9.Nginx代理

[toc]

nginx代理概述

• 正向代理 代理客户端 VPN 代理客户端访问外网
• 反向代理 代理服务端
• 区别在于对象不同
  • 正向代理的对象是客户端，往往为客户端服务
  • 反向代理的对象是服务端，往往为服务端服务

反向代理模式	nginx配置模块
http websocket https	ngx_http_proxy_moudule
fastcgi	ngx_htttp_fastcgi_moudule
uwsgi	ngx_http_uwsgi_moudule
grpc	ngx_http_v2_moudule

部署Nginx代理

环境准备

主机名	WanIP	LanIP	角色	应用
web01	10.0.0.7	172.16.1.7	web网站	nginx php wordpress
db01	10.0.0.51	172.16.1.51	数据库	mariadb
lb01	10.0.0.5	172.16.1.5	反向代理服务器	nginx

部署web服务器(web01)

# 修改yum源
vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

# 生成缓存
yum makecache

# 安装nginx和php
yum install -y nginx
rpm -ivh *.rpm

# 创建www组和用户
groupadd www -g 666 && useradd www -g 666 -u 666 -s /sbin/nologin/ -M

# 修改nginx和php的配置文件
vim /etc/nginx/nginx.conf
user www;

vim /etc/php-fpm.d/www.conf
[www]
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = www
; RPM: Keep a group allowed to write in log dir.
group = www
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /opt/xxx.sock
listen.owner = www
listen.group = www

# 添加wordpress配置文件
vim /etc/nginx/conf.d/wp.conf
server {
	listen 80;
	server_name blog.xxx.com;
	root /code/wordpress;
	
	location / {
		index index.php index.html;
	}

	location ~ \.php$ {
		#fastcgi_pass 127.0.0.1:9000;
		fastcgi_pass unix:/opt/xxx.sock;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include /etc/nginx/fastcgi_params;
	}
}

# 创建站点目录
mkdir /code

# 在code下载wordpress
cd /code && wget http://test.driverzeng.com/Nginx_Code/wordpress-5.0.3-zh_CN.tar.gz

# 授权code权限
chown -R www:www /code

# 启动nginx和php并加入开机自启
systemctl start nginx && systemctl start php-fpm
systemctl enable nginx && systemctl enable php-fpm

# 解压wordpress站点目录
tar -xf wordpress-5.0.3-zh_CN.tar.gz

部署数据库(db01)

# 安装mariadb
yum install -y mariadb-server

# 启动服务并加入开机自启
systemctl start mariadb && systemctl enable mariadb

# 设置数据库的管理用户和密码
mysqladmin -uroot password '123'

# 连接数据库
mysql -uroot -p123

# 创建库
create database wordpress charset utf8;
show databases;

#创建wordpress库的用户和密码
grant all on wordpress.* to wp_user@'172.16.1.%' identified by '123';

Nginx做代理服务器(lb01)

# 修改yum源
vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

# 安装nginx
yum install -y nginx

# 添加nginx代理配置文件
vim /etc/nginx/conf.d/333.conf

server {
	listen 80;
	server_name blog.dl.com;

	location /{
		proxy_pass http://10.0.0.7:80;
	}
}

# 启动服务
systemctl start nginx && systemctl enable nginx

# 域名解析
10.0.0.5 blog.dl.com

# 以上配置文件出现的问题
lb01是通过 10.0.0.7 80端口去访问后端的web01
因为是用过了IP访问，所以谁的配置在上面，就访问哪个页面

解决方法，将域名加入到 lb01请求web01的请求中

location /{
			proxy_pass http://10.0.0.7:80;
			## 在代理服务器的请求头中，加上域名，携带者域名去访问后端的web01服务器
			proxy_set_header Host $host;
			## lb01连接web01的超时时间（代理服务器锚链接后端服务器的超时时间）
			proxy_connect_timeout 60s;
			## lb01代理服务器读取web01返回的数据超时时间
			proxy_read_timeout 60s;
			## 后端服务器返回给代理服务器的超时时间
			proxy_send_timeout 60s;
			## 开启代理服务器的缓冲区，代理服务器接收到web01返回的数据，接收一条，返回给用户一条
			proxy_buffering on;
			## 开启存放头部信息的缓冲区大小为32k
			proxy_buffer_size 32k
			## 开启4个128k的存放数据主题缓冲区
			proxy_buffers 4 128k
			
## 上述配置文件依旧存在问题
web01上的nginx日志，只显示lb01服务的IP地址，无法显示真实的IP地址

解决方案是在lb01的请求头中，加上用户的真实IP访问web01

proxy_connect_timeout 60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
proxy_buffering on;
proxy_buffer_size 32k；
proxy_buffers 4 128k；

# 最终配置文件
server {
	listen 80;
	server_name blog.dl.com;

	location /{
		proxy_pass http://10.0.0.7:80;
		include proxy_parms;
	}
}

# 创建proxy_params文件
vim /etc/nginx/proxy_params
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;