Home >Backend Development >PHP Tutorial >CentOS 7 installs Nginx as a reverse proxy
CentOS 7 installs Nginx as a reverse proxy
- WBOYOriginal
- 2016-07-30 13:31:191220browse
Title
You need to use the reverse proxy function of nginx. The test environment is centos+NGINX 1.8.0.
<code>跳过一些繁琐的问题,直接记录核心 </code>
Steps
<code>(1)centos 安装在VM中,因此需要注意网络连接问题 (2)安装nginx使用的是具有网络的yum功能 (3)配置centos防火墙,需要开启80 端口 (4)nginx 反向代理配置 (5)性能优化设置(后续工作...) </code>
implementation
1. Install nginx with yum
First add the nginx source and test using the latest nginx 1.8.0
<code>rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm </code>
Execute the command:
<code>yum install nginx service nginx start </code>
If nothing goes wrong, enter 127.0.0.1:80 in the browser and you will see the nginx welcome interface.
2. Check the configuration of nginx
<code>rpm -ql nginx 此命令可以查看nginx的配置信息 </code>
3. Close the firewall and configure iptables
centos uses firewall to configure ports and networks by default, but most of the online information now uses iptables. In view of the sufficient information, iptalbes is used instead.
Static firewall rules using iptables and ip6tables
If you want to use your own iptables and ip6tables static firewall rules, then please install iptables-services and disable firewalld, enable iptables and ip6tables:
<code>yum install iptables-services systemctl mask firewalld.service systemctl enable iptables.service systemctl enable ip6tables.service </code>
After enabling iptables, you need to set the port and access rules.
<code>(1)编辑 /etc/sysconfig/iptables (2)清空规则 (3)添加需要的规则 </code>
Example:
# Allow established or connected traffic
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
#Allow local loopback interface
-A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
#Allow external access to this machine
-A OUTPUT -j ACCEPT
# Allow access to the SSH port. If the port is modified, you can change the corresponding port number
-A INPUT -p tcp –dport 22 -j ACCEPT
#Allow access to port 80 (HTTP)
-A INPUT -p tcp –dport 80 -j ACCEPT
#Allow access to FTP ports: 21, 20
-A INPUT -p tcp –dport 21 -j ACCEPT
-A INPUT -p tcp –dport 20 -j ACCEPT
#Allow access to port 161 (SNMP):
-A INPUT -p udp –dport 161 -j ACCEPT
Based on the above configuration, websites can be accessed from each other in the LAN.
4. Configure the reverse proxy function of nginx
<code>本次只是使用反向代理功能,因此nginx的负载均衡功能就不涉及。 </code>
The reverse proxy function uses the proxy_pass and sub_filter modules
<code>location / {
proxy_pass 需要代理的IP;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
# 做反向代理时候,出现ip地址直接跳转,没有是使用代理IP ,是因为需要使用sub_filter.
sub_filter 需要代理的IP nginx的本机服务器;
sub_filter_once off;
}
</code>
Summary:
nginx reverse proxy concept is relatively simple and easy to configure. The next step is to proceed Do a stress test to see the actual effect.
[1]http://www.centoscn.com/CentOS/Intermediate/2015/0313/4879.html Using iptables
[2]http://www.centoscn.com/CentOS/2013/0413/ 293.html Configure iptables ports and rules
[3]http://www.nginx.cn/927.html Reverse proxy
[4]http://zhaochen.blog.51cto.com/2029597/379233/
[5]https://github.com/yaoweibin/ngx_http_substitutions_filter_module
[6]http://www.xxorg.com/archives/3608
Copyright statement: This article is an original article by the blogger and has not been authorized by the author. Reprinting is not allowed with the permission of the blogger.
The above introduces the installation of Nginx as a reverse proxy on CentOS 7, including the relevant aspects. I hope it will be helpful to friends who are interested in PHP tutorials.