「Nginx」- 反向代理常用配置 | proxy_pass

0

场景 | 常用配置 | 经典配置 | ……

NGINX Reverse Proxy
nginx 反向代理配置

使用方法可以参考 Module ngx_http_proxy_module / proxy_pass 文档 

server {
    
    listen 80;
    server_name site.example.com;

    location / {
        proxy_pass http://127.0.0.1:60080;

        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host  $host;
        proxy_set_header X-Forwarded-Port  $server_port;
    }
}

场景 | 代理其他站点

nginx as reverse proxy with upstream SSL – Server Fault
proxypass – Nginx proxy domain to another domain with no change URL – Server Fault 

server {
    ...
    location / {
        ...
        proxy_pass       https://backend.server.hostname/;
        proxy_set_header Host backend.server.hostname;
        
        proxy_ssl_trusted_certificate /etc/nginx/sslcerts/backend.server.pem;
        proxy_ssl_verify              off;                 # 关闭证书检查
        ...
    }
    ...
}

配置说明:

  • 如果远程服务器使用 Virtual Server 特性,基本如此,则需要明确指定 proxy_set_header Host backend.server.hostname 参数,而不能使用 $host 变量;

场景 | 代理 WebSocket 连接

nginx 反向代理 WebSocket 

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

upstream websocket {
    server localhost:8282; # appserver_ip:ws_port
}

server {
     server_name test.enzhico.net;
     listen 443 ssl;

     location / {
         proxy_pass http://websocket;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;

         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
     }

     ssl_certificate /etc/letsencrypt/live/test.enzhico.net/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/test.enzhico.net/privkey.pem;
}

场景 | 通过不同的 URI 进行反向代理

Module ngx_http_proxy_module / proxy_pass
How to remove the path with an nginx proxy_pass – Server Fault
How can query string parameters be forwarded through a proxy_pass with nginx? – Stack Overflow

问题描述

1)访问 http://example.com/a/foo/auth 地址,则反向代理到 http://127.0.0.1:8443/foo/auth 地址
1)访问 http://example.com/b/foo/auth 地址,则反向代理到 http://127.0.0.1:8993/foo/auth 地址

解决方法

server {
    listen 80;
    server_name example.com;

    location /a/ {
        # 注意,一定要使用 http://127.0.0.1:8443/ 而非 http://127.0.0.1:8443,否则传递到后端的 URL 将携带 /a/ 前缀
        # 参考文档对 proxy_pass 的描述(是否携带 URI 的区别)
        proxy_pass http://127.0.0.1:8443/;
    }

    location /b/ {
        proxy_pass http://127.0.0.1:8993/;

        proxy_pass_request_headers on; # 传递请求头(默认)
        proxy_pass_request_body on; # 传递请求提(默认)
    }

    location / {
        return 404;
    }
}

当然,还有其他配置方法,比如 rewrite正则表达式匹配 location 等等;

注意事项,如果在 location 中使用正则表达式匹配的方式,需要自行处理 GET 参数问题。如下配置: 

server {
...
    location ~ ^/a/(.*)$ {
        proxy_pass http://127.0.0.1:7011/$1$is_args$args;
    }
...
}

参考文献

DNS for Service Discovery with NGINX and NGINX Plus
Nginx reverse proxy + URL rewrite
Nginx proxy_pass root and specific url only
how to reverse proxy via nginx a specific url?
How to preserve request url with nginx proxy_pass
NGINX proxy_pass with URI modification