nginx reverse proxy

Concept:

Reverse proxy is an important function of nginx. It will compile a module by default when compiling and installing

The main is proxy_pass this parameter to specify;

The customer needs to find some resources - > the proxy server receives - > and then sends the request to the real server at the back end for processing;

Then feed back the results to the client;

effect:

Forward proxy: the server represents the client's request;
Reverse proxy: it mainly provides the data returned by the server

• It can prevent the internal server from being maliciously attacked (the customer doesn't know which server provides this information at all)
• Provide technical support for load balancing and dynamic static separation;

Syntax:

Syntax: proxy_pass URL;							#proxy_pass + back-end server requiring proxy
Default: —
Context: location, if in location, limit_except   

Proxy server: it can support http or https

url address: it can refer to domain name or IP address, or select port

Syntax example:

proxy_pass  http://192.168.75.130；  # Only ip addresses are represented
proxy_pass  http://192.168.75.130: 8080； Proxy port number
proxy_pass  http://www.liangjiawei.net/url；# Agent specific directory requests

Explanation of reverse proxy experiment

Experiment 1:

plan:

location and proxy_pass has no uri path

Client server: 192.168.75.130

Proxy server: 192.168.75.131

Back end server: 192.168.75.132

Agent configuration:

Modify the configuration file – > do not bring the url;

#The configuration of virtual host and nginx service of 131 are used
[root@node1 nginx]# vim /data/nginx/conf/www.liangjiwei.net.conf 
server {
        listen 80;
        server_name www.liangjiawei.net;
#       location  / {
#               root /data/html/www;
#               index index.html index.htm;
#               }
        location / {
                proxy_pass http://192.168.75.132;
                }
}

	#Here, the configuration file specifies www.liangjiawai.com of 131 server Www. 68mn,
	#If you visit www.liangjiawei.com Net directly accesses the server of 132
	#It means that 131 replaces 132 servers -- > the 132 servers are actually processed
	
#verification
[root@node2-132 nginx]# curl www.liangjiawei.net
 This is your server
[root@node2-132 nginx]# curl www.liangjiawei.net/index.html
 This is your server

Experiment 2:

This is a deformation:

• 131 proxy of proxy server_ Pass there is no uri path;
• However, the location of the proxy server has a uri path
• Note the location of the resource path

#For proxy server, first modify the configuration file -- > or refer to the original virtual host for configuration
[root@node1 ~]# vim /data/nginx/conf/www.liangjiwei.net.conf 
server {
        listen 80;
        server_name www.liangjiawei.net;
        location /haha/  {						#Here we add a path
                proxy_pass http://192.168.75.132;
                }
}

#Reload profile
[root@node1 ~]# nginx -s reload

#Backend server configuration
[root@node2-132 ~]# mkdir /usr/local/nginx/html/haha/
[root@node2-132 ~]# echo "this is the page of 132 haha" > / usr / local / nginx / HTML / haha / index html
	#Modify the configuration file of the back-end server

[root@node2-132 ~]# vim /usr/local/nginx/conf/nginx.conf
	#Add in the blank space under server
        location /haha {
                index index.html index.htm;
                }
..............
	#Reload profile
[root@node2-132 ~]# nginx -s reload


#Verification test
	#If you directly access the domain name -- >, you can get the default page of this machine
[root@node1 ~]# curl www.liangjiawei.net
 This is the default nginx Main page of

#If you visit / haha /?
[root@node1 ~]# curl www.liangjiawei.net/haha/
"This is 132 haha Page of

interpretative statement

• The path with uri configured on the proxy server side is the path of the remote server
• If the access is successful, the back-end resources must have

Experiment 3:

This is also a deformation:

• 131 proxy of proxy server_ Pass sets the uri path here;
• 131 the location in the proxy server is also set with a path;
• So how should the server handle these resources?
• The back-end server also has haha and hehe resources, but if / haha is accessed, it is in the proxy_ The uri is set in pass to directly access the resources of hehe

#Configuration of proxy server
[root@node1 ~]# vim /data/nginx/conf/www.liangjiwei.net.conf 
server {
        listen 80;
        server_name www.liangjiawei.net;
        location /haha/  {
                proxy_pass http://192.168.75.132//hehe/; 		# Add another path on the basis of Experiment 2;
                }

	#Reload profile
[root@node1 ~]# nginx -s reload

	#The back-end server has not set resources, and then directly verify -- > directly report 404; Resource not found
[root@node1 ~]# nginx -s reload
[root@node1 ~]# curl www.liangjiawei.net/haha/
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.17.10</center>
</body>
</html>


#Then we create resources on the back-end server
[root@node2-132 ~]# mkdir /usr/local/nginx/html/hehe
[root@node2-132 ~]# echo "this is the resource view of 132 hehe" > / usr / local / nginx / HTML / hehe / index html
	#Then visit -- > again to find the resource
[root@node1 ~]# curl www.liangjiawei.net/haha/
This is 132 hehe Resource view for

Get the real ip address of the remote client

• On the basis of server configuration, remove the complex url and directly proxy to the home page of 132;
• When we don't configure it, check the log
• After configuration, check the log again to see if there is anything more

#The configuration file of proxy server 131 should be as simple as possible
[root@node1 ~]# vim /data/nginx/conf/www.liangjiwei.net.conf 
server {
        listen 80;
        server_name www.liangjiawei.net;
        location /  {
                proxy_pass http://192.168.75.132; 		# The back-end server is 132,
                }
}
	#Reset profile
[root@node1 ~]# nginx -s reload
	#View verification -- > 130 client is used here to view
[root@node-130 ~]# curl www.liangjiawei.net
 This is your server
	
	#Go to the back-end server to check the log file -- > obviously found that it was accessed by 130, but there was no record
[root@node2-132 ~]# tail -5 /usr/local/nginx/logs/access.log 
192.168.75.131 - - [04/Jul/2021:17:50:33 +0800] "GET /haha/ HTTP/1.0" 200 32 "-" "curl/7.29.0"
192.168.75.131 - - [04/Jul/2021:17:57:48 +0800] "GET //hehe/ HTTP/1.0" 404 154 "-" "curl/7.29.0"
192.168.75.131 - - [04/Jul/2021:17:59:46 +0800] "GET //hehe/ HTTP/1.0" 200 32 "-" "curl/7.29.0"
192.168.75.131 - - [04/Jul/2021:18:01:45 +0800] "GET //hehe/ HTTP/1.0" 200 32 "-" "curl/7.29.0"
192.168.75.131 - - [04/Jul/2021:18:09:48 +0800] "GET / HTTP/1.0" 200 22 "-" "curl/7.29.0"
[root@node2-132 ~]# 


#Here, modify the proxy server configuration file
[root@node1 ~]# vim /data/nginx/conf/www.liangjiwei.net.conf 
server {
        listen 80;
        server_name www.liangjiawei.net;
        location /  {
                proxy_pass http://192.168.75.132;
                proxy_set_header Host $host;			#Requested host information
                proxy_set_header X-Real-IP $remote_addr;    #Real IP            
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	#Forwarding function
                }
}
	#Reload profile
[root@node1 ~]# nginx -s reload


#The back-end server needs to enable the log function
[root@node2-132 ~]# vim /usr/local/nginx/conf/nginx.conf
	#Add a $HTTP to the log function_ x_ real_ IP variable
....
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" "$http_x_real_ip"';

    access_log  logs/access.log  main;
	#Reload profile
[root@node2-132 ~]# nginx -s reload


#Then access and view -- > still use 130 for client access
[root@node-130 ~]# curl www.liangjiawei.net
 This is your server
	#Then look at the logs of the back-end server
[root@node2-132 ~]# tail -5 /usr/local/nginx/logs/access.log 
192.168.75.131 - - [04/Jul/2021:17:57:48 +0800] "GET //hehe/ HTTP/1.0" 404 154 "-" "curl/7.29.0"
192.168.75.131 - - [04/Jul/2021:17:59:46 +0800] "GET //hehe/ HTTP/1.0" 200 32 "-" "curl/7.29.0"
192.168.75.131 - - [04/Jul/2021:18:01:45 +0800] "GET //hehe/ HTTP/1.0" 200 32 "-" "curl/7.29.0"
192.168.75.131 - - [04/Jul/2021:18:09:48 +0800] "GET / HTTP/1.0" 200 22 "-" "curl/7.29.0"
192.168.75.131 - - [04/Jul/2021:18:17:21 +0800] "GET / HTTP/1.0" 200 22 "-" "curl/7.29.0" "192.168.75.130" "192.168.75.130"

Explanation of cache proxy server

Simple understanding:

• The proxy server can also use the caching function. For example, in case of epidemic, many people query the results. If there is little change, but they directly use the cache to give the results, so as to reduce the resource overhead on the application server (back-end server). If multiple customers query the same resource, after the proxy server hits, Resource scheduling will only be performed once for the back-end server;
• The browser also has a cache configuration, and the content of the request target will be placed locally in the browser;

experiment:

The back-end server is 130;

The proxy server is 131;

Backend server configuration:

#Modify profile
[root@node1 nginx]# vim conf/nginx.conf
...............

        proxy_cache_path /data/nginx/cache  max_size=10g levels=1:2 keys_zone=nginx_cache:10m 
inactive=10m use_temp_path=off;
        upstream nginx {
                server 192.168.75.130;
                }
    server {
        listen       80;
        server_name  localhost;
        #Add the content of proxy here
        location / {
            root   html;
            index  index.html index.htm;
                proxy_pass http://192.168.75.130;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_cache nginx_cache;
                proxy_cache_key $host$uri$is_args$args;
                proxy_cache_valid 200 304 302 1d;
        }

#Parameter interpretation:
/data/nginx/cache #Cache resource storage path
levels #Set the recursion level of cache resources,
	Default to levels=1:2，express Nginx Generated for the resource to be cached key Set two levels of saving from the back.
key_zone #Set a storage area in the shared memory to store cached keys and metadata, so that nginx can quickly judge whether a request hits or misses the cache. 1m can store 8000 keys and 10m can store 80000 keys 
max_size #If the maximum cache space is not specified, all disk space s will be used. When the quota is reached, inactive cache files will be deleted 
inactive #The retention time of unreachable files in the cache. In this configuration, if they are not accessed for 60 minutes, the cache control program will delete the files regardless of whether the status is expired or not. inactive defaults to 10 minutes.
It should be noted that, inactive and expired The meanings of configuration items are different, expired Only the cache expires, but it will not be deleted, inactive Delete cache files that have not been accessed within the specified time 
use_temp_path #If off, nginx will write the cache file directly to the specified cache file instead of using temp_path storage. official recommends off to avoid unnecessary copying of files in different file systems 
proxy_cache #Enable proxy cache and specify key_zone.  If proxy_cache off means to close the cache.