4.48-49Nginx反向代理

時間  2019-12-12
標籤 4.48 49nginx nginx 反向 代理 欄目 Nginx 简体版
原文   原文鏈接

Nginx反向代理

 

什麼叫反向代理?nginx

A(用戶)-->  B(在和C同一個機房,而且有公網)-->  C(不帶公網的機器)

#A經過B的代理訪問真正想訪問的機器(C)

什麼場景會使用反向代理?web

1)訪問不帶公網的內網機器
2)解決兩臺機器之間通訊有障礙的問題
第三種比較特殊!當兩個服務都是用同一端口,能夠讓nginx外的如httpd監聽非80端口,而後使用nginx反向代理zabbix(使用的httpd)

場景設置:後端

1)A B 兩臺機器,其中A只有內網,B有內網和外網
2)A的內網ip是 192.168.28.107
3)B的內網ip是 192.168.28.108  B的外網IP是 192.168.149.129
4)C爲客戶端,C只能訪問B的外網IP,不能訪問A或者B的內網IP

需求目的:服務器

C要訪問到A的內網上的網站

配置:網絡

虛擬機的實驗流程
設置代理機上與服務機同一網段的網卡的配置文件
   location /
    {
        proxy_pass http://ip;        ip去掉填寫後端web服務器的ip      
        proxy_set_header Host $host;  用來設定header信息curl能夠看到。域名,servername(代理的時候的header)
        proxy_set_header X-Real-IP $remote_addr;               下面兩段爲了在日誌當中顯示源的真正ip
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;   這兩段在訪問日誌中體現
    }


複製下面這段

    location /
    {
        proxy_pass http://ip;        
        proxy_set_header Host $host;  
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

服務機上的設置
yum安裝nginx
經過代理機進行數據複製:scp命令 scp /etc/yum.repos.d/nginx.repo 代理機的IP:/etc/yum.repos.d/
#把代理機上nginx的yum源傳過來,就不用再配置.repo文件了,直接安裝nginx就OK 
 scp就是複製命令,數據所在的本機的複製命令就是cp,異機的複製命令就是scp

 

nginx的反向代理

用虛擬機模擬,108機器增長一塊僅主機模式的網卡,並開啓,鏈接上108
108
[root@test02 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.28.108  netmask 255.255.252.0  broadcast 192.168.31.255
        inet6 fe80::98ef:5fb6:2c54:d563  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::8eb9:eeb2:ea98:c999  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:20:ad:bc  txqueuelen 1000  (Ethernet)
        RX packets 2492  bytes 3197805 (3.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 883  bytes 77855 (76.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.229.128  netmask 255.255.255.0  broadcast 192.168.229.255
        inet6 fe80::ee2d:59da:a6ba:e82  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:20:ad:c6  txqueuelen 1000  (Ethernet)
        RX packets 4  bytes 989 (989.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10  bytes 1308 (1.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 68  bytes 5524 (5.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 68  bytes 5524 (5.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
  

並無ens37的配置文件,要設置成靜態ip要拷貝配置文件
[root@test02 ~]# ls /etc/sysconfig/network-scripts/ifcfg-
ifcfg-ens33  ifcfg-lo    

[root@test02 ~]# cd /etc/sysconfig/network-scripts/
[root@test02 network-scripts]# cp ifcfg-ens33 ifcfg-ens37
[root@test02 network-scripts]# vi ifcfg-ens37


TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=bfc98778-197a-423a-aec7-acdb02e60879
DEVICE=ens37
ONBOOT=yes
IPADDR=192.168.229.129
NETMASK=255.255.255.0
~                                                                                                           
~                                                                                                           
~                                                                                                           
~                                                                                                           

systemctl restart network重啓網絡服務

[root@test02 network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.28.108  netmask 255.255.252.0  broadcast 192.168.31.255
        inet6 fe80::98ef:5fb6:2c54:d563  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::8eb9:eeb2:ea98:c999  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:20:ad:bc  txqueuelen 1000  (Ethernet)
        RX packets 3590  bytes 3292584 (3.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1547  bytes 161035 (157.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.229.129  netmask 255.255.255.0  broadcast 192.168.229.255
        inet6 fe80::20c:29ff:fe20:adc6  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:20:ad:c6  txqueuelen 1000  (Ethernet)
        RX packets 5  bytes 1331 (1.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 48  bytes 4364 (4.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 92  bytes 7564 (7.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 92  bytes 7564 (7.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

107
[root@test01 ~]# scp /etc/yum.repos.d/nginx.repo 192.168.28.108:/etc/yum.repos.d/

108
yum install -y nginx

[root@test02 ~]# cd /etc/nginx/conf.d/
[root@test02 conf.d]# ls
default.conf
[root@test02 conf.d]# vi default.conf
 deny all;掉default.conf

[root@test02 conf.d]# vi bbs.champin.top.conf

server
{
        listen 80;
        server_name bbs.champin.top;
    location /
    {
        proxy_pass http://192.168.28.107;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
~        

[root@test02 conf.d]# systemctl start nginx
[root@test02 conf.d]# ps aux |grep nginx
root       4440  0.0  0.0  46352   984 ?        Ss   03:20   0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx      4441  0.0  0.1  46864  1680 ?        S    03:20   0:00 nginx: worker process
root       4444  0.0  0.0 112664   972 pts/0    S+   03:22   0:00 grep --color=auto nginx
[root@test02 conf.d]# nginx -t 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test02 conf.d]# nginx -s reload

由於是虛擬機模擬,還要綁定hosts 192.168.229.129 bbs.champin.top

[root@test02 conf.d]# firewall-cmd --add-port=80/tcp --permanent
success
[root@test02 conf.d]# firewall-cmd --reload
success

[root@test02 conf.d]# iptables -nvL |grep 80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 ctstate NEW
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程