应公司领导要求,项目中需要使用Nginx作为反向代理和负载均衡服务器,简单研究了一下
两个虚拟主机分别反向代理一个tomcat服务器
upstream是负载均衡的模块,添加多台提供相同服务的服务器节点
将server节点下的location节点中的proxy_pass配置为:http:// + upstream名称
修改nginx.conf文件
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
#负载均衡模块,添加服务节点
upstream www.ranphy.com {
server localhost:91;
server localhost:92;
}
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
proxy_pass http://www.ranphy.com;
proxy_set_header X-Real-IP $remote_addr;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 91;
server_name localhost:91;
location / {
root html;
index index.html index.htm;
# 反向代理tomcat节点
proxy_pass http://localhost:8080/;
}
# 记录日志,定义日志名与记录方式
access_log logs/port91-access.log main;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 92;
server_name localhost:92;
location / {
root html;
index index.html index.htm;
proxy_pass http://localhost:7070;
}
access_log logs/port92-access.log main;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
之后nginx需要平滑重启
/usr/local/nginx/sbin/nginx -s reload新增需求:使用添加ssl支持
首先需要添加nginx模块:
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
获取所需的ssl证书放入指定位置,修改nginx配置文件
server {
listen 443;
#listen 80;
server_name localhost;
ssl on;
root html;
index index.html index.htm;
ssl_certificate /usr/local/nginx/cert/66.pem;
ssl_certificate_key /usr/local/nginx/cert/66.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_pass http://www.leku-ysdq.com;
proxy_set_header X-Real-IP $remote_addr;
}
#error_page 497 https://$host$uri;
}
注释内容为nginx将http请求转为https,还有另一种方法:即使用nginx的rewrite功能
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1 permanent;
}