Agent module NGX of Nginx_ http_ proxy_ module

Forward proxy

Forward proxy refers to the proxy server (C) between the client (A) and the site server (B). In order to obtain resources from the site server (B), the client (A) sends A request to the proxy server (C) and specifies the site server (B), and then the proxy server (C) transfers the request to the site server (B) and returns the obtained resources to the client (A).

The above-mentioned agent mode is called forward agent. The biggest characteristics of forward agent are:

  • The client is very clear about the server address to be accessed;
  • The server only knows which proxy server the request comes from, but not which specific client;
  • The forward proxy mode masks or hides the real client information.

Reverse proxy

After receiving the request sent by the client to the server, the nginx server distributes it to the back-end business processing server for processing according to certain rules. At this time, the source of the request, that is, the client, is clear, but it is not clear which server handles the request. Nginx plays a reverse proxy role.

Reverse proxy is mainly used in the case of distributed deployment of server clusters. Reverse proxy hides the information of the server.

Proxy difference: the difference is that the proxy objects are different

  • The object of the forward proxy is the client
  • Reverse proxy (common proxy object)

Nginx proxy service support agreement

As a proxy service, Nginx can support many proxy protocols, as shown in the figure below:

If Nginx is used as a reverse proxy service, the following proxy protocols are often used, as shown in the figure below:

Reverse proxy mode and Nginx proxy module:

Reverse proxy modeNginx configuration module

ngx_http_proxy_module module

The proxy function of Nginx based on HTTP protocol is through ngx_http_proxy_module module. By default, NGX is already installed when Nginx is installed_ http_ proxy_ Module module, so you can use NGX directly_ http_ proxy_ Module module.

Related parameters

  1. proxy_pass
proxy_pass URL; 
Forward the request to another server. In the actual reverse proxy work, it will pass location Function matches the specified URI,Then match the received match URI Your request passed proxy_pass Throw to the defined upstream Node pool (back-end service node).
    Available locations: location, if in location, limit_except 
   proxy_pass Forwarding path problem
    First: proxy_pass hinder url plus/,Represents the absolute root path and does not proxy location Path after;
    	Hypothetical use URL: http://localhost/web/test.html.
		location /web/ {
		# Proxy to URL:

    The second: compared with the first, the last one is less / ,Will put location The path proxy after entering	
		location /web/ {
		# Proxy to URL:

		location /web/ {
		# Proxy to URL:

    The fourth: compared with the third, the last one is less /
		location /web/ {
		# Proxy to URL:

location Posterior uri You can use regular, location It can also be used internally if Sentence judgment
  1. proxy_set_header
proxy_set_header field value; 
	field : For the item to be changed, it can also be understood as the name of the variable, such as host;value : Is the value of the variable
    Used to set the received by the proxy server header Information, if not set proxy_set_header,Default host The value of is proxy_pass The following domain name or IP
    Available locations: http, server, location 
	When the back end web When there are multiple virtual hosts in the server, this module is used to distinguish which virtual host (i.e. proxy) the front-end request is sent to the back-end of the reverse proxy server_name The domain name passed to the backend is the proxy domain name server_name (on virtual host)
	proxy_set_header Host $host;
	Used to set the remote client received by the proxy IP,If not set, then header The information will not be transmitted to the remote real client IP Address.
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    At this time, the back-end server record log format needs to be added:"$http_x_real_ip"and"$http_x_forwarded_for"Variable to view the effect in the access log
    # When there is only one level agent, the two are equivalent; If there are multi-level agents, the effect of x-forward-for is greater than that of X-Real-IP. You can record the complete agent link vhg

3. proxy_http_version
	Set proxy HTTP Protocol version. By default, version 1 is used.0. 
	Available locations: http, server, location
	proxy_http_version 1.0 | 1.1;

4. proxy_cache_path; 
    Definitions are available for proxy Caching of functions;
    Available locations: http 
     proxy_cache_path path [levels=levels] [use_temp_path=on|off] keys_zone=name:size[inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];

5. proxy_cache zone | off;   
    default off Indicate the cache of the call, or turn off the cache mechanism;
    Available locations: http, server, location

6. proxy_cache_key string; 
    Content in cache for key default: proxy_cache_key $scheme $proxy_host $request_uri;
    Available locations: http, server, location

7. proxy_cache_valid [code ...] time; 
    Defines the cache duration of the response content for a specific response code 
    Defined in http{...}in 
    Available locations: http, server, location
    proxy_cache_valid200 302 10m; 

Example: in http Configuration definition cache message
    proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g; 
    To call the cache function, it needs to be defined in the corresponding configuration segment, such as server{...};
    proxy_cache proxycache;
    proxy_cache_key $request_uri; 
    proxy_cache_valid 200 302 301 1h; 
    proxy_cache_valid any 1m;

8. proxy_cache_use_stale; 
    proxy_cache_use_staleerror | timeout | invalid_header| updating | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | off ... 
    In which case can the proxy backend server really use the expired cache response client
    Available locations: http, server, location

9. proxy_cache_methods GET | HEAD | POST ...; 
    Cache the response corresponding to which client request methods, GET and HEAD Methods are always cached
    Available locations: http, server, location

10. proxy_hide_header field; 
    default nginx When the response message is not transmitted to the header field of the back-end server Date, Server, X-Pad,  X-Accel-And so on, which is used to hide the specific response header of the back-end server
    Available locations: http, server, location

11. proxy_connect_timeout time; 
    Defines the timeout period for establishing a connection with the back-end server. If the timeout occurs, an error 502 will appear, and the default value is 60 s,Generally, it is not recommended to exceed 75 s,
    Available locations: http, server, location

12. proxy_send_timeout time; 
    The timeout length of sending the request to the back-end server; The default is 60 s
    Available locations: http, server, location

13. proxy_read_timeout time; 
    The timeout length of waiting for the back-end server to send response message, which is 60 by default s
    Available locations: http, server, location

14. proxy_buffering on | off;
	The agent will put the content returned by the back end into the buffer first, and then return it to the client,Receiving and transmitting, Not all are received and then transmitted to the client
	Default: proxy_buffering on;
	Context: http, server, location
15. proxy_buffer_size size;
	set up nginx The size of the buffer in which the agent holds user header information
	Default: proxy_buffer_size 4k|8k;	
	Context: http, server, location

16. proxy_buffers number size; 
	set up proxy_buffers Buffer size
	Default: proxy_buffers 8 4k|8k;		# 8*4=32k 8*8=64k
	Context: http, server, location

Common optimal configuration

The common optimization configurations of Proxy websites are as follows. Write the configuration to a new file and use the include reference when calling (simplified configuration and higher readability)

[root@nginx ~]# vim /etc/nginx/proxy_params
proxy_http_version 1.1;		# Set the HTTP protocol version of the proxy
proxy_set_header Host $http_host;	# The agent carries the host domain name when requesting from the back-end host
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	# Obtain the real IP and full link IP of the client
proxy_connect_timeout 30;	# Proxy connection backend timeout
proxy_send_timeout 60;		# Timeout for back-end data delivery to agent
proxy_read_timeout 60;		# Timeout of the backend response agent
proxy_buffering on;			# The agent will put the content returned by the back end into the buffer first, and then return it to the client, receiving and transmitting at the same time
proxy_buffer_size 32k;		# The size of the buffer in which the agent holds user header information
proxy_buffers 4 128k;		# Sets the buffer size of the agent

# Reuse configuration

Agent configuration location Convenient for subsequent calls Location Reuse

location / {
    proxy_pass http://IP:PORT;
    include proxy_params;    # This file is a relative path. By default, the corresponding file will be found in the / etc/nginx / directory

The limitation of nginx proxy is that one location can only proxy one host at the back end

Keywords: Nginx

Added by garethj on Sun, 02 Jan 2022 21:45:18 +0200