歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux基礎 >> 關於Linux

CentOS7下搭建nginx反向代理服務器使得外網可以二級域名訪問內網應用

創建nginx的本地yum源

[root@localhost ~]# yum list |grep nginx

No package nginx available.

[root@localhost ~]# //給跪了,什麼鬼,怎麼沒有nginx的rpm?算了,直接自己手動配一個官網repo吧

[root@localhost ~]# //訪問nginx官網,進入dowload頁面,翻到底部的Pre-Build Package,選stable version

---------------------------

To set up the yum repository for RHEL/CentOS, create the file named /etc/yum.repos.d/nginx.repo with the following contents:

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/OS/OSRELEASE/$basearch/

gpgcheck=0

enabled=1

Replace “OS” with “rhel” or “centos”, depending on the distribution used, and “OSRELEASE” with “5”, “6”, or “7”, for 5.x, 6.x, or 7.x versions, respectively.

---------------------------

[root@localhost ~]#

[root@localhost ~]# //大意就是:創建/etc/yum.repos.d/nginx.repo文件,貼入模板內容,替換相應的系統和軟件版本號

[root@localhost ~]#

[root@localhost ~]# cd /etc/yum.repos.d

[root@localhost yum.repos.d]# vi nginx.repo

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/centos/7/$basearch/

gpgcheck=0

enabled=1

:wq

以yum方式安裝nginx

[root@localhost yum.repos.d]# yum list |grep nginx

nginx.x86_64 1:1.10.0-1.el7.ngx nginx

nginx-debug.x86_64 1:1.8.0-1.el7.ngx nginx

nginx-debuginfo.x86_64 1:1.10.0-1.el7.ngx nginx

nginx-module-geoip.x86_64 1:1.10.0-1.el7.ngx nginx

nginx-module-image-filter.x86_64 1:1.10.0-1.el7.ngx nginx

nginx-module-njs.x86_64 1:1.10.0.0.0.20160414.1c50334fbea6-1.el7.ngx

nginx

nginx-module-perl.x86_64 1:1.10.0-1.el7.ngx nginx

nginx-module-xslt.x86_64 1:1.10.0-1.el7.ngx nginx

nginx-nr-agent.noarch 2.0.0-9.el7.ngx nginx

pcp-pmda-nginx.x86_64 3.10.6-2.el7 base

[root@localhost yum.repos.d]# yum install nginx.x86_64

Loaded plugins: fastestmirror, langpacks

Loading mirror speeds from cached hostfile

* rpmforge: mirrors.neusoft.edu.cn

Resolving Dependencies

--> Running transaction check

---> Package nginx.x86_64 1:1.10.0-1.el7.ngx will be installed

--> Finished Dependency Resolution

Dependencies Resolved

####################################################################################

Package Arch Version Repository Size

####################################################################################

Installing:

nginx x86_64 1:1.10.0-1.el7.ngx nginx 640 k

Transaction Summary

####################################################################################

Install 1 Package

Total download size: 640 k

Installed size: 2.1 M

Is this ok [y/d/N]: y

Downloading packages:

nginx-1.10.0-1.el7.ngx.x86_64.rpm | 640 kB 00:00:18

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : 1:nginx-1.10.0-1.el7.ngx.x86_64 1/1

----------------------------------------------------------------------

Thanks for using nginx!

Please find the official documentation for nginx here:

* http://nginx.org/en/docs/

Commercial subscriptions for nginx are available on:

* http://nginx.com/products/

----------------------------------------------------------------------

Verifying : 1:nginx-1.10.0-1.el7.ngx.x86_64 1/1

Installed:

nginx.x86_64 1:1.10.0-1.el7.ngx

Complete!

[root@localhost yum.repos.d]# nginx -v

nginx version: nginx/1.10.0

[root@localhost yum.repos.d]# service nginx start

Redirecting to /bin/systemctl start nginx.service

● nginx.service - nginx - high performance web server

Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)

Active: active (running) since Tue 2016-05-10 10:19:20 CST; 3s ago

Docs: http://nginx.org/en/docs/

Process: 29730 ExecStart#/usr/sbin/nginx -c /etc/nginx/nginx.conf (code#exited, status#0/SUCCESS)

Process: 29729 ExecStartPre#/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code#exited, status#0/SUCCESS)

Main PID: 29733 (nginx)

CGroup: /system.slice/nginx.service

├─29733 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf

└─29734 nginx: worker process

May 10 10:19:20 localhost systemd[1]: Starting nginx - high performance web server...

May 10 10:19:20 localhost nginx[29729]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

May 10 10:19:20 localhost nginx[29729]: nginx: configuration file /etc/nginx/nginx.conf test is successful

May 10 10:19:20 localhost systemd[1]: Failed to read PID from file /run/nginx.pid: Invalid argument

May 10 10:19:20 localhost systemd[1]: Started nginx - high performance web server.

[root@localhost yum.repos.d]# curl localhost //或者打開浏覽器訪問http://localhost/

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.

Commercial support is available at nginx.com.

Thank you for using nginx.

ok安裝好了,下面就是配置的事情

配置nginx為反向代理服務器

設置nginx開機自啟動

[root@localhost yum.repos.d]# cd /etc/nginx

[root@localhost nginx]# chkconfig nginx on

Note: Forwarding request to 'systemctl enable nginx.service'.

Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

設置nginx的反向代理規則

[root@localhost nginx]# vi nginx.conf

user nginx;

worker_processes 1;

error_log /var/log/nginx/error.log warn;

pid /var/run/nginx.pid;

events {

worker_connections 1024;

}

http {

include /etc/nginx/mime.types;

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;

#tcp_nopush on;

keepalive_timeout 65;

gzip on;

#modify@2016-05-10 11:30

include /etc/nginx/conf.d/reverse-proxy.conf;

client_max_body_size 50m; #緩沖區代理緩沖用戶端請求的最大字節數,可以理解為保存到本地再傳給用戶

client_body_buffer_size 256k;

client_header_timeout 3m;

client_body_timeout 3m;

send_timeout 3m;

proxy_connect_timeout 300s; #nginx跟後端服務器連接超時時間(代理連接超時)

proxy_read_timeout 300s; #連接成功後,後端服務器響應時間(代理接收超時)

proxy_send_timeout 300s;

proxy_buffer_size 64k; #設置代理服務器(nginx)保存用戶頭信息的緩沖區大小

proxy_buffers 4 32k; #proxy_buffers緩沖區,網頁平均在32k以下的話,這樣設置

proxy_busy_buffers_size 64k; #高負荷下緩沖大小(proxy_buffers*2)

proxy_temp_file_write_size 64k; #設定緩存文件夾大小,大於這個值,將從upstream服務器傳遞請求,而不緩沖到磁盤

proxy_ignore_client_abort on; #不允許代理端主動關閉連接

server {

listen 80;

server_name localhost;

location / {

root html;

index index.html index.htm;

}

error_page 500 502 503 504 /50x.html;

location # /50x.html {

root html;

}

}

#modification is done!

}

:wq

[root@localhost nginx]# cd conf.d/

[root@localhost conf.d]# vi reverse-proxy.conf

## wiki.myweb.org -> http://10.1.1.230:8013

server

{

listen 80;

server_name wiki.myweb.org;

location / {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://10.1.1.230:8013;

}

access_log /var/log/nginx/wiki_access.log;

}

## zentao.myweb.org/zentao -> http://10.1.1.240:49017/zentao

server

{

listen 80;

server_name zentao.myweb.org;

location / {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://10.1.1.240:49017;

}

access_log /var/log/nginx/zentao_access.log;

}

## trac.myweb.org -> http://10.1.1.240:8000/

server

{

listen 80;

server_name trac.myweb.org;

location / {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://10.1.1.240:8000;

}

access_log /var/log/nginx/trac_access.log;

}

## kb2.myweb.org -> http://10.1.1.230:8080/

server

{

listen 80;

server_name kb2.myweb.org;

location / {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://10.1.1.230:8080;

}

access_log /var/log/nginx/iphmk_admin_kb2_access.log;

}

:wq

[root@localhost conf.d]# service start nginx

最後一步

因為我們nginx的反向代理服務器是部署在10.1.1.230上,它本身也是內網服務器,所以需要在路由器上配一個路由轉發規則:

所有從外網80端口進來的請求,都轉發到nginx所在的服務器,由nginx來負責轉發。

路由器設置:虛擬服務器

WAN口 wan1

WAN端口 80 常用服務: DNS(53)

LAN端口 80

內網IP 10.1.1.230

協議: 全部

ok,大公告成~

【重要補充:】

對了,還忘記了交代:還需要一個自己的域名(myweb.org),才可以這樣去使用二級域名來解析內網應用。

如果沒有,可以申請阿裡雲服務,然後在路由器上,來綁定內網入口的網絡服務商分配給動態IP(這步很簡單,就是路由器上設置填上申請的動態域名就好了)

這裡的工作,屬於准備期工作,申請啊備案啊,還是很繁瑣的,本次沒有記錄下來~

Copyright © Linux教程網 All Rights Reserved