两层nginx转发配置简单测试
[root@test ~]# yum -y install gcc make pcre-devel openssl-devel
[root@test ~]# tar xf nginx-1.17.6.tar.gz
[root@test ~]# cd nginx-1.17.6/
[root@test nginx-1.17.6]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_ssl_module
[root@test nginx-1.17.6]# make && make install
[root@test nginx-1.17.6]# useradd nginx -s /sbin/nologin
[root@test nginx-1.17.6]# /usr/local/nginx/sbin/nginx
192.168.1.11 第一层nginx
location / {
proxy_pass http://192.168.1.12;
}
192.168.1.12 第二层nginx
location ^~ /api {
proxy_pass http://192.168.1.13/; #目标端口1
}
#location 后的^,proxy最后的/不能少,否则会带上一层api过去
location ^~ /test {
proxy_pass http://192.168.1.21/; #目标端口2
}
192.168.1.13 目标web-nginx1
echo "wo shi api" >html/index.html
192.168.1.21 目标web-nginx2
echo "wo shi test" >html/index.html
测试 http://192.168.1.1/api , 拍错查看每个nginx的日志
参考优化信息
location / {
proxy_next_upstream error timeout invalid_header http_500 http_503;
proxy_pass http://192.168.1.12;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
#proxy_send_lowat 12000;
proxy_buffer_size 128k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
}
}
第一层走加密配置
修改主配置文件 去掉注释 :103,120s/#//
server {
listen 443 ssl;
server_name www.c.com; //修改域名
ssl_certificate cert.pem; //证书,包含公钥,/usr/local/nginx/conf下
ssl_certificate_key cert.key; //私钥
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.1.12;
}
}
自建证书与私钥
[root@test nginx]# cd conf/
[root@test conf]# openssl genrsa > cert.key
Generating RSA private key, 2048 bit long modulus
............................................................+++
...................................................................................................+++
e is 65537 (0x10001)
[root@test conf]# openssl req -new -x509 -key cert.key > cert.pem
[root@test conf]# ../sbin/nginx -s reload
访问测试 https://192.168.1.1/api