1. Reverse proxy and demonstration environment description
1. Reverse proxy
Reverse proxy A proxy server that retrieves resources from one or more servers on behalf of a client. Resend these resources to the client as if they were returned from the web server itself. In contrast to a forward proxy, which is an intermediary through which clients associated with it contact any server, a reverse proxy is an intermediary through which any client contacts its associated server.
For information about forward proxy, please refer to: Configuring Nginx forward proxy based on CentOS 7
2. Several servers in this demonstration
2. General reverse proxy configuration
1. Backend server configuration (Apache)
Backend Apache server host name and IP
# hostname centos7-web.example.com# more /etc/redhat-release CentOS Linux release 7.2.1511 (Core)# ip addr|grep inet|grep global inet 172.24.8.128/24 brd 172.24.8.255 scope global eno16777728# systemctl start httpd.service# echo "This is a httpd test page.">/var/www/html/index.html# curl http://localhost This is a httpd test page.
2. Front-end Nginx reverse proxy server configuration
Front-end Nginx server host name and IP
# hostname centos7-router # more /etc/redhat-release CentOS Linux release 7.2.1511 (Core) # ip addr |grep inet|grep global inet 172.24.8.254/24 brd 172.24.8.255 scope global eno16777728 inet 192.168.1.175/24 brd 192.168.1.255 scope global dynamic eno33554960
Nginx version
# nginx -V nginx version: nginx/1.10.2
Add a new configuration file to be used as a reverse proxy
# vim /etc/nginx/conf.d/reverse_proxy.conf server {
listen 8090;
server_name localhost;
location / {
proxy_pass http://172.24.8.128; ###反向代理核心指令 proxy_buffers 256 4k;
proxy_max_temp_file_size 0;
proxy_connect_timeout 30;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
}
}# systemctl reload nginx# ss -nltp|grep nginx|grep 8090LISTEN 0 128 *:8090 *:* users:(("nginx",pid=78023,fd=8),("nginx",pid=78021,fd=8))# curl http://localhost:8090 ##基于本地测试This is a httpd test page.View Apache server log
# more /var/log/httpd/access_log ##请求IP地址为172.24.8.254,当从其他机器请求时也是172.24.8.254这个IP172.24.8.254 - - [30/Oct/2017:14:02:38 +0800] "GET / HTTP/1.0" 200 27 "-" "curl/7.29.0"
3. Reverse proxy server and backend server log format settings
Add the proxy_set_header directive to the Nginx server and modify it as follows
# grep proxy_set_header -B2 /etc/nginx/conf.d/reverse_proxy.conf location / {
proxy_pass http://172.24.8.128;
proxy_set_header X-Real-IP $remote_addr;
}# systemctl reload nginx.serviceBackend server Apache log format setting
# vim /etc/http/conf/httpd.conf# LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined #注释此行,添加下一行 LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined #关键描述 {X-Real-IP}i# ip addr|grep inet|grep global #从1.132主机访问 inet 192.168.1.244/24 brd 192.168.1.255 scope global eth0# curl http://192.168.1.175:8090 #从1.244主机访问 This is a httpd test page#再次查看apache访问日志,如下,不再是代理服务器IP地址,此时显示为1.244 192.168.1.244 - - [30/Oct/2017:15:49:07 +0800] "GET / HTTP/1.0" 200 27 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu)
libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh3/1.4.2"3. Based on directory matching reverse proxy
After The end server adopts Nginx configuration
# more /etc/redhat-release ##os平台及ip地址 CentOS release 6.7 (Final)# ip addr|grep eth0|grep global inet 192.168.1.132/24 brd 192.168.1.255 scope global eth0# nginx -v ##nginx版本 nginx version: nginx/1.10.2# mkdir -pv /usr/share/nginx/html/images ##创建图片目录 mkdir: created directory `/usr/share/nginx/html/images'
# cp /usr/share/backgrounds/nature/*.jpg /usr/share/nginx/html/images/. ##复制图片文件
# cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bk
# vim /etc/nginx/conf.d/default.conf ##此处直接修改缺省配置文件
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
location /images {
alias /usr/share/nginx/html/images; ##此处配置了别名
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# /etc/init.d/nginx reload
Reloading nginx: [ OK ]Front-end Nginx configuration
# vim /etc/nginx/conf.d/reverse_proxy.conf server { listen 8090; server_name localhost; location / { proxy_pass http://172.24.8.128; proxy_set_header X-Real-IP $remote_addr; } location /images { ##将images目录下的文件代理至192.168.1.132 proxy_pass http://192.168.1.132; proxy_set_header X-Real-IP $remote_addr; } }# systemctl reload nginxVerify the proxy situation and test the jpg file request in the images directory at IP 192.168.1.244
# ip addr|grep inet|grep global inet 192.168.1.244/24 brd 192.168.1.255 scope global eth0# curl -I http://192.168.1.175:8090/images/Garden.jpg HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Tue, 31 Oct 2017 01:48:18 GMT Content-Type: image/jpeg Content-Length: 264831 Connection: keep-alive Last-Modified: Mon, 30 Oct 2017 08:21:28 GMT ETag: "59f6e108-40a7f" Accept-Ranges: bytes
four , Reverse proxy configuration based on specific file types
php server-side configuration (ip 192.168.1.132)
# ss -nltp|grep php LISTEN 0 128 192.168.1.132:9000 *:* users:(("php-fpm",7147,8),("php-fpm",7148,0),("php-fpm",7149,0))# mkdir -pv /data ###存放php代码# echo "/data 192.168.1.0/24(rw)" >/etc/exports# /etc/init.d/rpcbind start# /etc/init.d/nfslock start# /etc/init.d/nfs start # echo "" > /data/index.phpNginx agent-side configuration (ip 192.168.1.175)
# mkdir /data# mount -t nfs 192.168.1.132:/data /data# ls /data index.php# vim /etc/nginx/conf.d/reverse_proxy.conf server { listen 8090; server_name localhost; location / { proxy_pass http://172.24.8.128; proxy_set_header X-Real-IP $remote_addr; } location /images { proxy_pass http://192.168.1.132; proxy_set_header X-Real-IP $remote_addr; } location ~ \.php$ { root /data; fastcgi_pass 192.168.1.132:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; include fastcgi_params; } }# systemctl restart nginxTest the reverse proxy to php
[root@ydq05 ~]# ip addr|grep inet|grep global inet 192.168.1.244/24 brd 192.168.1.255 scope global eth0 [root@ydq05 ~]# curl -I http://192.168.1.175:8090/index.php HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Tue, 31 Oct 2017 03:22:59 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.6.0
5. Configure the reverse proxy to tomcat based on upstream
Nginx The upstream command can also proxy the request to the back-end server. The following example is combined with the upstream command to demonstrate it. Proxy to tomcat
# vim /etc/nginx/conf.d/tomcat.confupstream app {
server localhost:8080;
keepalive 32;
}
server {
listen 80;
server_name localhost;
location / {
proxy_set_header Host $host;
proxy_set_header x-for $remote_addr;
proxy_set_header x-server $host;
proxy_set_header x-agent $http_user_agent;
proxy_pass http://app;
}
}
[root@node132 conf.d]# ss -nltp|grep javaLISTEN 0 1 ::ffff:127.0.0.1:8005 :::* users:(("java",39559,45))
LISTEN 0 100 :::8009 :::* users:(("java",39559,43))
LISTEN 0 100 :::8080 :::* users:(("java",39559,42))
tomcat版本
[root@node132 conf.d]# /usr/local/tomcat/bin/catalina.sh versionUsing CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
....
Server version: Apache Tomcat/7.0.69
Server built: Apr 11 2016 07:57:09 UTC
Server number: 7.0.69.0
OS Name: Linux
OS Version: 2.6.32-573.el6.x86_64
Architecture: amd64
JVM Version: 1.7.0_79-b15
JVM Vendor: Oracle Corporation
验证结果# curl http://localhost
......6. Proxy module instruction description
There are many configuration instructions available for the proxy module. They are used to define many properties of the proxy module when it works, such as connection timeout, proxy When using the http protocol version, etc. The following is a brief explanation of commonly used instructions.
proxy_read_timeout The maximum interval between two read operations received from the receiving upstream server before the connection is disconnected;
As an example below:
proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 30; proxy_send_timeout 15; proxy_read_timeout 15;
The above is the detailed content of How to configure Nginx reverse proxy on CentOS. For more information, please follow other related articles on the PHP Chinese website!
centos用什么命令可查版本号Mar 03, 2022 pm 06:10 PM查版本号的命令:1、“cat /etc/issue”或“cat /etc/redhat-release”,可输出centos版本号;2、“cat /proc/version”、“uname -a”或“uname -r”,可输出内核版本号。
centos重启网卡的方法是什么Feb 22, 2023 pm 04:00 PMcentos重启网卡的方法:1、对于centos6的网卡重启命令是“service network restart”;2、对于centos7的网卡重启命令是“systemctl restart network”。
centos php怎么安装opcacheJan 19, 2023 am 09:50 AMcentos php安装opcache的方法:1、执行“yum list php73* | grep opcache”命令;2、通过“yum install php73-php-opcache.x86_64”安装opcache;3、使用“find / -name opcache.so”查找“opcache.so”的位置并将其移动到php的扩展目录即可。
centos 怎么离线安装 mysqlFeb 15, 2023 am 09:56 AMcentos离线安装mysql的方法:1、将lib中的所有依赖上传到linux中,并用yum命令进行安装;2、解压MySQL并把文件复制到想要安装的目录;3、修改my.cnf配置文件;4、复制启动脚本到资源目录并修改启动脚本;5、将mysqld服务加入到系统服务里面;6、将mysql客户端配置到环境变量中,并使配置生效即可。
centos 7安装不出现界面怎么办Jan 03, 2023 pm 05:33 PMcentos7安装不出现界面的解决办法:1、选择“Install CentOS 7”,按“e”进入启动引导界面;2、 将“inst.stage2=hd:LABEL=CentOS\x207\x20x86_64”改为“linux dd”;3、重新进入“Install CentOS 7”,按“e”将“hd:”后的字符替换成“/dev/sdd4”,然后按“Ctrl+x”执行即可。
centos 怎么删除 phpFeb 24, 2021 am 09:15 AMcentos删除php的方法:1、通过“#rpm -qa|grep php”命令查看全部php软件包;2、通过“rpm -e”命令卸载相应的依赖项;3、重新使用“php -v”命令查看版本信息即可。
centos中ls命令不显示颜色怎么办Apr 20, 2022 pm 03:16 PM方法:1、利用“vim ~/.bashrc”编辑用户目录(~)下的“.bashrc”文件;2、在文件内添加“alias ls="ls --color"”;3、利用“:wq!”命令保存文件内的更改;4、“exit”命令退出终端后重新连接即可。
如何在 CentOS 9 Stream 上安装 NagiosMay 10, 2023 pm 07:58 PM我们的PC中有一个磁盘驱动器专门用于所有与Windows操作系统相关的安装。该驱动器通常是C驱动器。如果您还在PC的C盘上安装了最新的Windows11操作系统,那么所有系统更新(很可能是您安装的所有软件)都会将其所有文件存储在C盘中。因此,保持此驱动器没有垃圾文件并在C驱动器中拥有足够的存储空间变得非常重要,因为该驱动器拥有的空间越多,您的Windows11操作系统运行起来就越顺畅。但是您可以在磁盘驱动器上增加多少空间以及可以删除多少文件是有限制的。在这种情况下,
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
WebStorm Mac version
Useful JavaScript development tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
