Nginx (three)------Nginx Reverse Proxy

The reverse proxy service of Nginx server is one of the most important functions, and the reverse proxy service can derive many important functions of Nginx server, such as the load balance described later. This blog we will first introduce the Nginx reverse proxy, of course, before we understand the reverse proxy, we need to know what is the agent and what is the forward proxy.

1. Agent

In Java design mode, the proxy pattern is defined by providing a proxy object to an object and controlling the reference to the original object by the proxy object.

Perhaps people do not understand this sentence, in a real life example: we want to buy a second-hand housing, although we can find the property, but it is too much time and energy, and housing quality testing and housing transfer and other procedures have to be done, and now this society, and so we find listings, Maybe the house has already gone up, so what can I do? The simplest and quickest way is to find a secondary housing intermediary company (why?) Others there more housing, so we commissioned intermediary companies to find the right house for me, as well as follow-up quality inspection transfer and other operations, we just have to choose the house we want, then pay the money on the line.

The agency simply means that if we want to do something, but don't want to do it directly, then find someone else to do it for us. Then this example inside the intermediary company is to do agent service for us, we entrust intermediary companies to help us find a house.

Nginx is mainly able to proxy the following protocols, the most used is to do HTTP proxy server.

　　

2, the forward agent

Figure out what is an agent, then what is the forward proxy?

Here I would like to cite another example: we all know that the country is not access to Google, then how to access Google? We also think that the Americans are not able to visit Google (this is no nonsense, Google is the United States), if our computer's external public IP address can become the United States IP address, it will not be able to access Google. You're smart, that's how VPNs are generated. When we visited Google, we first connected the VPN server to the IP address of the United States, and then we can have a smooth access.

The VPN here is to do the forward proxy. The forward proxy server is located between the client and the server, in order to obtain data to the server, the client sends a request to the proxy server and specifies the target server, which the proxy server forwards the data returned by the destination server to the client. Here the client is going to make some forward proxy settings.

PS: Here is what is Vpn,vpn popular speaking is a kind of relay services, when our computer access VPN, our external IP address will become the VPN server public IP, we request or accept any data will pass through this VPN server and then passed to our native. What good does it do? For example, the principle of the acceleration of the VPN game, we want to play the network of LOL, but the machine is connected to the telecommunications broadband, play Netcom area will compare cards, this time on the use of VPN network to become Netcom network, and then play the net in the area of the LOL will not card (note: VPN can not increase the bandwidth, Do not think that the card is due to the speed of the upgrade).

Probably heard here everyone is still very abstract, it's okay, and the following reverse proxy comparison understanding is simple.

3. Reverse Proxy

The difference between a reverse proxy and a forward proxy is that the forward proxy Proxy Client, the reverse proxy proxy server.

　　Reverse proxy, in fact, the client is not aware of the agent, because the client does not need any configuration to access, we only need to send the request to the reverse proxy server, by the reverse proxy server to select the target server to obtain the data, when the reverse proxy server and the target server is a server outside , exposing the proxy server address, hiding the real server IP address.

Let's compare the forward proxy and direction proxy by two graphs:

　　

　　

The key to understanding the two agents is what the proxy server is acting on, and the agent is the client, and we need to make some proxy settings on the client. And the reverse proxy proxy is the server, as the client we are unable to perceive the real existence of the server.

summed up or a sentence: forward proxy Proxy client, reverse proxy proxy server.

4, Nginx reverse proxy

Example: Using Nginx reverse proxy www.123.com jump directly to 127.0.0.1:8080

①, start a Tomcat, the browser address bar input 127.0.0.1:8080, the following interface appears

　　

②, Map www.123.com to 127.0.0.1 by modifying the local host file

127.0. 0.1 www. 123. com

Add the above code to the Windows host file in the file location:

Once the configuration is complete, we can access the Tomcat initial interface to the first step through www.123.com:8080.

So how do you just need to enter www.123.com to jump to the Tomcat initial interface? To use the Nginx reverse proxy.

③, add the following configuration in the nginx.conf configuration file:

1     Server {2         listen       ; 3         server_name  www.123. com; 4 5         Location/ {6             proxy_pass http://127.0.0.1:8080; 7             index  index.html index.htm index.jsp; 8         }9     }

As configured above, we listen to 80 ports, access the domain name is www.123.com, no port number when the default is 80 port, so access to the domain name will jump to the 127.0.0.1:8080 path.

We enter the www.123.com results on the browser side as follows:

　　

④, summary

In fact, it is more appropriate to say that through the Nginx proxy port, the original access is 8080 port, through the Nginx proxy, through the 80 port can be accessed.

5, Nginx reverse proxy related instructions introduced ①, listen

This directive is used to configure network snooping. There are three main configuration syntax structures:

First, configure the listening IP address

Listen address[:p ort] [default_server] [setfib=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [deferred]    [Accept_filter=filter] [Bind] [SSL];

Second, configure the monitoring port

Listen Port[default_server] [setfib=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [     deferred] [bind] [ipv6only=on|off] [SSL];

Third, configure UNIX Domain Socket

Listen Unix:path [Default_server]  [Backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter]     [ Deferred] [bind] [SSL];

The above configuration seems more complex, in fact, it is relatively simple to use:

1 Listen *:80 | *:8080 #监听所有80端口和8080端口 2listen  ip_address:port   #监听指定的地址和端口号 3  Listen  ip_address     #监听指定ip地址所有端口 4 Listen port     #监听该端口的所有IP连接

The specific meanings of each option are explained below:

1, Address:ip address, if it is IPV6 address, need to use brackets [] enclosed, such as [fe80::1] and so on.

2, Port: Port number, if only the IP address is defined, no port number is defined, then use 80 port.

3, Path:socket file path, such as Var/run/nginx.sock.

4, Default_server: identifier, set this virtual host as the default host for Address:port. (the default directive was used prior to nginx-0.8.21)

5, setfib=number:nginx-0.8.44 Use this variable to monitor the Socket association routing table, currently only for the FreeBSD function, not commonly used.

6, Backlog=number: Set the Listener function listen () The maximum number of network connections allowed to be in the suspended state, in FreeBSD default is-1, the other platform defaults to 511.

7, Rcvbuf=size: Set the monitor socket receiver buffer size.

8, Sndbuf=size: Set the monitor socket send buffer size.

9. Deferred: identifier, set accept () to deferred mode.

10, Accept_filter=filter: Set the listening port to filter all requests, the filtered content can not be received and processed, this instruction is only available under the FreeBSD and NetBSD 5.0+ platform. The filter can be set to Dataready or Httpready.

11, bind: identifier, using a separate bind () processing this address:port, in general, for the same port and different IP address of multiple connections, the Nginx server will use only one listening instruction, and bind () to handle all the same port connection.

12. SSL: identifier, set session connection using SSL mode, this identifier is related to the HTTPS service provided by the Nginx server.

②, server_name

This instruction is used for the configuration of the virtual host. Usually divided into the following two kinds:

　　1. Name-based virtual host configuration

The syntax format is as follows:

server_name   name ...;

For name, you can have only one name, or multiple names, separated by spaces. Each name consists of two or three paragraphs, each with a "." Separated.

server_name 123.com www.123.com

The wildcard character "*" can be used, but the wildcard character can only be used in the first or the end of a three-paragraph character, or at the end of a character consisting of two ends.

server_name *.123.com www.123.*

Third, you can also use regular expressions, "~" as the start tag of the regular expression string.

server_name ~^www\d+\.123\.com$;

The expression "~" means a matching regular expression, starting with www ("^"), followed by a number between 0~9, followed by ". 123.co", followed by "M" ($ = end)

The order of precedence for the above matches is as follows:

1 ①, exact match server_name 2 ②, wildcards match server_name success at start 3 ③, wildcard matches server_name success at end 4 ④, regular expression matching server_name success

　　2. Virtual host configuration based on IP address

The syntax structure is the same as the domain name matching, and there is no need to consider the problem of wildcard wildcards regular expressions.

server_name 192.168.1.1

③, location

This directive is used to match URLs.

The syntax is as follows:

1 Location [= | ~ | ~* | ^~] URI {23 }

1, =: Before the URI without the regular expression, the request string is required to match the URI Strictly, and if the match succeeds, stop searching down and immediately process the request.

2, ~: Used to indicate that the URI contains a regular expression and is case-sensitive.

3. ~*: Used to indicate that the URI contains a regular expression and is not case-sensitive.

4, ^~: Before the URI without the regular expression, requires the Nginx server to find the identity URI and request string matching the highest location, immediately use this location to process the request, instead of using the location block of the regular URI and the request string to match.

Note: If the URI contains a regular expression, you must have a ~ or ~* identifier.

④, Proxy_pass

This instruction is used to set the address of the proxy server. This can be in the form of a host name, an IP address, and a port number.

The syntax structure is as follows:

Proxy_pass URL;

The URL is the address of the proxy server and can contain the transport protocol, host name or IP address plus port number, URI, and so on.

Proxy_pass  http://Www.123.com/uri;

⑤, Index

This directive is used to set the default home page for a Web site.

The syntax is:

Index  filename ...;

The following file names can be multiple, separated by a space in the middle.

Index  index.html index.jsp;

Usually the directive has two functions: the first is when the user requests access to the site, the request address can not write the first page name, the second is to a request, according to the content of the request to set a different home page.

Reference Document: Miaoze Teacher's "Nginx High Performance Web server detailed"