nginx反向代理用做內網域名轉發
阿新 • • 發佈:2018-12-23
由於公司內網有多臺伺服器的http服務要對映到公司外網靜態IP,如果用路由的埠對映來做,就只能一臺內網伺服器的80埠對映到外網80埠,其他伺服器的80埠只能對映到外網的非80埠。非80埠的對映在訪問的時候要域名加上埠,比較麻煩。並且公司入口路由最多隻能做20個埠對映。肯定以後不夠用。因此,我們需要通過nginx來做埠轉發。
環境準備
nginx
Openssl
http伺服器搭建
修改nginx.conf檔案
server {
listen 80;
server_name oauth.d.cn;
location / https伺服器搭建
生成金鑰
建立ssl資料夾,在該目錄下執行如下命令:
openssl genrsa -des3 -out mycert.key 1024 sh指令碼:
#!/bin/sh
#create self-signed server certificate:
read -p "Enter your domain [www.example.com]:" 修改nginx.conf檔案
# HTTPS server
#
server {
listen 443 ssl;
server_name oauth.test.com;
ssl_certificate mycert.crt;
ssl_certificate_key mycert_nopass.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:8080/;
}
}nginx.conf完整配置
#user nobody;
# 表示工作程序的數量,一般設定為cpu的核數
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
#nginx支援的總連線數就等於worker_processes * worker_connections
events {
#表示每個工作程序的最大連線數
worker_connections 1024;
}
http {
#include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
# 預設情況下,Nginx的gzip壓縮是關閉的, gzip壓縮功能就是可以讓你節省不
# 少頻寬,但是會增加伺服器CPU的開銷哦,Nginx預設只對text/html進行壓縮 ,
# 如果要對html之外的內容進行壓縮傳輸,我們需要手動來設定。
#gzip on;
server {
listen 80;
server_name oauth.d.cn;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080/;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
server {
listen 443 ssl;
server_name oauth.d.cn;
ssl_certificate D:/nginx-script/ssl/oauth.d.cn.crt;
ssl_certificate_key D:/nginx-script/ssl/oauth.d.cn.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080/;
}
}
}執行指令碼
啟動
windows
@echo off
echo "nginx is starting on port 80"
nginx -t -p d:/nginx-script/ -c config/nginx.conf
nginx -p d:/nginx-script/ -c config/nginx.conflinux
#!/bin/bash
ps -fe|grep nginx |grep -v grep
if [ $? -ne 0 ]
then
/usr/local/openresty/nginx/sbin/nginx -t -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf
/usr/local/openresty/nginx/sbin/nginx -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf
"nginx start"
else
/usr/local/openresty/nginx/sbin/nginx -t -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf
/usr/local/openresty/nginx/sbin/nginx -s reload -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf
"nginx reload"
fi
echo -e "===========================================\n\n"
tail -f ../logs/error.log關閉
windows
@echo off
tasklist | findstr /i "nginx.exe"
echo "nginx is running, stopping..."
rem nginx -s stop
TASKKILL /F /IM nginx.exe /T
echo "stop ok" linux
#!/bin/bash
/usr/local/openresty/nginx/sbin/nginx -t -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf
/usr/local/openresty/nginx/sbin/nginx -s quit -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf
echo "nginx stop"
echo -e "===========================================\n\n"
tail -f ../logs/error.log