Nginx反向代理Web容器的配置指南

基本反向代理配置

以下是一个基本的Nginx反向代理配置示例，将请求代理到后端Web容器（如Tomcat、Jetty等）：

server {
    listen 80;
    server_name example.com;

    location / {
        proxy_pass http://localhost:8080;  # 后端Web容器地址
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

高级配置选项

1. WebSocket支持

location /ws/ {
    proxy_pass http://backend;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 86400;
}

2. SSL/TLS终止

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
    }
}

3. 负载均衡

upstream backend {
    server backend1.example.com:8080;
    server backend2.example.com:8080;
    server backend3.example.com:8080;

    # 负载均衡策略
    # least_conn;  # 最少连接
    # ip_hash;    # IP哈希
}

server {
    location / {
        proxy_pass http://backend;
        # 其他代理设置...
    }
}

4. 缓存配置

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=60m;

server {
    location / {
        proxy_cache my_cache;
        proxy_cache_valid 200 302 10m;
        proxy_cache_valid 404 1m;
        proxy_pass http://backend;
    }
}

常见Web容器特定配置

1. Tomcat配置

location / {
    proxy_pass http://localhost:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    # Tomcat可能需要这些头部
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-Port $server_port;
}

2. Jetty配置

location / {
    proxy_pass http://localhost:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    # Jetty可能需要这些配置
    proxy_redirect off;
    proxy_buffering off;
}

性能优化配置

location / {
    proxy_pass http://backend;

    # 缓冲区优化
    proxy_buffers 16 32k;
    proxy_buffer_size 64k;
    proxy_busy_buffers_size 128k;

    # 超时设置
    proxy_connect_timeout 90;
    proxy_send_timeout 90;
    proxy_read_timeout 90;

    # 其他优化
    proxy_http_version 1.1;
    proxy_set_header Connection "";
}

调试与日志

# 在http块中添加
log_format proxy_log '$remote_addr - $remote_user [$time_local] '
                     '"$request" $status $body_bytes_sent '
                     '"$http_referer" "$http_user_agent" '
                     '$upstream_addr $upstream_status $upstream_response_time';

access_log /var/log/nginx/proxy_access.log proxy_log;

# 在server或location块中添加
proxy_intercept_errors on;
error_page 500 502 503 504 /50x.html;

注意事项

1. 确保后端Web容器配置为信任Nginx的IP地址
2. 根据应用需求调整缓冲区大小和超时设置
3. 对于敏感应用，考虑添加额外的安全头部
4. 定期检查Nginx和后端容器的日志
5. 在生产环境部署前进行充分的测试

以上配置可以根据您的具体需求进行调整和组合使用。