nginx反向代理用做內網域名轉發
阿新 • • 發佈:2018-12-23
由於公司內網有多臺伺服器的http服務要對映到公司外網靜態IP,如果用路由的埠對映來做,就只能一臺內網伺服器的80埠對映到外網80埠,其他伺服器的80埠只能對映到外網的非80埠。非80埠的對映在訪問的時候要域名加上埠,比較麻煩。並且公司入口路由最多隻能做20個埠對映。肯定以後不夠用。因此,我們需要通過nginx來做埠轉發。
環境準備
nginx
Openssl
http伺服器搭建
修改nginx.conf檔案
server {
listen 80;
server_name oauth.d.cn;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:8080/;
}
}
https伺服器搭建
生成金鑰
建立ssl資料夾,在該目錄下執行如下命令:
openssl genrsa -des3 -out mycert.key 1024 #建立私鑰
openssl req -new -key mycert.key -out mycert.csr #建立csr證書
openssl rsa -in mycert.key -out mycert_nopass.key #去除密碼
openssl x509 -req -days 365 -in mycert.csr -signkey mycert_nopass.key -out mycert.crt #生成crt證書
sh指令碼:
#!/bin/sh
#create self-signed server certificate:
read -p "Enter your domain [www.example.com]:" DOMAIN
echo $DOMAIN
echo "Create server key..."
openssl genrsa -des3 -out $DOMAIN.key 1024
echo "Create server certificate signing request..."
SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=$DOMAIN"
openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr
echo "Remove password..."
mv $DOMAIN.key $DOMAIN.origin.key
openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key
echo "Sign SSL certificate..."
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
echo "TODO:"
echo "Copy $DOMAIN.crt to /etc/nginx/ssl/$DOMAIN.crt"
echo "Copy $DOMAIN.key to /etc/nginx/ssl/$DOMAIN.key"
echo "Add configuration in nginx:"
echo "server {"
echo " ..."
echo " listen 443 ssl;"
echo " ssl_certificate /etc/nginx/ssl/$DOMAIN.crt;"
echo " ssl_certificate_key /etc/nginx/ssl/$DOMAIN.key;"
echo "}"
修改nginx.conf檔案
# HTTPS server
#
server {
listen 443 ssl;
server_name oauth.test.com;
ssl_certificate mycert.crt;
ssl_certificate_key mycert_nopass.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:8080/;
}
}
nginx.conf完整配置
#user nobody;
# 表示工作程序的數量,一般設定為cpu的核數
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
#nginx支援的總連線數就等於worker_processes * worker_connections
events {
#表示每個工作程序的最大連線數
worker_connections 1024;
}
http {
#include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
# 預設情況下,Nginx的gzip壓縮是關閉的, gzip壓縮功能就是可以讓你節省不
# 少頻寬,但是會增加伺服器CPU的開銷哦,Nginx預設只對text/html進行壓縮 ,
# 如果要對html之外的內容進行壓縮傳輸,我們需要手動來設定。
#gzip on;
server {
listen 80;
server_name oauth.d.cn;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080/;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
server {
listen 443 ssl;
server_name oauth.d.cn;
ssl_certificate D:/nginx-script/ssl/oauth.d.cn.crt;
ssl_certificate_key D:/nginx-script/ssl/oauth.d.cn.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080/;
}
}
}
執行指令碼
啟動
windows
@echo off
echo "nginx is starting on port 80"
nginx -t -p d:/nginx-script/ -c config/nginx.conf
nginx -p d:/nginx-script/ -c config/nginx.conf
linux
#!/bin/bash
ps -fe|grep nginx |grep -v grep
if [ $? -ne 0 ]
then
/usr/local/openresty/nginx/sbin/nginx -t -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf
/usr/local/openresty/nginx/sbin/nginx -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf
"nginx start"
else
/usr/local/openresty/nginx/sbin/nginx -t -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf
/usr/local/openresty/nginx/sbin/nginx -s reload -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf
"nginx reload"
fi
echo -e "===========================================\n\n"
tail -f ../logs/error.log
關閉
windows
@echo off
tasklist | findstr /i "nginx.exe"
echo "nginx is running, stopping..."
rem nginx -s stop
TASKKILL /F /IM nginx.exe /T
echo "stop ok"
linux
#!/bin/bash
/usr/local/openresty/nginx/sbin/nginx -t -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf
/usr/local/openresty/nginx/sbin/nginx -s quit -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf
echo "nginx stop"
echo -e "===========================================\n\n"
tail -f ../logs/error.log