反向代理是Nginx最常用的功能之一,它允许Nginx接收客户端请求并将其转发到后端服务器,然后将响应返回给客户端。以下是详细的配置方法:
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend_server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
proxy_pass - 指定后端服务器的地址
proxy_pass http://localhost:8080;常用proxy_set_header指令:
Host $host - 保留原始请求的主机头X-Real-IP $remote_addr - 传递客户端真实IPX-Forwarded-For $proxy_add_x_forwarded_for - 记录请求链其他常用代理指令:
proxy_redirect off; # 关闭重定向
proxy_http_version 1.1; # 使用HTTP/1.1协议
proxy_set_header Connection ""; # 清除连接头
proxy_read_timeout 60s; # 读取超时时间
proxy_connect_timeout 60s; # 连接超时时间
proxy_send_timeout 60s; # 发送超时时间
使用upstream模块实现多后端服务器的负载均衡:
upstream backend {
server backend1.example.com weight=5;
server backend2.example.com;
server backend3.example.com backup;
# 负载均衡策略
# least_conn; # 最少连接
# ip_hash; # IP哈希
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend;
include proxy_params; # 可以包含通用代理配置
}
}
Nginx可以处理SSL/TLS加密,然后以明文与后端通信:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location / {
proxy_pass http://backend_server;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
代理WebSocket连接需要特殊配置:
location /ws/ {
proxy_pass http://websocket_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400; # 长连接超时
}
502 Bad Gateway错误:
proxy_connect_timeout值413 Request Entity Too Large:
client_max_body_size 100M; 到server或http块保持客户端真实IP:
X-Real-IP和X-Forwarded-For头proxy_params)中,通过include引用location块proxy_hide_header隐藏不必要的信息proxy_cache缓存静态内容以上配置可以根据实际需求进行调整和组合使用。