nginx1.8.1 proxy 服务器192.168.8.40

web1 centos6.5 httpd2.2.15

web2 centos7.2 httpd2.4.6

1、代理功能的简单实现

nginx代理服务器：192.168.8.40

web服务器：192.168.8.101

8.40添加代理：

location /forum/ {

proxy_pass http://192.168.8.101/bbs/;

}

在被代理的web端

创建目录mkdir /web/htdocs/bbs

vim /web/htdocs/bbs/index.html

加入<h1>192.168.8.101 bbs</h1>

访问 http://192.168.8.40/forum/即可出现8.101的内容

改成正则表达式的方式：

location ~* ^/forum {

proxy_pass http://192.168.8.101;

}

此时http://192.168.8.40/forum/的方式不能访问，需要通过修改192.168.8.101的bbs目录改为forum即可访问

# mv bbs forum

2、代理上显示客户端真实IP(方便统计真实的IP访问情况)

8.101上更改显示日志的方式：

# vim /etc/httpd/conf/httpd.conf

LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

nginx服务器端8.40配置：

location ~* ^/forum {

proxy_pass http://192.168.8.101;

proxy_set_header X-Real-IP $remote_addr;

}

3.实现简单的负载均衡：

nginx proxy server:192.168.8.40

apache web1:192.168.8.39

apache web2:192.168.8.101

nginx proxy server:192.168.8.40配置：

# 定义web服务器集群：

upstream webservers {

server 192.168.8.39 weight=1;

server 192.168.8.101 weight=1;

}

server {

#location / {

# root /web/htdocs;

# index index.php index.html index.htm;

#}

#定义访问集群

location / {

proxy_pass http://webservers/;

proxy_set_header X-Real-IP $remote_addr;

}

}

通过访问http://192.168.8.40可以看到负载的效果

4、对负载均衡的服务器宕机情况进行适配

#添加错误的定义

server {

listen 8080;

server_name localhost;

root /web/errorpages;

index index.html;

}

# 创建错误页面定义

# mkdir /web/errorpages/ -pv

# vim index.html

加入

sorry,website is being repaired please wait

# 添加超时定义及错误页面定义，如果连续访问错误两次则踢掉，检测时间间隔2秒

upstream webservers {

server 192.168.8.39 weight=1 max_fails=2 fail_timeout=2;

server 192.168.8.101 weight=1 max_fails=2 fail_timeout=2;

server 127.0.0.1:8080 weight=1 backup;

}

测试，关闭web1则，只能访问到web2，关闭web2后出现错误提示

5、为反向代理启用缓存功能

proxy_cache_path /nginx/cache/first levels=1:2 keys_zone=first:20m max_size=1g;

server {

listen 80;

server_name localhost;

index index.html index.php;

add_header X-Via $server_addr;

add_header X-Cache "$upstream_cache_status from $server_addr";

location / {

proxy_pass http://webservers/;

proxy_set_header X-Real-IP $remote_addr;

proxy_cache first;

proxy_cache_valid 200 10m;

}

# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: [emerg] mkdir() "/nginx/cache/first" failed (2: No such file or directory)

nginx: configuration file /etc/nginx/nginx.conf test failed

[root@centossz008 ~]# mkdir -pv /nginx/cache/first

mkdir: created directory `/nginx'

mkdir: created directory `/nginx/cache'

mkdir: created directory `/nginx/cache/first'

add_header X-Via $server_addr;

add_header X-Cache "$upstream_cache_status from $server_addr";

提示信息如下：

6、重定向规则

location / {

#root html;

root /web/htdocs;

index index.html index.htm;

rewrite ^/bbs/(.*)$ http://192.168.8.101/forum/$1;

}

访问：http://192.168.8.40/bbs/

7、上传文件的负载均衡

可能碰到这样的业务场景，几台web app设置了主从，一个服务器负责上传，其他只能通过同步来获取

nginx配置：

location / {

proxy_pass http://192.168.8.40/;

if ($request_method = "PUT"){

proxy_pass http://192.168.8.101;

}

}

客户端配置：

# vim /etc/httpd/conf/httpd.conf

在<Directory "/web/htdocs">下面添加Dav on

<Directory "/web/htdocs">

Dav on

# curl -T /etc/fstab http://192.168.8.40

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>201 Created</title>

</head><body>

<h1>Created</h1>

<p>Resource /fstab has been created.</p>

</body></html>

在8.101上可以看到上传的文件

htdocs]# ls

forum fstab index.html

8、通过nginx统计某推广链接重写url

需求：

通过nginx统计某推广链接(如：)的访问次数，即访问自动跳转到页面

如该服务器为1.1.1.1，带宽要足够大(要根据实际访问量来定)

步骤

①添加1.1.1.1的dns域名解析 --> 1.1.1.1

②添加相关的配置

vim /etc/nginx/conf.d/tuiguang.conf

server {

server_name ;

rewrite_log on; # 打开重写的日志

error_log /data/logs/app_h5.log notice;

access_log /data/logs/app_error_h5.log;

location /h5/flow{

alias /data/h5;

index index.html;

proxy_set_header Host $host;

proxy_set_header X-Real-Ip $remote_addr;

proxy_set_header X-Forwarded-For $remote_addr;

rewrite ^(.*) break;

}

}

9.修改http头Content-Type为application/octet-stream

upstream lvs_server{server 10.27.13.215:8555; #hd_lvs_voice01server 10.26.114.166:8555; #hd_lvs_voice02server 10.27.62.9:8555;#hd_lvs_voice03server 10.30.196.175:8555; #hd_lvs_voice04server 10.30.196.157:8555; #hd_lvs_voice05}server {listen 8555; location / {proxy_pass http://lvs_server; }location /index {proxy_set_header Host $http_host;proxy_set_header X-Real-Ip $remote_addr;proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Content-Type application/octet-stream;proxy_pass http://lvs_server; }#end index}

日志中添加响应时间，请求时间的日志格式

log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for" "$http_host" "$upstream_response_time" "$request_time"';

nginx获取不到客户端真实IP地址

upstream dxflowservers {ip_hash;server u04flow01.yaya.corp:8091 weight=1 max_fails=2 fail_timeout=3;server u04rec02.yaya.corp:8091 weight=1 max_fails=2 fail_timeout=3;}server { server_name 106.75.19.93;server_name ;location /{root /data/chinasoft/dx_traffic/liuliang_http/liuliangsdk/;index index.html;try_files $uri $uri/ /index.html;}location /dingxiangsdk/{proxy_set_header Host $host;proxy_set_header X-Real-Ip $remote_addr;# 经过ulb(lvs)以后无法获取客户端的真实IP地址,去掉下面这行即可#proxy_set_header X-Forwarded-For $remote_addr;proxy_pass http://dxflowservers/; } location /ngx_status {stub_status on;access_log off;allow 127.0.0.1;#deny all;}}

简单测试反向代理upstream的健康检查功能

nginx --> apache(两台)

nginx : 192.168.3.200 (nginx 1.12.2)

apache01: 192.168.3.12

apache02:192.168.3.13

nginx的配置

upstream lvs_server{server 192.168.3.12:8555 weight=2 max_fails=5 fail_timeout=6;server 192.168.3.13:8555 weight=2 max_fails=5 fail_timeout=6;}server {listen 8555;server_name 192.168.3.200;access_log /var/log/nginx/voice_lvs.access.log main;error_log /var/log/nginx/voice_lvs.error.log;location / {proxy_pass http://lvs_server/; }location /index {proxy_set_header Host $http_host;proxy_set_header X-Real-Ip $remote_addr;proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Content-Type application/octet-stream;proxy_pass http://lvs_server; }location /ngx_status {stub_status on;access_log off;allow 127.0.0.1;}}

[root@centossz008 ~]# cat /var/www/html/index.html

<h1>192.168.3.12</h1>

server01

[root@node5 ~]# cat /var/www/html/index.html

<h1>192.168.3.13</h1>

server02

经过测试，当不配置以下参数，如果关掉其中一台apache，请求会全部到另外一台中，所以upstream默认就会检查后端服务器，如果配置就按照你的配置

不配置就按照默认配置

weight=2 max_fails=5 fail_timeout=6;

[root@localhost /etc/nginx/conf.d]# for i in {1..20}; do curl http://192.168.3.200:8555/index.html;done

重定向示例

# cat /usr/local/nginx/conf/vhost.d/.conf map $http_origin $corsHost { default "none" ; "~" ;"~https://chinasoft-com." https://chinasoft-com. ;"~." . ;"~" ;"~" ;"~" ;"~" ;"~https://my.chinasoft.jp" https://my.chinasoft.jp ;}server {listen 80;server_name ori-;access_log/data/www/logs/nginx_log/access/_access.log main ;error_log /data/www/logs/nginx_log/error/_error.log ;root /data/www/vhosts//httpdocs ;index index.html index.shtml index.php ;include rewrite.d/.conf ;error_page 404 403 /404.html; rewrite ^/(.*)$ /$1 permanent; #跳转到Httpslocation ~ \.php$ {fastcgi_pass unix:/tmp/php-cgi.sock;fastcgi_index index.php;#fastcgi_param SCRIPT_FILENAME ;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;expires -1;}location / {include proxy_params;if (!-d $request_filename){set $flag 1$flag;}if (!-f $request_filename){set $flag 2$flag;}if ($flag = "21"){rewrite ^(.*)$ /index.php last;expires -1; }}}server {listen 443;ssl on;ssl_certificate cert/chinasoft_com.crt;ssl_certificate_keycert/chinasoft_com.key;ssl_dhparamcert/dh_2048.pem;ssl_session_timeout5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";ssl_prefer_server_ciphers on;# add_header Strict-Transport-Security max-age=15768000;#ssl_stapling on;#ssl_stapling_verify on;server_name ori- ;access_log/data/www/logs/nginx_log/access/_access.log main ;error_log /data/www/logs/nginx_log/error/_error.log ;root /data/www/vhosts//httpdocs ;index index.html index.shtml index.php ;include rewrite.d/.conf ;error_page 404 403 /404.html;#add_header 'Access-Control-Allow-Origin' '*';add_header Access-Control-Allow-Origin $corsHost;add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';location ~ \.php$ {try_files $uri =404;fastcgi_pass unix:/tmp/php-cgi.sock;fastcgi_index index.php;#fastcgi_param SCRIPT_FILENAME ;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;expires -1;}location / {include proxy_params;if (!-d $request_filename){set $flag 1$flag;}if (!-f $request_filename){set $flag 2$flag;}if ($flag = "21"){rewrite ^(.*)$ /index.php last ;expires -1;}}}*****************if ($request_uri ~ ^/snapchat/snapchat-password-cracker.html) { rewrite ^ /snapchat/snapchat-password-cracker.html permanent; }if ($request_uri ~ ^/spy/index.html) { rewrite ^ /topic/index.html permanent; }if ($request_uri ~ ^/telegram/index.html) { rewrite ^ /topic/index.html permanent; }if ($request_uri ~ ^/track/hidden-phone-tracker-for-android-iphone.html) { rewrite ^ /track/hidden-phone-tracker-for-android-iphone.html permanent; }if ($request_uri ~ ^/viber/index.html) { rewrite ^ /topic/index.html permanent; }[root@EOP_Aimersoft_web01:~]# head -30 /usr/local/nginx/conf/rewrite.d/.conf if ($host ~* ^$){ rewrite ^(.*)$ $1 permanent;}if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1 permanent;}if ($request_uri ~ ^/(index|indice).html) { rewrite ^ / permanent;}#0824if ($request_uri ~ ^/install-chinasoft-spy-app-on-android-phones.html) { rewrite ^ /how-to-spy-android-phones.html permanent; }