首先启动两个Nginx,一个作为本地资源的服务器,一个做方向代理服务器
本地资源服务器配置文件
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 1;
gzip_comp_level 2;
gzip_types text/plain text/css;
server {
listen 8080;
server_name geek.nginx.test;
location / {
alias static/;
autoindex on;
#set $limit_rate 1k;
access_log logs/access-5674.log main;
#index index.html index.htm;
}
}
}
反向代理服务器配置文件
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 1;
gzip_comp_level 2;
gzip_types text/plain text/css;
upstream local {
server 127.0.0.01:8080; # 127.0.0.1代表只有本机的进程才能访问8080端口
}
server {
listen 5674;
server_name geek.nginx.test;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://local; # 反向代理指向的服务地址
}
}
}
经过上面的配置之后,访问http://geek.nginx.test:5674实际访问的是Nginx服务器的8080端口。这里要注意的是,如果操作过程中涉及修改nginx.conf中listen的端口,修改后要先执行nginx -s stop关闭对原有端口的监听。
proxy_set_header的作用是在反向代理服务器的Nginx配置文件中手动获取应用客户端的真实信息并通过proxy_set_header填充到header中,再传递给上游服务器,使得上游服务器能拿到真实应用客户端的访问信息,防止上游服务器拿到的是反向代理服务器的访问信息。
PS:上游服务器指的是上述例子中的静态资源服务器
这些$变量都可以在官网中的http_proxy_module中找到
反向代理缓存,通常会在处理静态资源时开启
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 1;
gzip_comp_level 2;
gzip_types text/plain text/css;
upstream local {
server 127.0.0.01:8080; # 127.0.0.1代表只有本机的进程才能访问8080端口
}
proxy_cache_path /tmp/nginxcache levels=1:2 keys_zone=my_cache:10m max_size=1g inactive=60m use_temp_path=off; # proxy_cache_path标识缓存配置,包含目录,大小,有效时间等
server {
listen 5674;
server_name geek.nginx.test;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache my_cache; # my_cache指向proxy_cache_path里面的keys_zone
proxy_cache_key $host$uri$is_args$args;# cache中的缓存key
proxy_cache_valid 200 304 302 1d; # 特定状态的缓存失效时间配置
proxy_pass http://local; # 反向代理指向的服务地址
}
}
}
配置之后的验证方法,停掉静态资源服务器
[root@iZwz909hymnzdmjfuoflygZ sbin]# ./nginx -s stop
[root@iZwz909hymnzdmjfuoflygZ sbin]# ps -ef | grep nginx
root 25862 1 0 10:38 ? 00:00:00 nginx: master process ./nginx
nobody 26005 25862 0 11:22 ? 00:00:00 nginx: worker process
nobody 26006 25862 0 11:22 ? 00:00:00 nginx: cache manager process
root 26029 20485 0 11:24 pts/0 00:00:00 grep --color=auto nginx
访问刚刚的反向代理服务器,依旧能够访问到刚刚的页面,代表缓存起作用了。