Configure Nginx reverse proxy based on CentOS 7

Nginx as a reverse proxy server is widely used in major Internet companies. It is simple and easy to use, it can proxy its different business types to different servers according to business needs, and distribute the request pressure of the entire site to different servers by type. This method greatly improves the request performance of the entire site. This article briefly describes proxy demonstrations in several different scenarios of Nginx for your reference.

1. Reverse proxy and presentation environment description##

1、 Reverse proxy###

In computer networks, a reverse proxy is a proxy server that retrieves resources from one or more servers on behalf of the client. These resources are then returned to the client as if they originated from the Web server itself. Contrary to the forward proxy, the forward proxy is an intermediary that contacts any server with its associated client, and the reverse proxy is an intermediary that any client contacts with its associated server.

For forward proxy, please refer to: Configure Nginx forward proxy based on CentOS 7

2、 Several servers in this demo##

Two, conventional reverse proxy configuration##

1、 Backend server configuration (Apache)

Host name and IP of the back-end Apache server
 # hostname
 centos7-web.example.com
 # more /etc/redhat-release
 CentOS Linux release 7.2.1511(Core)
 # ip addr|grep inet|grep global
 inet 172.24.8.128/24 brd 172.24.8.255 scope global eno16777728

 # systemctl start httpd.service
 # echo "This is a httpd test page.">/var/www/html/index.html
 # curl http://localhost
 This is a httpd test page.

2、 Front-end Nginx reverse proxy server configuration###

Front-end Nginx server host name and IP
 # hostname
 centos7-router

 # more /etc/redhat-release
 CentOS Linux release 7.2.1511(Core)
 # ip addr |grep inet|grep global
 inet 172.24.8.254/24 brd 172.24.8.255 scope global eno16777728
 inet 192.168.1.175/24 brd 192.168.1.255 scope global dynamic eno33554960

Nginx version
 # nginx -V
 nginx version: nginx/1.10.2

Add a new configuration file to be used as a reverse proxy
 # vim /etc/nginx/conf.d/reverse_proxy.conf
 server {
 listen 8090;
 server_name localhost;

 location /{
 proxy_pass http://172.24.8.128; ###Reverse proxy core instructions

 proxy_buffers 256 4k;
 proxy_max_temp_file_size 0;
 proxy_connect_timeout 30;

 proxy_cache_valid 200302 10m;
 proxy_cache_valid 301 1h;
 proxy_cache_valid any 1m;}}

# systemctl reload nginx
# ss -nltp|grep nginx|grep 8090
LISTEN 0128*:8090*:* users:(("nginx",pid=78023,fd=8),("nginx",pid=78021,fd=8))

# curl http://localhost:8090 ##Based on local testing
This is a httpd test page.

View Apache server logs
# more /var/log/httpd/access_log ##Request IP address is 172.24.8.254, 172 when requested from other machines.24.8.254 this IP
172.24.8.254- - [30 /Oct/2017:14:02:38+0800]"GET / HTTP/1.0"20027"-""curl/7.29.0"

3、 Reverse proxy server and back-end server log format settings###

Add proxy for Nginx server_set_header instruction, modified as follows
 # grep proxy_set_header -B2 /etc/nginx/conf.d/reverse_proxy.conf
 location /{
 proxy_pass http://172.24.8.128;
 proxy_set_header X-Real-IP $remote_addr;}
 # systemctl reload nginx.service

Backend server Apache log format setting

 # vim /etc/http/conf/httpd.conf

 # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined #Comment this line and add the next line
 LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined #Key description{X-Real-IP}i

 # ip addr|grep inet|grep global    #From 1.132 host access
 inet 192.168.1.244/24 brd 192.168.1.255 scope global eth0

 # curl http://192.168.1.175:8090  #From 1.244 host access
 This is a httpd test page

# Check the apache access log again, as shown below, it is no longer the IP address of the proxy server, and it shows 1 at this time.244192.168.1.244--[30/Oct/2017:15:49:07+0800]"GET / HTTP/1.0"20027"-" "curl/7.19.7(x86_64-redhat-linux-gnu)
 libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2"

Second, match reverse proxy based on directory##

The back-end server uses Nginx configuration

 # more /etc/redhat-release ##os platform and ip address
 CentOS release 6.7(Final)
 # ip addr|grep eth0|grep global
 inet 192.168.1.132/24 brd 192.168.1.255 scope global eth0
 # nginx -v ##nginx version
 nginx version: nginx/1.10.2

 # mkdir -pv /usr/share/nginx/html/images ##Create image catalog
 mkdir: created directory `/usr/share/nginx/html/images'

 # cp /usr/share/backgrounds/nature/*.jpg /usr/share/nginx/html/images/. ##Copy picture file

 # cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bk
 # vim /etc/nginx/conf.d/default.conf ##Modify the default configuration file directly here

 server {
 listen 80 default_server;
 listen [::]:80 default_server;
 server_name _;
 root /usr/share/nginx/html;

 # Load configuration files for the default server block.
 include /etc/nginx/default.d/*.conf;

 location / {
    }

 location /images {
 alias /usr/share/nginx/html/images; ##Alias are configured here
    }

 error_page 404 /404.html;
 location = /40x.html {
    }

 error_page 500 502 503 504 /50x.html;
 location = /50x.html {
    }
  }

# /etc/init.d/nginx reload
Reloading nginx: [ OK ]

Front-end Nginx configuration
 # vim /etc/nginx/conf.d/reverse_proxy.conf
 server {
 listen 8090;
 server_name localhost;

 location / {
 proxy_pass http://172.24.8.128;
 proxy_set_header X-Real-IP $remote_addr;
    }

 location /images { ##Proxy the files in the images directory to 192.168.1.132
 proxy_pass http://192.168.1.132;
 proxy_set_header X-Real-IP $remote_addr;
    }
  }

# systemctl reload nginx

Verify the agency situation
192 at ip.168.1.244 test requests for jpg files in the images directory(The jpg is successfully viewed based on the browser, the texture is omitted here)
 # ip addr|grep inet|grep global
 inet 192.168.1.244/24 brd 192.168.1.255 scope global eth0
 # curl -I http://192.168.1.175:8090/images/Garden.jpg
 HTTP/1.1 200 OK
 Server: nginx/1.12.2
 Date: Tue, 31 Oct 2017 01:48:18 GMT
 Content-Type: image/jpeg
 Content-Length: 264831
 Connection: keep-alive
 Last-Modified: Mon, 30 Oct 2017 08:21:28 GMT
 ETag: "59f6e108-40a7f"
 Accept-Ranges: bytes

3. Reverse proxy configuration based on specific file types##

php server side configuration(ip 192.168.1.132)

 # ss -nltp|grep php
 LISTEN 0128192.168.1.132:9000*:* users:(("php-fpm",7147,8),("php-fpm",7148,0),("php-fpm",7149,0))

 # mkdir -pv /data ###Store php code
 # echo "/data 192.168.1.0/24(rw)">/etc/exports
 # /etc/init.d/rpcbind start
 # /etc/init.d/nfslock start
 # /etc/init.d/nfs start

 # echo "<?php phpinfo();?>">/data/index.php

Nginx proxy configuration(ip 192.168.1.175)
 # mkdir /data
 # mount -t nfs 192.168.1.132:/data /data
 # ls /data
 index.php

 # vim /etc/nginx/conf.d/reverse_proxy.conf
 server {
 listen 8090;
 server_name localhost;

 location /{
 proxy_pass http://172.24.8.128;
 proxy_set_header X-Real-IP $remote_addr;}

 location /images {
 proxy_pass http://192.168.1.132;
 proxy_set_header X-Real-IP $remote_addr;}

 location ~ \.php$ {
 root /data;
 fastcgi_pass 192.168.1.132:9000;
 fastcgi_index index.php;
 fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
 include fastcgi_params;}}

# systemctl restart nginx

Test reverse proxy to php
 [ root@ydq05 ~]# ip addr|grep inet|grep global
 inet 192.168.1.244/24 brd 192.168.1.255 scope global eth0
 [ root@ydq05 ~]# curl -I http://192.168.1.175:8090/index.php
 HTTP/1.1200 OK
 Server: nginx/1.12.2
 Date: Tue,31 Oct 201703:22:59 GMT
 Content-Type: text/html; charset=UTF-8
 Connection: keep-alive
 X-Powered-By: PHP/5.6.0

Fourth, configure reverse proxy to tomcat based on upstream

The Nginx upstream command can also proxy the request to the backend server
The following example, combined with the upstream instruction to demonstrate the proxy to tomcat

# vim /etc/nginx/conf.d/tomcat.conf 
upstream app {
    server localhost:8080;
    keepalive 32;}

server {
 listen 80;
 server_name localhost;
 location /{
  proxy_set_header Host $host;
  proxy_set_header x-for $remote_addr;
  proxy_set_header x-server $host;
  proxy_set_header x-agent $http_user_agent;
  proxy_pass http://app;}}[root@node132 conf.d]# ss -nltp|grep java
LISTEN    01::ffff:127.0.0.1:8005:::*      users:(("java",39559,45))
LISTEN    0100:::8009:::*      users:(("java",39559,43))
LISTEN    0100:::8080:::*      users:(("java",39559,42))

tomcat version
[ root@node132 conf.d]# /usr/local/tomcat/bin/catalina.sh version
Using CATALINA_BASE:/usr/local/tomcat
Using CATALINA_HOME:/usr/local/tomcat
            ....
Server version: Apache Tomcat/7.0.69
Server built:  Apr 11201607:57:09 UTC
Server number:7.0.69.0
OS Name:        Linux
OS Version:2.6.32-573.el6.x86_64
Architecture:  amd64
JVM Version:1.7.0_79-b15
JVM Vendor:    Oracle Corporation

Validation results
# curl http://localhost

<! DOCTYPE html><html lang="en"><head><title>Apache Tomcat/7.0.69</title><link href="favicon.ico" rel="icon" type="image/x-icon"/><link href="favicon.ico" rel="shortcut icon" type="image/x-icon"/><link href="tomcat.css" rel="stylesheet" type="text/css"/></head>......

Five, proxy module instruction description##

There are many configuration instructions available for the proxy module. They are used to define many attributes of the proxy module, such as the connection timeout period and the HTTP protocol version used when proxying. Here is a brief description of commonly used commands.

proxy_connect_timeout
The maximum length of time nginx waits before sending a request to the upstream server;
proxy_cookie_domain
Modify the domain attribute set by the upstream server through the Set-Cookie header to the specified value, which can be a string, a pattern of regular expressions, or a quoted variable;
proxy_cookie_path
Modify the path attribute set by the upstream server through the Set-Cookie header to the specified value, which can be a string, a pattern of regular expressions, or a quoted variable;
proxy_hide_header
Set the header to be hidden in the message sent to the client;
proxy_pass
Specify the URL path to proxy the request to the upstream server;
proxy_set_header
Rewrite a certain header of the message sent to the upsream server;
proxy_redirect
Rewrite location and refresh the header of the message received from the upstream server;
proxy_send_timeout
The maximum interval between two write operations sent to the upstream server before the connection is disconnected;
proxy_read_timeout
The maximum interval between two read operations received from the receiving upstream server before the connection is disconnected;

As an example below:
 proxy_redirect off;
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 client_max_body_size 10m;
 client_body_buffer_size 128k;
 proxy_connect_timeout 30;
 proxy_send_timeout 15;
 proxy_read_timeout 15;

Note: Last update time 20171110, add reverse proxy to tomcat content

Recommended Posts

Configure Nginx reverse proxy based on CentOS 7
Configure Nginx forward proxy based on CentOS 7
Configure Nginx load balancing based on CentOS 7
Configure Nginx to start automatically based on CentOS 7
Configure Ocserv on CentOS 6
Build Nginx based on Centos 7 (including virtual host)
Configure swap space on CentOS7
Install Zabbix 3.4 based on CentOS 7
Install Nginx server on CentOS 7
Common Linux operations (based on centos7)
Configure rsyslog log client on CentOS
How to install Nginx on CentOS 8
Build Elasticsearch 6.2.4 (centos) based on docker
Build Nginx environment on Linux (CentOS)
Configure python3 environment on centos7 and
Build Discuz Forum based on CentOS
Build WeChat applet service based on CentOS
Build WeChat applet service based on CentOS
Configure Nginx Git server on Ubuntu system
Deploy Docker and configure Nginx in CentOS
Centos7.3 install nginx
How to install and configure Elasticsearch on CentOS 7
Cloud server builds Discuz forum based on CentOS
How to install and configure VNC on CentOS 8
How to install and configure Redis on CentOS 8
Centos7 install Nginx
How to install and configure phpMyAdmin on CentOS 6
How to install and configure Owncloud on CentOS 8
Centos7 configure JDK
Detailed tutorial of installing nginx on centos8 (graphic)
How to install and configure Redmine on CentOS 8
How to configure FTP server with Vsftpd on CentOS 8
How to configure a fixed IP based on Ubuntu 18.04
How to install and configure NFS server on CentOS 8
How to configure FTP server with Vsftpd on CentOS 8
How to use Let&#39;s Encrypt to protect Nginx on CentOS 8
CentOS MONO nginx running
Install Docker on Centos7
install LNMP on centos7.4
Build k8s1.9.9 on centos7
Install Java on Centos 7
Xfs configuration on centos7
Nodejs install on centos7
Install FFmpeg on CentOS 8
Install RabbitMQ on CentOS 7
Install Node.js on Centos
Maven install on centos7
Install MongoDB on CentOS 7
Jenkins build on centos
Install Surelog on CentOS8
Configure lamp under centos6.8
Centos7 configure IP address
Deploy vuepress on centos7
Openjdk install on centos7
Install Jenkins on centos7
Use RapidSVN on CentOS7
Centos7 configure nodejs environment
install RabbitMQ on centos
Install RabbitMQ on CentOS 7
install Docker on centos6.5
install oracle on centos