一次简单的Nginx反向代理测试记录(windows平台,Linux差不多安装nginx可以使用yum、apt…)
1、目的
使用nginx做个反向代理,同时代理https、http协议
2、安装基本软件
1)安装nginx并注册到windows服务
官网下载nginx解压;下载winsw软件到nginx解压目录
winsw.exe同目录中新建文件winsw.xml注意同名“winsw”
winsw.xml配置如下:
<?xml version="1.0" encoding="UTF-8" ?>
<service>
<id>nginx</id>
<name>nginx</name>
<description>nginx</description>
<executable>D:\nginx\nginx.exe</executable>
<logpath>D:\nginx\</logpath>
<logmode>roll</logmode>
<depend></depend>
<startargument>-p D:\nginx</startargument>
<stopargument>-p D:\nginx -s stop</stopargument>
</service>
2)在windows上安装openssl不再说明,说一下生成证书需要注意的
openssl genrsa -des3 -out kingredfly.key 1024
openssl req -new -key kingredfly.key -out lee.csr
copy kingredfly.key kingredfly.key.org
openssl rsa -in kingredfly.key.org -out kingredfly.key
openssl x509 -req -days 365 -in lee.csr -signkey kingredfly.key -out kingredfly.crt
*其中注意一下第2个命令,执行过程中有个Common Name填写代理服务器IP或者域名
*最好把openssl加入环境变量(没测试不加情况)
2、nginx配置文件如下
#user nobody;
worker_processes 1;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
server {
listen 888;
server_name 192.168.199.211;
ssl on;
ssl_certificate D:/nginx/kingredfly.crt;
ssl_certificate_key D:/nginx/kingredfly.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /BD/ {
proxy_pass https://www.baidu.com/;
proxy_set_header Host www.baidu.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /SP/ {
proxy_pass https://www.sina.com.cn/;
proxy_set_header Host www.sina.com.cn;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 88;
server_name 192.168.199.211;
location /BY/ {
proxy_pass http://cn.bing.com/;
proxy_set_header Host cn.bing.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
3、nginx配置文件需注意
1)ssl on 开启ssl
2) ssl_certificate D:/nginx/kingredfly.crt; ssl_certificate_key D:/nginx/kingredfly.key;添加证书私钥路径
3)proxy_pass http://cn.bing.com/; proxy_set_header Host cn.bing.com; 其中proxy_set_header Host后的可以写死域名,这个地方配置问题好像会导致访问报40x 错误,搞一下
4)如location /BY/,一个Server中可以搞多个,这样一个IP或者域名后面加上这个可以代理多个子服务
5)https和http的server分开写
6)windows(win10)上还遇到了这种情况
D:/nginx/kingredfly.key;路径中”\”和“/”有区别
7)proxy_set_header X-Real-IP
remote a ddr;proxy s et h eaderREMOTE−HOST
remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
可以转发远程服务器和客户端真是IP