Scene
because the company intranet has more than one server HTTP service to map to the company's external network static IP, if the port map with the route to do, you can only one intranet server 80-port map to the extranet 80 ports, the other server 80 ports can only map to the outside of the network of 80 ports. Non-80-port mapping in the access time to the domain name plus port, more trouble. And the company portal route can only do 20 port mappings. Definitely not enough later.
Then brother K on the proposal can be built in the intranet Nginx reverse proxy server, will nginx reverse proxy Server 80 map to the extranet IP 80, so that point to the corporate extranet IP domain name of the HTTP request will be sent to the Nginx reverse proxy server, Use the Nginx reverse proxy to forward different domain name requests to the intranet different machine's port, has played the "according to the domain name automatically forwards to the corresponding server specific port" the effect, and the router's port mapping does just "according to the different port automatic forwarding to the corresponding server specific port", really likes big Pu rush.
Related knowledge: Nginx compiler installation, Nginx reverse proxy basic configuration, routing port mapping knowledge, as well as network domain name and other common sense.
The objective of this experiment is to do: in the browser input xxx123.tk can access to the intranet machine 192.168.10.38 3000 port, input xxx456.tk can access to the intranet machine 192.168.10.40 80 port.
Configuration steps
server Ubuntu 12.04
# # #更新仓库
apt-get update-y
apt-get install wget-y
#下载nginx和相关软件包
The pcre is intended to compile the rewrite module, zlib to support the gzip feature. Well, the Nginx version here is a bit old, because I have to do an upgrade Nginx experiment. We can install the new version.
CD/USR/LOCAL/SRC
wget <a href= "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.33.tar.gz" >ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.33.tar.gz</a>
wget <a href= "http:/ /zlib.net/zlib-1.2.8.tar.gz ">http://zlib.net/zlib-1.2.8.tar.gz</a>
wget <a href=" http:// nginx.org/download/nginx-1.4.2.tar.gz ">http://nginx.org/download/nginx-1.4.2.tar.gz</a>
tar XF pcre-8.33.tar.gz
Tar xf zlib-1.2.8.tar.gz
#安装编译环境
apt-get install build-essential libtool-y
# Create Nginx User
The so-called unprivileged user
useradd-s/bin/false-r-m-d/nonexistent www #开始编译安装/configure--with-pcre=/usr/loc al/src/pcre-8.33--with-zlib=/usr/local/src/zlib-1.2.8--user=www--group=www \--with-http_stub_status_module-- With-http_ssl_module--with-http_realip_module make make install #给文件夹授权 chown-r www:www/usr/local/nginx #修改配置文件 vim nginx.conf
User www www.
Worker_processes 1;
Error_log Logs/error.log;
PID Logs/nginx.pid;
Worker_rlimit_nofile 65535;
events {use Epoll;
Worker_connections 65535;
} http {include mime.types;
Default_type Application/octet-stream;
include/usr/local/nginx/conf/reverse-proxy.conf;
Sendfile on;
Keepalive_timeout 65;
gzip on; Client_max_body_size 50m;
#缓冲区代理缓冲用户端请求的最大字节数, can be understood as saving to the local and then passed to the user client_body_buffer_size 256k;
Client_header_timeout 3m;
Client_body_timeout 3m;
Send_timeout 3m; Proxy_connect_timeout 300s; #nginx跟后端服务器连接超时时间 (Agent connection timeout) Proxy_read_timeout 300s;
#连接成功后, back-end server response time (proxy receive timeout) Proxy_send_timeout 300s; Proxy_buffer_size 64k; #设置代理服务器 (Nginx) to save the buffer size of user header information Proxy_buffers 4 32k; #proxy_buffers缓冲区, the average page below 32k, so set proxy_busy_buffers_size 64k; #高负荷下缓冲大小 (proxy_buffers*2) proxy_temp_file_write_size 64k; #设定缓存文件夹大小, greater than this value, the request will be passed from the upstream server without buffering to disk proxy_ignore_client_abort on;
#不允许代理端主动关闭连接 server {Listen 80;
server_name localhost; Location/{root HTML;
Index index.html index.htm;
} error_page 502 503 504/50x.html;
Location =/50x.html {root html;
}
}
}
To edit a reverse proxy server configuration file:
Vim/usr/local/nginx/conf/reverse-proxy.conf
Server
{
listen;
server_name xxx123.tk;
Location/{
proxy_redirect off;
Proxy_set_header Host $host;
Proxy_set_header x-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_pass http://192.168.10.38:3000;
}
Access_log logs/xxx123.tk_access.log;
}
Server
{
listen;
server_name xxx456.tk;
Location/{
proxy_redirect off;
Proxy_set_header Host $host;
Proxy_set_header x-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_pass http://192.168.10.40:80;
}
Access_log logs/xxx456.tk_access.log;
}
Then reload the Nginx configuration file, make it effective, and then the xxx123.tk domain name point to the company static IP, so that the success of the browser into the xxx123.tk when the access to the intranet server 192.168.10.38 3000 port, Enter the function of the xxx456.tk access 192.168.10.40 80 port.
If you want to load balance the back-end machine, like the following configuration can be distributed to the nagios.xxx123.tk request to the Intranet 131 and 132 of the two machines do load balancing.
Upstream Monitor_server {
server 192.168.0.131:80;
Server 192.168.0.132:80;
}
Server
{
listen;
server_name nagios.xxx123.tk;
Location/{
proxy_redirect off;
Proxy_set_header Host $host;
Proxy_set_header x-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_pass http://monitor_server;
}
Access_log logs/nagios.xxx123.tk_access.log;
}
Well, on load balancing and caching is not much to say, here just to play a simple "domain name forwarding" function.
In addition, since HTTP requests are eventually passed to the back-end machine by the reverse proxy server, the backend machine accesses the IP of the reverse proxy server for the original access log records.
To be able to record real IP, you need to modify the log format of the back-end machine, which assumes that the backend is also a nginx:
Add this section to the back-end configuration file:
Log_format access ' $HTTP _x_real_ip-$remote _user [$time _local] ' $request '
$status $body _bytes_sent ' $http _ Referer "
" $http _user_agent "$HTTP _x_forwarded_for";
Access_log Logs/access.log access;
Look at what the original log format looks like:
#log_format Main ' $remote _addr-$remote _user [$time _local] "$request" '
# ' $status $body _bytes_sent "$http _referer" '
# ', ' $http _user_agent ', ' $http _x_forwarded_for ';
#access_log Logs/access.log Main;
See the difference?
Problems encountered
Not previously configured below this section, visit occasionally appear 504 Gateway timeout, due to occasional, so not too good to troubleshoot
Proxy_connect_timeout 300s;
Proxy_read_timeout 300s;
Proxy_send_timeout 300s;
Proxy_buffer_size 64k;
Proxy_buffers 4 32k;
Proxy_busy_buffers_size 64k;
Proxy_temp_file_write_size 64k;
Proxy_ignore_client_abort on;
Error log:
... upstream timed out (110:connection timed out) while reading response headers from upstream, client: ... (omitted from the following)
From the log seems to be a connection timeout, after a random search on the internet may be the backend server response Timeout, the spirit of bold assumptions, careful proof of the principle, since the assumption of the wrong reasons to do the experiment reproduce error: Then adjust the proxy timeout parameters, In turn, the proxy timeout threshold is set to small (for example, 1ms) to see whether the second occurrence of 504. Later found that the proxy_read_timeout this parameter set to 1ms, each visit appears 504. Then the parameter is adjusted to join the above configuration to solve the problem.
PS: About Domain name forwarding
The so-called domain name URL forwarding, is through the server's special settings, will access your current domain name of the user to boot to another network address you specify. Address steering (also referred to as "URL forwarding") is about to point a domain name to another existing site, in English called "url forwarding". The domain name points to possibly this site original domain name or the website is more complex difficult to remember.
has registered a successful domain name, if the beginning or cancellation URL forwarding settings, generally within 24-48 hours of entry into force. For a previously set URL forwarding domain name, if the URL forwarding to modify the destination address, it takes only 1-2 hours to take effect.
Do not hide path URL forwarding: For example: http://b.com/point to http://a.com/xxx/(any directory), when typing http://b.com/in the browser address bar, enter the address bar of IE browser will be displayed by the original you typed http:/ /b.com/automatically becomes the display of the real target address http://a.com/xxx/;
URL forwarding for hidden paths: For example: First, the address bar of IE browser is displayed in the same address, remains http://b.com/, but the actual access to the content of http://a.com/xxx/.