Forward proxy
Forward proxy refers to the proxy server (C) between the client (A) and the site server (B). In order to obtain resources from the site server (B), the client (A) sends A request to the proxy server (C) and specifies the site server (B), and then the proxy server (C) transfers the request to the site server (B) and returns the obtained resources to the client (A).
The above-mentioned agent mode is called forward agent. The biggest characteristics of forward agent are:
- The client is very clear about the server address to be accessed;
- The server only knows which proxy server the request comes from, but not which specific client;
- The forward proxy mode masks or hides the real client information.
Reverse proxy
After receiving the request sent by the client to the server, the nginx server distributes it to the back-end business processing server for processing according to certain rules. At this time, the source of the request, that is, the client, is clear, but it is not clear which server handles the request. Nginx plays a reverse proxy role.
Reverse proxy is mainly used in the case of distributed deployment of server clusters. Reverse proxy hides the information of the server.
Proxy difference: the difference is that the proxy objects are different
- The object of the forward proxy is the client
- Reverse proxy (common proxy object)
Nginx proxy service support agreement
As a proxy service, Nginx can support many proxy protocols, as shown in the figure below:
If Nginx is used as a reverse proxy service, the following proxy protocols are often used, as shown in the figure below:
Reverse proxy mode and Nginx proxy module:
| Reverse proxy mode | Nginx configuration module |
|---|---|
| http,websocket,https | ngx_http_proxy_module |
| fastcgi | ngx_http_fastcgi_module |
| uwsgi | ngx_http_uwsgi_module |
| grpc | ngx_http_v2_module |
ngx_http_proxy_module module
The proxy function of Nginx based on HTTP protocol is through ngx_http_proxy_module module. By default, NGX is already installed when Nginx is installed_ http_ proxy_ Module module, so you can use NGX directly_ http_ proxy_ Module module.
Related parameters
- proxy_pass
proxy_pass URL;
Forward the request to another server. In the actual reverse proxy work, it will pass location Function matches the specified URI,Then match the received match URI Your request passed proxy_pass Throw to the defined upstream Node pool (back-end service node).
Available locations: location, if in location, limit_except
proxy_pass Forwarding path problem
First: proxy_pass hinder url plus/,Represents the absolute root path and does not proxy location Path after;
Hypothetical use URL: http://localhost/web/test.html.
location /web/ {
proxy_pass http://192.168.1.2:8080/;
}
# Proxy to URL: http://192.168.1.2:8080/test.html
The second: compared with the first, the last one is less / ,Will put location The path proxy after entering
location /web/ {
proxy_pass http://192.168.1.2:8080;
}
# Proxy to URL: http://192.168.1.2:8080/web/test.html
Third:
location /web/ {
proxy_pass http://192.168.1.2:8080/aaa/;
}
# Proxy to URL: http://192.168.1.2:8080/aaa/test.html
The fourth: compared with the third, the last one is less /
location /web/ {
proxy_pass http://192.168.1.2:8080/aaa;
}
# Proxy to URL: http://192.168.1.2:8080/aaatest.html
location Posterior uri You can use regular, location It can also be used internally if Sentence judgment
- proxy_set_header
proxy_set_header field value;
field : For the item to be changed, it can also be understood as the name of the variable, such as host;value : Is the value of the variable
Used to set the received by the proxy server header Information, if not set proxy_set_header,Default host The value of is proxy_pass The following domain name or IP
Available locations: http, server, location
When the back end web When there are multiple virtual hosts in the server, this module is used to distinguish which virtual host (i.e. proxy) the front-end request is sent to the back-end of the reverse proxy server_name The domain name passed to the backend is the proxy domain name server_name (on virtual host)
proxy_set_header Host $host;
Used to set the remote client received by the proxy IP,If not set, then header The information will not be transmitted to the remote real client IP Address.
proxy_set_header X-Real-IP $remote_addr;
and
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
At this time, the back-end server record log format needs to be added:"$http_x_real_ip"and"$http_x_forwarded_for"Variable to view the effect in the access log
# When there is only one level agent, the two are equivalent; If there are multi-level agents, the effect of x-forward-for is greater than that of X-Real-IP. You can record the complete agent link vhg
3. proxy_http_version
Set proxy HTTP Protocol version. By default, version 1 is used.0.
Available locations: http, server, location
proxy_http_version 1.0 | 1.1;
4. proxy_cache_path;
Definitions are available for proxy Caching of functions;
Available locations: http
proxy_cache_path path [levels=levels] [use_temp_path=on|off] keys_zone=name:size[inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];
5. proxy_cache zone | off;
default off Indicate the cache of the call, or turn off the cache mechanism;
Available locations: http, server, location
6. proxy_cache_key string;
Content in cache for key default: proxy_cache_key $scheme $proxy_host $request_uri;
Available locations: http, server, location
7. proxy_cache_valid [code ...] time;
Defines the cache duration of the response content for a specific response code
Defined in http{...}in
Available locations: http, server, location
Example:
proxy_cache_valid200 302 10m;
Example: in http Configuration definition cache message
proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g;
To call the cache function, it needs to be defined in the corresponding configuration segment, such as server{...};
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 1h;
proxy_cache_valid any 1m;
8. proxy_cache_use_stale;
proxy_cache_use_staleerror | timeout | invalid_header| updating | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | off ...
In which case can the proxy backend server really use the expired cache response client
Available locations: http, server, location
9. proxy_cache_methods GET | HEAD | POST ...;
Cache the response corresponding to which client request methods, GET and HEAD Methods are always cached
Available locations: http, server, location
10. proxy_hide_header field;
default nginx When the response message is not transmitted to the header field of the back-end server Date, Server, X-Pad, X-Accel-And so on, which is used to hide the specific response header of the back-end server
Available locations: http, server, location
11. proxy_connect_timeout time;
Defines the timeout period for establishing a connection with the back-end server. If the timeout occurs, an error 502 will appear, and the default value is 60 s,Generally, it is not recommended to exceed 75 s,
Available locations: http, server, location
12. proxy_send_timeout time;
The timeout length of sending the request to the back-end server; The default is 60 s
Available locations: http, server, location
13. proxy_read_timeout time;
The timeout length of waiting for the back-end server to send response message, which is 60 by default s
Available locations: http, server, location
14. proxy_buffering on | off;
The agent will put the content returned by the back end into the buffer first, and then return it to the client,Receiving and transmitting, Not all are received and then transmitted to the client
Default: proxy_buffering on;
Context: http, server, location
15. proxy_buffer_size size;
set up nginx The size of the buffer in which the agent holds user header information
Default: proxy_buffer_size 4k|8k;
Context: http, server, location
16. proxy_buffers number size;
set up proxy_buffers Buffer size
Default: proxy_buffers 8 4k|8k; # 8*4=32k 8*8=64k
Context: http, server, location
Common optimal configuration
The common optimization configurations of Proxy websites are as follows. Write the configuration to a new file and use the include reference when calling (simplified configuration and higher readability)
[root@nginx ~]# vim /etc/nginx/proxy_params
proxy_http_version 1.1; # Set the HTTP protocol version of the proxy
proxy_set_header Host $http_host; # The agent carries the host domain name when requesting from the back-end host
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Obtain the real IP and full link IP of the client
proxy_connect_timeout 30; # Proxy connection backend timeout
proxy_send_timeout 60; # Timeout for back-end data delivery to agent
proxy_read_timeout 60; # Timeout of the backend response agent
proxy_buffering on; # The agent will put the content returned by the back end into the buffer first, and then return it to the client, receiving and transmitting at the same time
proxy_buffer_size 32k; # The size of the buffer in which the agent holds user header information
proxy_buffers 4 128k; # Sets the buffer size of the agent
# Reuse configuration
Agent configuration location Convenient for subsequent calls Location Reuse
location / {
proxy_pass http://IP:PORT;
include proxy_params; # This file is a relative path. By default, the corresponding file will be found in the / etc/nginx / directory
}
The limitation of nginx proxy is that one location can only proxy one host at the back end