反向代理（负载均衡）

最新推荐文章于 2022-05-26 00:05:40 发布

原创最新推荐文章于 2022-05-26 00:05:40 发布 · 331 阅读

0 ·

CC 4.0 BY-SA版权

php 专栏收录该内容

17 篇文章

订阅专栏

1.反向代理就是客户端通过访问代理服务器最终访问到真实服务器的过程

反向代理的作用：

(1）保证内网的安全，可以使用反向代理提供WAF功能，阻止web攻击

大型网站，通常将反向代理作为公网访问地址，Web服务器是内网。

（2）负载均衡，通过反向代理服务器来优化网站的负载

配置

upstream backend {
   ip_hash;  #处理session共存
   server 47.106.163.103; #真实服务器ip
   
}

server {
        #listen 80 default_server;
        #listen [::]:80 default_server;
        listen  443 ; #https 443 端口 服务器必须要开放 443端口

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #rker_processes
        # include snippets/snakeoil.conf;

        root /var/www/html/default/public;

        # Add index.php to the list if you are using PHP
        index index.php  index.html ;

        server_name  myinterestis.com www.myinterestis.com ;
        #server_name 47.106.163.103;
        ssl on; # 开启https模块
        ssl_certificate  /var/www/html/default/public/214541076500893.pem;
        ssl_certificate_key  /var/www/html/default/public/214541076500893.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        # 默认请求
        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                #反向代理开始 
                proxy_pass http://backend; #代理服务器ip
                #proxy_set_header Host      $host;
                #proxy_set_header X-Real-IP $remote_addr;
                #proxy_redirect https:// $scheme://; #做https跳转
                #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
                #反向代理结束
                if (!-e $request_filename) {
                  rewrite  ^(.*)$  /index.php?s=/$1  last;
                  break;
                 }        }


        # 静态文件处理
        location ~ \.(txt|jpg|png|js|css|static)$ {


          #root   /var/www/html/default/public/.well-known/;
        }




        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #请求分发到 fpm 
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
        #
        #       # With php7.0-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php7.0-fpm:
                fastcgi_pass unix:/run/php/php5.6-fpm.sock;
        }


        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}