Preface
In web development and deployment, we often need to use Nginx to implement interface proxy and static resource proxy to solve cross-domain, unified entry, permission control or performance optimization problems. This guide will provide a comprehensive introduction to the implementation methods of Nginx resource proxy and interface proxy, and will deeply analyze the differences and best practices of proxy_set_header Host configuration.
In modern architectures with separation of front and back ends, front-end pages often need to access back-end services with multiple different domain names, or reference external static resources. If requested directly, cross-domain problems will arise or are inconvenient for unified management. At this point, implementing a proxy using Nginx is an elegant solution.
1. The difference between resource agent and interface agent
| project | Resource Agent (static file) | Interface proxy (API interface) |
|---|---|---|
| Target | Static files (such as JS, CSS, pictures, etc.) | Backend interfaces (such as JSON API) |
| Common Scenes | Load third-party resources, mirror remote CDN, local unified management of third-party scripts, etc. | Cross-domain interface access, unified interface path, API aggregation, etc. |
| Request method | GET | GET, POST, PUT, DELETE and other methods |
| Common configuration focus |
proxy_pass, cache policy, MIME type |
proxy_pass, request header settings (such as Host, Authorization), etc. |
| type | Example URL | Function description |
|---|---|---|
| Resource Agent | /proxy/res/plugin/editor/ |
Forward the static resource requested by the front-end to an external server |
| Interface Agent | /api/user/info |
Forward the requested interface to the specified backend service |
2. Examples of application scenarios
-
Resource Agent Scenario:
Front-end projects need to introduce third-party editor plug-ins, such as from
JS/CSS file. However, for homologous strategy or filing reasons, I hope to transfer through Nginx. -
Interface proxy scenario:
Front-end call
/api/user/infoThe actual request should be forwarded to/user/info, avoid cross-domain issues or hiding the real backend address.
3. Resource Agent Configuration
-
Sample Target
Will request:
/proxy/res/plugin/editor/
- Agent to:
/res/plugin/editor/
- Nginx configuration example
server {
listen 443 ssl;
server_name ;
ssl_certificate /etc/nginx/ssl/;
ssl_certificate_key /etc/nginx/ssl/;
location /proxy/res/plugin/editor/ {
proxy_pass /res/plugin/editor/;
proxy_set_header Host ; # Stay consistent with the target and avoid some resource verification failures proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Note: / is retained at the end of proxy_pass to ensure that the path is spliced correctly.
4. Interface proxy configuration
-
Sample Target
Will request:
/api/user/info
- Agent to:
/user/info
- Nginx configuration example
location /api/ {
proxy_pass /;
proxy_set_header Host $host; # Keep the front-end original Host header for permission verification or log tracking proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
Note: If proxy_pass is followed by /, the matching path will be directly cut off /api/, thereby /api/user/info → /user/info.
5. Description of the settings difference of proxy_set_header Host
| Setting form | Description and applicable scenarios |
|---|---|
proxy_set_header Host $host; |
Forward the Host in the client request as is, suitable for interface proxy and reserve access domain names. |
proxy_set_header Host ; |
Forced to set Host as the target server, which is suitable for resource agents and target servers to strictly verify domain names. |
6. Troubleshooting of FAQs
-
Resource cannot load, return 403/404?
Is the proxy_pass written incorrectly? Is / missing at the end?
Does the target resource server verify Host? Try proxy_set_header Host xxx.
Is the URL splicing correct? You can check locally via curl -v.
-
Cross-domain problem (CORS)?
Nginx is not a universal solution and requires the target service to support CORS;
If the target backend is uncontrollable, Nginx can add response headers:
location /api/ {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
add_header Access-Control-Allow-Headers *;
proxy_pass /;
}
Note: It is recommended to use whitelists in production environments to avoid access to any source.
7. Safety suggestions and optimization
- Limited access sources
allow 10.0.0.0/8; deny all;
- Turn on cache to improve performance (resource proxy)
proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=res_cache:10m inactive=1h max_size=1g;
location /proxy/res/ {
proxy_cache res_cache;
proxy_pass /res/;
}
Unified interface prefix managementuse
/api/Route prefix divides interfaces to avoid front-end and back-end path conflicts.
8. Summary
| Scene | proxy_pass writing | Host Settings Recommendations |
|---|---|---|
| Static resource agent | proxy_pass https://xxx/Resource path/ |
proxy_set_header Host Specific domain name |
| Interface Agent | proxy_pass http://xxx/ |
proxy_set_header Host $host |
The above is the detailed content of the implementation method of using Nginx to implement resource proxy and interface proxy. For more information about Nginx resource proxy and interface proxy, please pay attention to my other related articles!