nginx使用stream配置代理

yingyuehuixing

于 2024-04-29 14:28:57 发布

阅读量618

点赞数 1

文章标签： nginx 运维

本文链接：https://blog.csdn.net/yingyuehuixing/article/details/138312034

版权

某些系统中需要设置用户为root才可以运行nginx

user  root;
worker_processes  1;

安装nginx是添加配置

--with-http_stub_status_module --with-http_ssl_module  --with-stream --with-http_realip_module --with-stream_ssl_preread_module

stream配置

stream {
    # http配置和访问路径
	upstream web_http {
		server 127.0.0.1:4700;
	}
    # https配置和访问路径
	upstream web_https {
		server 127.0.0.1:4600;
	}
    # ssl配置和tls协议配置
	map $ssl_preread_protocol $upstream {
		default web_http;
		"TLSv1.2" web_https;
		"TLSv1.3" web_https;
	}

	# 监听端口和相关配置
	server {
		listen 0.0.0.0:6300;
		proxy_pass $upstream;
        # ip地址获取
		proxy_protocol on;
        # 协议检测和访问控制
		ssl_preread on;
	}
}

http和https配置

http {
	include       mime.types;
	default_type  application/octet-stream;

	log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
					    '$status $body_bytes_sent "$http_referer" '
						'"$http_user_agent" "$http_x_forwarded_for"';

	access_log  logs/access.log  main;
	limit_conn_zone $binary_remote_addr zone=one:500m;

	sendfile        on;
	keepalive_timeout  65;

	client_header_timeout 180; 
	client_body_timeout 180; 
	client_max_body_size 5000M;

	server_tokens off;
	include conf/*.conf;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

	server{
		listen       4600 ssl proxy_protocol;
		server_name  localhost;

		ssl_certificate      server.crt;
		ssl_certificate_key  server.key;
        
		ssl_session_cache    shared:SSL:1m;
		ssl_session_timeout  5m;

		ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_prefer_server_ciphers  on;
           
		set_real_ip_from 127.0.0.1;
		set_real_ip_from 192.168.44.158;
		real_ip_header proxy_protocol;

		charset utf-8;
		proxy_connect_timeout 180;
		proxy_send_timeout 180;
		proxy_read_timeout 180;

        proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		error_page 404 /404.html;
		location = /404.html {
            root   html;
		}		
		location  / {
			proxy_pass http://127.0.0.1:9500;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection "upgrade";
			proxy_set_header Host $host;
		}
	}

	server {
        listen       4700 proxy_protocol;
	    server_name  localhost;
        
	    set_real_ip_from 127.0.0.1;
		real_ip_header proxy_protocol;

		charset utf-8;
		proxy_connect_timeout 180;
		proxy_send_timeout 180;
		proxy_read_timeout 180;

        proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		error_page 404 /404.html;
		location = /404.html {
			root   html;
		}
		location  / {
			proxy_pass http://127.0.0.1:9500;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection "upgrade";
			proxy_set_header Host $host;
		}
	} 

	server {
        listen       9500 ;
	    server_name  localhost;

	    set_real_ip_from 127.0.0.1;
		real_ip_header proxy_protocol;

		proxy_connect_timeout 180;
		proxy_send_timeout 180;
		proxy_read_timeout 180;

		root html;

		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		
        # 接口代理
		location /api {
			proxy_pass http://127.0.0.1:6201/api;
			proxy_http_version 1.1;
            proxy_connect_timeout 14s;                
            proxy_read_timeout 60s;
            proxy_send_timeout 12s;
			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection "upgrade";
		}
        # 文件访问代理
        location /file/api {
			proxy_pass http://127.0.0.1:9000/api;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection "upgrade";
		}
        # vue代理
		location /vue {
			try_files $uri $uri /vue/index.html;
			index  vue/index.html vue/index.htm;
		}
        
    }
}

整体conf配置

user  root;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}

stream {
    # http配置和访问路径
	upstream web_http {
		server 127.0.0.1:4700;
	}
    # https配置和访问路径
	upstream web_https {
		server 127.0.0.1:4600;
	}
    # ssl配置和tls协议配置
	map $ssl_preread_protocol $upstream {
		default web_http;
		"TLSv1.2" web_https;
		"TLSv1.3" web_https;
	}

	# 监听端口和相关配置
	server {
		listen 0.0.0.0:6300;
		proxy_pass $upstream;
        # ip地址获取
		proxy_protocol on;
        # 协议检测和访问控制
		ssl_preread on;
	}
}

http {
	include       mime.types;
	default_type  application/octet-stream;

	log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
					    '$status $body_bytes_sent "$http_referer" '
						'"$http_user_agent" "$http_x_forwarded_for"';

	access_log  logs/access.log  main;
	limit_conn_zone $binary_remote_addr zone=one:500m;

	sendfile        on;
	keepalive_timeout  65;

	client_header_timeout 180; 
	client_body_timeout 180; 
	client_max_body_size 5000M;

	server_tokens off;
	include conf/*.conf;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

	server{
		listen       4600 ssl proxy_protocol;
		server_name  localhost;

		ssl_certificate      server.crt;
		ssl_certificate_key  server.key;
        
		ssl_session_cache    shared:SSL:1m;
		ssl_session_timeout  5m;

		ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_prefer_server_ciphers  on;
           
		set_real_ip_from 127.0.0.1;
		set_real_ip_from 192.168.44.158;
		real_ip_header proxy_protocol;

		charset utf-8;
		proxy_connect_timeout 180;
		proxy_send_timeout 180;
		proxy_read_timeout 180;

        proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		error_page 404 /404.html;
		location = /404.html {
            root   html;
		}		
		location  / {
			proxy_pass http://127.0.0.1:9500;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection "upgrade";
			proxy_set_header Host $host;
		}
	}

	server {
        listen       4700 proxy_protocol;
	    server_name  localhost;
        
	    set_real_ip_from 127.0.0.1;
		real_ip_header proxy_protocol;

		charset utf-8;
		proxy_connect_timeout 180;
		proxy_send_timeout 180;
		proxy_read_timeout 180;

        proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		error_page 404 /404.html;
		location = /404.html {
			root   html;
		}
		location  / {
			proxy_pass http://127.0.0.1:9500;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection "upgrade";
			proxy_set_header Host $host;
		}
	} 

	server {
        listen       9500 ;
	    server_name  localhost;

	    set_real_ip_from 127.0.0.1;
		real_ip_header proxy_protocol;

		proxy_connect_timeout 180;
		proxy_send_timeout 180;
		proxy_read_timeout 180;

		root html;

		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		
        # 接口代理
		location /api {
			proxy_pass http://127.0.0.1:6201/api;
			proxy_http_version 1.1;
            proxy_connect_timeout 14s;                
            proxy_read_timeout 60s;
            proxy_send_timeout 12s;
			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection "upgrade";
		}
        # 文件访问代理
        location /file/api {
			proxy_pass http://127.0.0.1:9000/api;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection "upgrade";
		}
        # vue代理
		location /vue {
			try_files $uri $uri /vue/index.html;
			index  vue/index.html vue/index.htm;
		}
        
    }
}