nginx的反向代理

Posted 2022-04-19 rdchenxi

proxy 模块ngx_http_proxy_module模块默认编译进nginx里的；通过--without-http_proxy_module禁用

功能：对上游服务使用http/https协议进行反向代理

proxy_pass 指令

Syntax: proxy_pass URL;
Default: —
Context: location, if in location, limit_except

    配置

server 
        listen 8012;
        default_type text/plain;
        return 200 ‘8012 server response.\n $request_uri \n‘;


upstream rrups
        #ip_hash;
        #hash user_$arg_username;
        #server 127.0.0.1:8011;
        server 127.0.0.1:8012;
        #keepalive  32;
        
server 
        set_real_ip_from 192.168.183.4;
        real_ip_recursive on;
        real_ip_header X-Forwarded-For;
        server_name rrups.com;
        error_log rrups_error.log info;
        location /a
                #proxy_pass http://rrups/addurl;
                proxy_pass http://rrups;  # 不在url的测试
                #proxy_method POST;
                proxy_pass_request_headers off;
                #proxy_pass_request_body off;
                proxy_set_body ‘hello world‘;
                proxy_set_header name ‘‘;
                proxy_http_version 1.1;
                proxy_set_header Connection "";
        

　　测试

[[email protected] vhast]# curl  rrups.com/a/bc
8012 server response.
/a/bc 

　　加url的代理

upstream rrups
        #ip_hash;
        #hash user_$arg_username;
        #server 127.0.0.1:8011;
        server 127.0.0.1:8012;
        #keepalive  32;
        
server 
        set_real_ip_from 192.168.183.4;
        real_ip_recursive on;
        real_ip_header X-Forwarded-For;
        server_name rrups.com;
        error_log rrups_error.log info;
        location /a
                proxy_pass http://rrups/addurl;
                #proxy_pass http://rrups;
                #proxy_method POST;
                proxy_pass_request_headers off;
                #proxy_pass_request_body off;
                proxy_set_body ‘hello world‘;
                proxy_set_header name ‘‘;
                proxy_http_version 1.1;
                proxy_set_header Connection "";
        

　　测试

[[email protected] vhast]# curl  rrups.com/a/bc
8012 server response.
/addurl/bc 

　　

proxy 模块生成向上的请求行

Syntax: proxy_method method;
Default: —
Context: http, server, location
Syntax: proxy_http_version 1.0 | 1.1;  #协议
Default: proxy_http_version 1.0; 
Context: http, server, location

proxy 模块生成发往上游的请求头部

Syntax: proxy_set_header field value;  # 修改或者添加一个头部 field是或添加的name value是值
Default: proxy_set_header Host $proxy_host;  #默认会修改
proxy_set_header Connection close;   # 默认会修改
Context: http, server, location
若value的值为空字符，则整个header都不会向上游发送
Syntax: proxy_pass_request_headers on | off;  # 是否把用户请求头部发送到上游；默认是发送的
Default: proxy_pass_request_headers on; 
Context: http, server, location

proxy模块：生成发送上游的包体

Syntax: proxy_pass_request_body on | off;  #是否把用户请求的body发给上游；默认发送
Default: proxy_pass_request_body on; 
Context: http, server, location
Syntax: proxy_set_body value;   # 手动构造body value是字符串
Default: —
Context: http, server, location

　配置

[[email protected] vhast]# cat shangyou.conf 
server 
	listen 8011;
	default_type text/plain;
	return 200 ‘8011 server response.\n‘;


server 
	listen 8012;
	default_type text/plain;
	return 200 ‘8012 server response.
uri: $uri
method: $request_method
requset: $request
http_name: $http_name
\n‘;




upstream rrups
	#ip_hash;
	#hash user_$arg_username;
	#server 127.0.0.1:8011;
	server 127.0.0.1:8012;
	#keepalive  32;
	
server 
	set_real_ip_from 192.168.183.4;
	real_ip_recursive on;
	real_ip_header X-Forwarded-For;
	server_name rrups.com;
	error_log rrups_error.log info;
	location /a
		proxy_pass http://rrups/addurl;
		#proxy_pass http://rrups;
		#proxy_method POST;
		#proxy_pass_request_headers off;
		#proxy_pass_request_body off;
		#proxy_set_body ‘hello world‘;
		#proxy_set_header name ‘‘;
		#proxy_http_version 1.1;
		proxy_set_header Connection "";
	

　　测试

[[email protected] vhast]# curl  -H ‘name: chenxi‘ rrups.com/a/bc
8012 server response.
uri: /addurl/bc
method: GET
requset: GET /addurl/bc HTTP/1.0  #协议1.0
http_name: chenxi

　　配置

[[email protected] vhast]# cat upstream.conf 

upstream rrups
	#ip_hash;
	#hash user_$arg_username;
	#server 127.0.0.1:8011;
	server 127.0.0.1:8012;
	#keepalive  32;
	
server 
	set_real_ip_from 192.168.183.4;
	real_ip_recursive on;
	real_ip_header X-Forwarded-For;
	server_name rrups.com;
	error_log rrups_error.log info;
	location /a
		proxy_pass http://rrups/addurl;
		#proxy_pass http://rrups;
		proxy_method POST;  #方法改为POST
		proxy_pass_request_headers off;  #关闭想后端 传递头部
		#proxy_pass_request_body off;
		#proxy_set_body ‘hello world‘;
		#proxy_set_header name ‘‘;
		proxy_http_version 1.1; #将默认的1.0协议改为1.1协议
		proxy_set_header Connection "";
	

　　测试

[[email protected]n vhast]# curl  -H ‘name: chenxi‘ rrups.com/a/bc
8012 server response.
uri: /addurl/bc
method: POST
requset: POST /addurl/bc HTTP/1.1
http_name: 

　　配置

[[email protected] vhast]# cat upstream.conf 

upstream rrups
	#ip_hash;
	#hash user_$arg_username;
	#server 127.0.0.1:8011;
	server 127.0.0.1:8012;
	#keepalive  32;
	
server 
	set_real_ip_from 192.168.183.4;
	real_ip_recursive on;
	real_ip_header X-Forwarded-For;
	server_name rrups.com;
	error_log rrups_error.log info;
	location /a
		proxy_pass http://rrups/addurl;
		#proxy_pass http://rrups;
		proxy_method POST;
		proxy_pass_request_headers off;
		#proxy_pass_request_body off;
		proxy_set_body ‘hello world‘; 向后端打死hell world的字样
		proxy_set_header name ‘‘;
		proxy_http_version 1.1;
		proxy_set_header Connection "";
	

　　测试

[[email protected] ~]# tcpdump -i lo port 8012 -A -s 0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
20:20:36.987588 IP localhost.39234 > localhost.8012: Flags [S], seq 923812551, win 43690, options [mss 65495,sackOK,TS val 276600255 ecr
E..<[email protected]@.eA.........B.L7.B..........0.........
.|..........
20:20:36.987645 IP localhost.8012 > localhost.39234: Flags [S.], seq 1180445653, ack 923812552, win 43690, options [mss 65495,sackOK,TS 
E..<[email protected]@.<..........L.BF\+.7.B......0.........
.|...|......
20:20:36.987682 IP localhost.39234 > localhost.8012: Flags [.], ack 1, win 342, options [nop,nop,TS val 276600255 ecr 276600255], length
[email protected]@.eH.........B.L7.B.F\+....V.(.....
.|...|..
20:20:36.987864 IP localhost.39234 > localhost.8012: Flags [P.], seq 1:73, ack 1, win 342, options [nop,nop,TS val 276600255 ecr 2766002
E..|[email protected]@.d..........B.L7.B.F\+....V.p.....
.|...|..POST /addurl/bc HTTP/1.1
Host: rrups
Content-Length: 11

hello world   发往上游主机的里有hello world字样
20:20:36.987949 IP localhost.8012 > localhost.39234: Flags [.], ack 73, win 342, options [nop,nop,TS val 276600255 ecr 276600255], lengt
[email protected]@.~X.........L.BF\+.7.C....V.(.....
.|...|..
20:20:36.988297 IP localhost.8012 > localhost.39234: Flags [P.], seq 1:247, ack 73, win 342, options [nop,nop,TS val 276600255 ecr 27660
E..*[email protected]@.a.........L.BF\+.7.C....V.......
.|...|..HTTP/1.1 200 OK
Server: nginx/1.15.9
Date: Fri, 12 Jul 2019 12:20:36 GMT
Content-Type: text/plain
Content-Length: 98
Connection: keep-alive

8012 server response.
uri: /addurl/bc
method: POST
requset: POST /addurl/bc HTTP/1.1
http_name: 


20:20:36.988331 IP localhost.39234 > localhost.8012: Flags [.], ack 247, win 350, options [nop,nop,TS val 276600255 ecr 276600255], leng
E..4.@[email protected]\,....^.(.....
.|...|..
20:20:36.988663 IP localhost.39234 > localhost.8012: Flags [F.], seq 73, ack 247, win 350, options [nop,nop,TS val 276600255 ecr 2766002
E..4.|@[email protected]\,....^.(.....
.|...|..
20:20:36.988889 IP localhost.8012 > localhost.39234: Flags [F.], seq 247, ack 74, win 342, options [nop,nop,TS val 276600256 ecr 2766002
[email protected]@.~V.........L.BF\,.7.C....V.(.....
.|...|..
20:20:36.988915 IP localhost.39234 > localhost.8012: Flags [.], ack 248, win 350, options [nop,nop,TS val 276600256 ecr 276600256], leng
E..4.@[email protected]\,....^.(.....
.|...|..

　　

 

接收客户端请求的包体：是否收完整体在转发，还是边收变转发

Syntax: proxy_request_buffering on | off;
Default: proxy_request_buffering on; 
Context: http, server, location
on: 客户端网速慢；上游服务并发处理能力低，适合高吞吐量场景；表示：收完客户端包体在进行准发
off：更及时得到相应；降低nginx读写磁盘的消耗，一旦开始发送内容proxy_next_upstream 功能：表示：边接受，边转发

　　客户端包体的接收

Syntax: client_body_buffer_size size;
Default: client_body_buffer_size 8k|16k; 
Context: http, server, location
Syntax: client_body_in_single_buffer on | off;
Default: client_body_in_single_buffer off; 
Context: http, server, location



存在包体时接收包体所分配的内存
若接收头部时已经接收完全部包体，则部分配
若剩余待接收包体的长度小于client_body_buffer_size,则仅分配所需大小
分配client_body_in_single_buffer 大小内存接收包体。关闭包体缓存，该内存的内容及时发送给上游；打开包体缓存：该内存用完时，写入临时文件，释放内存

　　设置最大包体限制

Syntax: client_max_body_size size;
Default: client_max_body_size 1m;   最大包体大小默认1M
Context: http, server, location


仅对请求头部中包含有Content-Length 有效超出最大长度后，返回413错误

　　接收用户请求body临时文件路径

Syntax: client_body_temp_path path [level1 [level2 [level3]]];  指定目录
Default: client_body_temp_path client_body_temp; 
Context: http, server, location
Syntax: client_body_in_file_only on | clean | off;  #on用户请求处理完后，还存在本机。clean用户请求完成后就删除；off表示非常小的时候不会存文件里
Default: client_body_in_file_only off; 
Context: http, server, location

　　读取包体的超时时间；超时后包403错误

Syntax: client_body_timeout time;
Default: client_body_timeout 60s; 
Context: http, server, location