Nginx 反向代理和安装

Posted by ZhangShun Blog on August 13, 2018

Nginx安装

  • nginx-1.12.2.tar.gz
  • nginx_upstream_check_module.tar.gz
1
2
3
4
5
6
7
yum -y install openssl openssl-devel pcre-devel
adduser nginx
mkdir -p /var/tmp/nginx/
touch /var/tmp/nginx/client
tar zxf nginx-1.12.2.tar.gz && tar zxf nginx_upstream_check_module.tar.gz
cd nginx-1.12.2
./configure --prefix=/usr/local/nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --http-client-body-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fcgi --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre --with-file-aio --with-http_secure_link_module --add-module=/usr/local/src/nginx_upstream_check_module --with-stream --with-stream_ssl_module

Nginx配置Basic Auth登录认证

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
yum install httpd-tools -y
htpasswd -c -d /usr/local/nginx/conf/pass_file zzcadmin

server {
	......
	auth_basic   "登录认证";
	auth_basic_user_file /usr/local/nginx/conf/pass_file;
	......
}

# 使用wget
wget --http-user=zzcadmin --http-passwd=123456 http://test.intellicredit.com/xxx.zip

# 使用curl
curl -u zzcadmin:123456 -O http://test.intellicredit.com/xxx.zip

Nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
events{}        #nginx性能
stream{
    upstream{
    }
    server{
            location{
            }
    }
}        #四层转发
http{
    upstream{
    }
    server{
            location{
            }
    }
}            #七层转发

http {
	include /usr/local/nginx/conf.d/*.conf;        #调用/usr/local/nginx/conf.d/下的配置文件
}

http转发

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
server {
    listen   18001;
    access_log  /var/log/nginx/bl_http.log ngx_accss_json;
    location /status {
            stub_status on;
            access_log off;
            allow 127.0.0.1;
            allow 10.0.17.27;
            allow 10.0.1.142;
            deny all;
    }
    location / {
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            __proxy_pass http://bl_tomcat;__
            #Proxy Settings
            proxy_redirect     off;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            #proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-For  $http_x_forwarded_for;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            proxy_ignore_client_abort  on;
            proxy_max_temp_file_size 0;
            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;
            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
    }
}

https转发

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
server {
    listen       8443 ssl;
    server_name  *.intellicredit.cn;
    root         html;
    ssl    on;
    ssl_certificate      /usr/local/nginx/certs/intellicre.crt;
    ssl_certificate_key  /usr/local/nginx/certs/intellicredit.cn.key;
    ssl_session_cache    shared:SSL:20m;
    ssl_session_timeout  20m;
    ssl_protocols    TLSv1 TLSv1.1 TLSv1.2;
    access_log  /var/log/nginx/bl_https.log;
    location / {
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_pass https://tomcat;
            #Proxy Settings
            proxy_redirect     off;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            proxy_max_temp_file_size 0;
            proxy_ignore_client_abort  on;
            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;
            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
    }
}

tcp转发

1
2
3
4
5
6
7
8
9
10
11
12
stream {
    upstream test {
            hash $remote_addr consistent;
            server 1.1.1.1:80 weight=100;
    }
    server {
            listen 8080;
            proxy_connect_timeout 5s;
            proxy_timeout 5s;
            proxy_pass test;
    }
}