反向代理是Nginx最常用的功能之一,它可以将客户端的请求转发到后端服务器,并将响应返回给客户端。以下是配置Nginx作为反向代理的详细步骤:
安装Nginx
# Ubuntu/Debian
sudo apt update
sudo apt install nginx
# CentOS/RHEL
sudo yum install epel-release
sudo yum install nginx
基本配置示例
在/etc/nginx/conf.d/或/etc/nginx/sites-available/中创建配置文件:
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend_server_ip:backend_port;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
传递原始客户端信息
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
缓冲和超时设置
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 24k;
proxy_max_temp_file_size 2048m;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
WebSocket支持
location /ws/ {
proxy_pass http://backend_server;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
负载均衡
upstream backend {
server backend1.example.com weight=5;
server backend2.example.com;
server backend3.example.com backup;
}
server {
location / {
proxy_pass http://backend;
}
}
SSL终止
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location / {
proxy_pass http://backend_server;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
}
}
路径重写
location /api/ {
proxy_pass http://backend_server/newapi/;
rewrite ^/api/(.*)$ /newapi/$1 break;
}
测试配置
sudo nginx -t
重新加载配置
sudo systemctl reload nginx
# 或
sudo service nginx reload
502 Bad Gateway错误
性能问题
日志查看
tail -f /var/log/nginx/error.log
tail -f /var/log/nginx/access.log
通过以上配置,您可以灵活地使用Nginx作为反向代理服务器,实现负载均衡、SSL终止、请求转发等多种功能。