_path/data/nginx/cache levels=1:2 keys_zone=one:10m;file names in a cache would look like THIS:/DATA/NGINX/CAC he/c/29/b7f54b2df7773722d382f4809d65029c

Defines the path of the cache directory on the file system, which belongs to the main group of users who are allowed to nginx process.

Level defines the number of levels, which indicates that each level subdirectory can only be named with 1 characters, and 2 indicates that each two-level subdirectory can be named only 2 characters. Keys_zone defines the amount of space that a key stored in memory space occupies and the name of the space

proxy_cache_methods    GET |    HEAD |    POST    ...：

定义仅在客户端使用哪些方法时才缓存，默认是GET和HEAD

Proxy_cache_min_uses 1; Defines how many requests are cached in response to the client, and defaults to 1

proxy_cache_purge string缓存修建，请求哪一个内容就删除哪一个内容，可以实现手动管理缓存


proxy_cache_bypass String: Sets the circumstances under which Nginx will not fetch data from the cache;
Example: $cookie _nocache $arg _nocache $http _authorization----> There is a cookie not cached, there is a significant nocache in the parameter is not cached, there is no cache of HTTP authorization information

Proxy_cache_path/data/nginx/cache keys_zone=cache_zone:10m;map $request _method $purge _method {purge 1; Default 0;}        server {... location/{Proxy_pass http://backend;        Proxy_cache Cache_zone;        Proxy_cache_key $uri;    Proxy_cache_purge $purge _method; }}

proxy_cache_use_stale error |    timeout |    invalid_header |    updating |    http_500 |    http_502 |    http_503 |    http_504 |    http_403 |    http_404 |    off


是否使用过期缓存响应用户请求，后面的参数指定在什么场景中使用过期缓存

proxy_cache_valid [code ...] time;按照响应码定义缓存有效时长

Proxy_cache_valid 302 10m;proxy_cache_valid 404 1m;

To turn on the cache feature:

Edit Nginx.confproxy_cache_path/cache/nginx/levels=1:1 Keys_zone=mycache:32m;chown-r nginx.nginx/cache/    Nginx Call: location/forum/{Proxy_cache mycache;    Proxy_cache_valid 1h;    Proxy_cache_valid 301 302 10m;    Proxy_cache_use_stale error timeout Invalid_header http_500;    Proxy_pass http://192.168.3.139/bbs/;        Index index.html index.htm; }

View cache directory after request, cache content found

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/74/7C/wKiom1YecWGxXGjmAABPgQoIvyU115.jpg "title=" 5.png " alt= "Wkiom1yecwgxxgjmaabpgqoivyu115.jpg"/>

roxy_http_version 1.0 | 1.1，默认1.0,1.1在长连接中使用


Hides the header specified when the proxy responds to the client response message

proxy_read_timeoutUnlike Proxy_connect_timeout, which is the timeout for waiting for a response message, Proxy_connect_timeout is the time-out for the connection request

Ngx_stream_upstream_module

Official Document: Http://nginx.org/en/docs/http/ngx_http_upstream_module.htm

Configure the agent backend for multiple hosts:

nginx.conf file

Upstream Upservers {#ip_hash此处可以指定使用ip_hash负载均衡算法实现同一客户端访问时一直调度在同一服务器上 server 192.168.3.139; #注意地址后面使用weight可以指定调度时权重, you can also use the down parameter as a temporary maintenance seasonal front-end Health Monitor to monitor this host down server 192.168.3.140 max_fails=2 fail_timeout=1    Backup;backup set up a standby server, once a good server on-line, he will expire} location/forum/{Proxy_pass http://upservers/;        Index index.html index.htm; }

Restart Nginx test, find polling scheduled back-end server

Health Monitoring Related:

• fail_timeout=time访问失败后多久后不再调度此服务器


• max_fails=number 最多访问失败两次就不再调度此服务器

Session using IP address bindings using Ip_hash can disrupt load balancing, and a large number of Snat users are identified as the same and sent to the back end of the same server. So we should do cookie-based binding based on the application layer.

To implement session bindings based on Sticky:
Cookie: Carry cookie information as your own identifier
Route: The client carries the route to the backend server as its own identifier
Learn (): Based on client and server interaction information

Least_conn: Scheduling method, least connection, equivalent to the WLC algorithm in the WLC, making scheduling decisions based on the number of request connections hosted by the backend server

KeepAlive 5: The time between the activation of Nginx and the backend upstream server using persistent connection, the general backend is the cache server should be set to a long connection, but after the HTTP server is not recommended to turn on long connections

Health_check parameters: Intermittent back end upstream server sends health probe instructions, can be used to do the application layer simulation request resources for health monitoring, the use of Healthcheck recommended to close the access log, otherwise it will generate a lot of IO

This article is from the "After Tomorrow" blog, please be sure to keep this source http://leeyan.blog.51cto.com/8379003/1702974

Nginx Reverse Proxy