NGINX一键安装包
背景:
公司内网的服务需要映射到互联网上,但是多个Tomcat存在关联关系,所以要增加第三方模块:ngx_more_set_headers 和 ngx_http_substitutions_filter_module 模块,实现URL的替换,进而实现跨越防火墙访问内网的应用。nginx反向代理功能,将用户的请求进行转发,对外暴露代理服务的IP,隐藏了应用的真实IP,提高了安全性。
拓扑图
配置文件
[root@docker-slave-79101 example]# pwd
/usr/local/nginx/conf/example
[root@docker-slave-79101 example]# ll
total 8
-rw-r--r--. 1 root root 2265 Aug 5 00:14 nginx.conf
-rw-r--r--. 1 root root 206 Aug 5 00:14 replace.txt
[root@docker-slave-79101 example]# cat nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 120;
proxy_connect_timeout 100;
proxy_send_timeout 500;
proxy_read_timeout 400;
proxy_buffer_size 2k;
gzip on;
#gzip on;
map $sent_http_location $location1{
~/docs([\S]+$) http://220.13.43.11x.10:9090/docs$1;
default http://220.13.43.11x.10:9090/aaaaa/$1_$sent_http_location;
}
map $sent_http_location $location2{
~/docs([\S]+$) http://220.13.43.11x.10:9092/docs$1;
default http://220.13.43.11x.10:9090/aaaaa/$1_$sent_http_location;
}
map $sent_http_location $location3{
~/docs([\S]+$) http://220.13.43.11x.10:9093/docs$1;
default http://220.13.43.11x.10:9090/aaaaa/$1_$sent_http_location;
}
map $http_upgrade $connection_upgrade{
default upgrade;
'' close;
}
server {
listen 9090;
server_name localhost;
proxy_intercept_errors on;
recursive_error_pages on;
location /handsome/ {
proxy_pass http://192.168.1.100:8080;
more_set_headers -s '302' "Location: $location1";
more_set_headers "DEBUGX: $sent_http_location";
include replace.txt;
}
location /light {
proxy_pass http://192.168.1.200:6644;
more_set_headers -s '302' "Location: $location2";
include replace2.txt;
}
}
server {
listen 9443;
server_name localhost;
proxy_intercept_errors on;
recursive_error_pages on;
location / {
proxy_pass http://192.168.50.26:1001;
more_set_headers -s '302' "Location: $location3";
include replace3.txt;
}
}
}
[root@docker-slave-79101 example]# cat replace.txt
sub_filter 'http://192.168.1.100:/hadsome' 'http://220.13.43.11x.10:9090/handsome';
sub_filter 'http://192.168.1.200:/light' 'http://220.13.43.11x.10:9090/light';
sub_filter_types *;
sub_filter_once off;
说明:1是客户端发起请求数据流,2是返回数据的流程