nginx的基本使用及配置负载均衡解决前后端分离跨域问题

Posted 武魂95级蓝银草

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了nginx的基本使用及配置负载均衡解决前后端分离跨域问题相关的知识,希望对你有一定的参考价值。

1.作用:做请求转发,负载均衡,反向代理;静态文件与项目web的分离,正向代理;

2.请求过程:反向代理过程

客户端——》nginx——》tomcat服务器

tomcat服务器——》nginx——》客户端

3.场景运用:前后端分离项目,需要解决跨域,需要用https请求,需要负载均衡,需要静态文件的正向代理

比如我想访问:https://XXXX:7443/zlj_jhpt就访问到了XXXX.70:6443的项目名称位zlj_jhpt的项目

1).https请求到外网nginx服务器,外网nginx需要请求到交换平台的接口
2).外网tomcat配置 7443端口,且服务器入栈开7443端口
3).交换平台6443端口

4.注意点:

1).https请求时Nginx配置ssl证书和tomcat配置ssl证书,其中互联网的nginx证书必须是根证书(被所有浏览器信任的证书,通常信息中心分配或者阿里云申请)

2).被代理的tomcat服务器需要开https端口配置ssl证书,这个证书可以用jdk自带的命令生成即可,具体见上次写的:https://www.cnblogs.com/tongcc/p/15543436.html
3).阿里云服务器安全组开端口,服务器本地入栈开端口

5.重点配置分析:

upstream标签

upstream zlj_jhpt {
ip_hash; //负载均衡策略:ip_hash,ip_url,轮询,权重,fails
server XXXX.70:443 weight=1 max_fails=10 fail_timeout=120s;
server XXXX.70:6443 weight=1 max_fails=10 fail_timeout=120s;
#server XXXX.72:8080 weight=1 max_fails=10 fail_timeout=120s;
keepalive 64;
}

server标签

server {

listen 7443 ssl;#监听的端口
server_name XXXX:7443;#监听ip及端口
ssl_certificate D:/zlj_ssl/_.XXXX_bundle.crt;#ssl证书
ssl_certificate_key D:/zlj_ssl/.XXXX_RSA.XXXX_RSA.key;#ssl证书

ssl_session_cache shared:SSL:1m; #所有工作进程之间共享缓存
ssl_session_timeout 5m;

#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

charset ISO-88509-1;

#前端页面:https://XXXX:7443/zhejiang-social-assistance/zhejiang-social-assistance.html#/five-help/how-help
#接口地址:https://XXXX:7443/zlj_jhpt/api/five-help/help-how-going/count


#接口地址映射
location /api/ {
proxy_pass https://XXXX:7443/zlj_jhpt/api/; 
proxy_set_header X-Real-IP $remote_addr;
}

#前端页面地址映射
location /zhejiang-social-assistance/ {
root D:\\working\\yw_szzfdp\\web;
expires 12h;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

}

#静态资源反向代理配置,比如将项目中的图片放到nginx服务器上

location /stwx/happyCode/images {
alias D:\\zly_cache\\stwx\\happlyCode\\images;
expires 12h;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
}


#Tomcat项目映射及跨域问题解决
location /zlj_jhpt {
proxy_pass https://zlj_jhpt;   #写死一个的话配置:ip地址+端口号+项目名称 ;负载均衡的话就用upsteam标签
include proxy.conf;
# 配置html以文件方式打开
if ($request_method = \'POST\') {
add_header \'Access-Control-Allow-Origin\' *;
add_header \'Access-Control-Allow-Credentials\' \'true\';
add_header \'Access-Control-Allow-Methods\' \'GET, POST, OPTIONS\';
add_header \'Access-Control-Allow-Headers\' \'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\';
}
if ($request_method = \'GET\') {
add_header \'Access-Control-Allow-Origin\' *;
add_header \'Access-Control-Allow-Credentials\' \'true\';
add_header \'Access-Control-Allow-Methods\' \'GET, POST, OPTIONS\';
add_header \'Access-Control-Allow-Headers\' \'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\';
}
}

}

6.其他配置

虚拟处理器查看:

 

 

5.其他配置分析

#user nobody;
#worker_processes: CPU核心数,(双核4线程,可以设置为4,但是我这台服务器还有一个tomcat所以我配置3)
worker_processes 3;

#debug | info | notice | warn | error | crit
error_log logs/error.log warn;

pid logs/nginx.pid;

#worker_rlimit_nofile 65535;

#单个工作进程可以允许同时建立外部连接的数量
events {
worker_connections 8192;
}

http {
include mime.types;

default_type application/octet-stream;

fastcgi_intercept_errors on;

log_format main \'"$upstream_addr" $remote_addr - $remote_user [$time_local] "$request" \'
\'$status $body_bytes_sent "$http_referer" \'
\'"$http_user_agent" "$http_x_forwarded_for"\';

#access_log logs/access.log main;
access_log off;
open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;

server_names_hash_bucket_size 128;

large_client_header_buffers 4 64k;

client_header_buffer_size 32k;

client_body_buffer_size 5120k;

client_max_body_size 100m;

server_tokens off;

ignore_invalid_headers on;
recursive_error_pages on;

server_name_in_redirect off;

sendfile on;

tcp_nopush on;

tcp_nodelay on;

keepalive_requests 3000;

keepalive_timeout 120;

client_body_timeout 12;
client_header_timeout 12;
send_timeout 10;

autoindex off;

include gzip.conf;

map_hash_bucket_size 64;

#FastCGI相关参数是为了改善网站的性能:减少资源占用,提高访问速度。下面参数看字面意思都能理解。
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 8 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
#upstream模块:配置所映射的服务器项目地址及端口号,5种负载均衡策略:轮询(默认),权重(weight),ip_haph,ip_url,fairs
upstream stwx {
ip_hash;
server XXXX.206:8080 weight=1 max_fails=10 fail_timeout=120s;
#server XXXX.72:8080 weight=1 max_fails=10 fail_timeout=120s;
keepalive 64;
}


upstream zlj_jhpt {
ip_hash;
#交换平台地址
server XXXX.70:443 weight=1 max_fails=10 fail_timeout=120s;
#server XXXX.70:8088 weight=1 max_fails=10 fail_timeout=120s;
#server XXXX.72:8080 weight=1 max_fails=10 fail_timeout=120s;
keepalive 64;
}

#server模块 配置监听的端口,一个server监听一个端口,配置客户端所访问的路径
server {
# 监听了7443端口号
listen 7443 ssl;
# 访问项目的ip地址及端口号
server_name XXXX:7443;
ssl_certificate D:/zlj_ssl/_.XXXX_bundle.crt;
ssl_certificate_key D:/zlj_ssl/.XXXX_RSA.XXXX_RSA.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

charset ISO-88509-1;
# 访问项目根路径 比如:https://XXXX:7443/zlj_jhpt就访问到了XXXX.70:443的项目名称位zlj_jhpt的项目
location /zlj_jhpt {
proxy_pass https://zlj_jhpt;
include proxy.conf;
# 配置html以文件方式打开,解决跨域问题
if ($request_method = \'POST\') {
add_header \'Access-Control-Allow-Origin\' *;
add_header \'Access-Control-Allow-Credentials\' \'true\';
add_header \'Access-Control-Allow-Methods\' \'GET, POST, OPTIONS\';
add_header \'Access-Control-Allow-Headers\' \'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\';
}
if ($request_method = \'GET\') {
add_header \'Access-Control-Allow-Origin\' *;
add_header \'Access-Control-Allow-Credentials\' \'true\';
add_header \'Access-Control-Allow-Methods\' \'GET, POST, OPTIONS\';
add_header \'Access-Control-Allow-Headers\' \'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\';
}
}


location /st {
proxy_pass https://st;
include proxy.conf;
# 配置html以文件方式打开
if ($request_method = \'POST\') {
add_header \'Access-Control-Allow-Origin\' *;
add_header \'Access-Control-Allow-Credentials\' \'true\';
add_header \'Access-Control-Allow-Methods\' \'GET, POST, OPTIONS\';
add_header \'Access-Control-Allow-Headers\' \'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\';
}
if ($request_method = \'GET\') {
add_header \'Access-Control-Allow-Origin\' *;
add_header \'Access-Control-Allow-Credentials\' \'true\';
add_header \'Access-Control-Allow-Methods\' \'GET, POST, OPTIONS\';
add_header \'Access-Control-Allow-Headers\' \'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\';
}
}

}

server {
listen 80;
server_name localhost XXXX;

charset ISO-88509-1;

location /stwx {
proxy_pass http://stwx;
include proxy.conf;
}

location /nginxstatus {
stub_status on;
access_log on;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

error_page 404 /404.html;
}


server {
listen 80;
server_name localhost shzz.XXXX;

charset ISO-88509-1;

location /switch_stshzz {
proxy_pass http://switch_stshzz;
include proxy.conf;
}

location /nginxstatus {
stub_status on;
access_log on;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

error_page 404 /404.html;
}
server {
listen 8800;
server_name localhost XXXX.206;

return 301 http://XXXX:8089/st;
}
}

 

 

以上是关于nginx的基本使用及配置负载均衡解决前后端分离跨域问题的主要内容,如果未能解决你的问题,请参考以下文章

Nginx 前后端分离及跨域问题

Tomcat学习总结——Tomcat+Nginx集群解决均衡负载及生产环境热部署

Nginx+Tomcat负载均衡及动静分离

nginx配置反向代理解决前后端分离跨域问题

使用Nginx部署前后端分离项目并实现负载均衡

Nginx服务器初学习 ,将之前写的前后端分离案例搭建到Nginx上