1. Preface
NginxReverse proxy is a technology that forwards client requests to a backend server, mainly used for load balancing, improving security and improving performance. Unlike forward proxy, reverse proxy hides the real address of the backend server, and when the client interacts with it, only knows the address of the reverse proxy server.
2. Working principle of Nginx reverse proxy
When the client sends a request to the reverse proxy server, Nginx receives these requests and forwards the request to the real server on the backend according to the configuration. Nginx can distribute multiple requests to multiple backend servers, thereby achieving load balancing and improving the system's concurrent processing capabilities and availability. Common load balancing algorithms include polling, IP hashing, minimum connection, etc.
3. The main functions of Nginx reverse proxy
-
Load balancing:
NginxLoad balancing can be achieved through reverse proxy, and requests can be distributed to multiple backend servers, thereby improving the system's concurrency processing capabilities and availability. -
Cache acceleration:
NginxIt can cache static resources or dynamic pages, reduce the load on the backend server and improve the response speed. By setting parameters such as cache time and cache rules, you can flexibly control the cache strategy. - SSL terminal:
NginxCan be used asSSLTerminal, receiveHTTPSRequest and makeSSL/TLSDecrypt, and then forward the decrypted request to the backend server, reducing the burden on the backend server and improving security and performance. -
Safe filtering:
NginxSecurity filtering functions can be implemented through reverse proxy, such as preventing malicious requests,DDoSAttack,SQLInjection, etc. The security of the system can be improved by configuring access control rules and limiting request frequency.
4. Configuration and usage scenarios of Nginx reverse proxy
NginxThe reverse proxy function is configured through a configuration file, which includes global configuration, http configuration andserverIn the configuration and other parts, you can set up listening ports, proxy rules, cache configuration, load balancing policies, etc.NginxIt has high performance characteristics and adopts an asynchronous non-blocking event-driven model, which can handle a large number of concurrent connections and has low memory consumption, making it suitable for use in resource-limited environments.
5. Practical configuration
Website usagenginxAs a server, the protocol is fromhttpUpgraded tohttpsThings to note.
5.1 First, modify the pagoda panel configuration
Select the configuration file,httpRequest redirection ashttps. all80All port requests are redirected tohttpsask.
# server represents one of nginx serversserver
{
listen 80; # listen means listening port number 80 (http) listen 443 ssl http2; # Indicates listening to port number 443 (https) server_name ipaddress; # server_name represents the server name, and now matches 3 at the same time index ; # Match/www/wwwroot/abc/ root /www/wwwroot/abc; # abc represents the path, the starting position of the website is /www/wwwroot/abc
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){ # If the port number is not equal to 443, then rewrite the url to https://current host/all paths after it and redirect permanently (permanent) rewrite ^(/.*)$ https://$host$1 permanent;
}
5.2 Next configure the proxy server
# proxy server image server api location /api/ {
# When accessing https://ip|domain/api/... through proxy, proxy to http://your ip or domain name:3004/api/... proxy_pass http://your ip or domain name:3004; # Note that `http://your ip or domain name:3004` does not add `/` at the end, so `/api/` will be added to the back of 3004. proxy_redirect off; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Proxy Music Server API # /musicapi/, the following / must be added, otherwise the proxy service will not be successful location /musicapi/ {
# Visit https://your IP or domain name/musicapi/... # Proxy to http://your IP or domain name:3005/..., including /musicapi proxy_pass http://your IP or domain name:3005/; # `/` is added at the end of this, and `/musicapi/` will not be added after the port number proxy_redirect off; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
5.3 After completing all the above configurations
httpWebsite upgrade tohttpsWebsite, browser can access the website normally, website requestedapiInterface, need tohttp://ip| Domain name:3005/lyric?id=32507038Modify tohttp(s): http(s): //ip|Domain name/musicapi/lyric?id=32507038. The process here is to turn the original requested:3005use/musicapiReplace it, and then the browser sends it and redirects it tohttpsThe request at the beginning, thennginxI found that your request contains/musicapi, forward your request to the matching onehttp://youripOr domain name:3005/server.
5.4 Finally, add it in the original file
# Upgrade http link to https<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />
5.5 Or if you can operate the server, you can also add it in nginx configuration
server
{
listen 80;
listen 443 ssl http2;
......
#Upgrade can be upgraded to https connection, compatible with http add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";
}
The above is the detailed content of Nginx configuring a reverse proxy server to request http resources on the https website. For more information about Nginx configuring a reverse proxy server, please pay attention to my other related articles!