两层nginx转发配置简单测试
时间:2022-11-17 13:08:40
两层nginx转发配置简单测试
[root@test ~]# yum -y install gcc make pcre-devel openssl-devel [root@test ~]# tar xf nginx-1.17.6.tar.gz [root@test ~]# cd nginx-1.17.6/ [root@test nginx-1.17.6]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_ssl_module [root@test nginx-1.17.6]# make && make install [root@test nginx-1.17.6]# useradd nginx -s /sbin/nologin [root@test nginx-1.17.6]# /usr/local/nginx/sbin/nginx
192.168.1.11 第一层nginx
location / { proxy_pass http://192.168.1.12; }
192.168.1.12 第二层nginx
location ^~ /api { proxy_pass http://192.168.1.13/; #目标端口1 } #location 后的^,proxy最后的/不能少,否则会带上一层api过去
location ^~ /test { proxy_pass http://192.168.1.21/; #目标端口2 }
192.168.1.13 目标web-nginx1
echo "wo shi api" >html/index.html
192.168.1.21 目标web-nginx2
echo "wo shi test" >html/index.html
测试 http://192.168.1.1/api , 拍错查看每个nginx的日志
参考优化信息
location / { proxy_next_upstream error timeout invalid_header http_500 http_503; proxy_pass http://192.168.1.12; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; #proxy_send_lowat 12000; proxy_buffer_size 128k; proxy_buffers 8 64k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; } }
第一层走加密配置
修改主配置文件 去掉注释 :103,120s/#// server { listen 443 ssl; server_name www.c.com; //修改域名 ssl_certificate cert.pem; //证书,包含公钥,/usr/local/nginx/conf下 ssl_certificate_key cert.key; //私钥 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://192.168.1.12; } }
自建证书与私钥
[root@test nginx]# cd conf/ [root@test conf]# openssl genrsa > cert.key Generating RSA private key, 2048 bit long modulus ............................................................+++ ...................................................................................................+++ e is 65537 (0x10001) [root@test conf]# openssl req -new -x509 -key cert.key > cert.pem [root@test conf]# ../sbin/nginx -s reload
访问测试 https://192.168.1.1/api