4.48-49Nginx反向代理

Nginx反向代理

 

什么叫反向代理？

A（用户）-->  B（在和C同一个机房，而且有公网）-->  C（不带公网的机器）

#A经过B的代理访问真正想访问的机器（C）

什么场景会使用反向代理？

1）访问不带公网的内网机器
2）解决两台机器之间通讯有障碍的问题
第三种比较特殊！当两个服务都是用同一端口，能够让nginx外的如httpd监听非80端口，而后使用nginx反向代理zabbix（使用的httpd）

场景设置：

1）A B 两台机器，其中A只有内网，B有内网和外网
2）A的内网ip是 192.168.28.107
3）B的内网ip是 192.168.28.108  B的外网IP是 192.168.149.129
4）C为客户端，C只能访问B的外网IP，不能访问A或者B的内网IP

需求目的：

C要访问到A的内网上的网站

配置：

虚拟机的实验流程
设置代理机上与服务机同一网段的网卡的配置文件
   location /
    {
        proxy_pass http://ip;        ip去掉填写后端web服务器的ip      
        proxy_set_header Host $host;  用来设定header信息curl能够看到。域名，servername（代理的时候的header）
        proxy_set_header X-Real-IP $remote_addr;               下面两段为了在日志当中显示源的真正ip
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;   这两段在访问日志中体现
    }


复制下面这段

    location /
    {
        proxy_pass http://ip;        
        proxy_set_header Host $host;  
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

服务机上的设置
yum安装nginx
经过代理机进行数据复制：scp命令 scp /etc/yum.repos.d/nginx.repo 代理机的IP:/etc/yum.repos.d/
#把代理机上nginx的yum源传过来，就不用再配置.repo文件了，直接安装nginx就OK 
 scp就是复制命令，数据所在的本机的复制命令就是cp，异机的复制命令就是scp

 

nginx的反向代理

用虚拟机模拟，108机器增长一块仅主机模式的网卡，并开启，链接上108
108
[root@test02 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.28.108  netmask 255.255.252.0  broadcast 192.168.31.255
        inet6 fe80::98ef:5fb6:2c54:d563  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::8eb9:eeb2:ea98:c999  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:20:ad:bc  txqueuelen 1000  (Ethernet)
        RX packets 2492  bytes 3197805 (3.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 883  bytes 77855 (76.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.229.128  netmask 255.255.255.0  broadcast 192.168.229.255
        inet6 fe80::ee2d:59da:a6ba:e82  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:20:ad:c6  txqueuelen 1000  (Ethernet)
        RX packets 4  bytes 989 (989.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10  bytes 1308 (1.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 68  bytes 5524 (5.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 68  bytes 5524 (5.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
  

并无ens37的配置文件，要设置成静态ip要拷贝配置文件
[root@test02 ~]# ls /etc/sysconfig/network-scripts/ifcfg-
ifcfg-ens33  ifcfg-lo    

[root@test02 ~]# cd /etc/sysconfig/network-scripts/
[root@test02 network-scripts]# cp ifcfg-ens33 ifcfg-ens37
[root@test02 network-scripts]# vi ifcfg-ens37


TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=bfc98778-197a-423a-aec7-acdb02e60879
DEVICE=ens37
ONBOOT=yes
IPADDR=192.168.229.129
NETMASK=255.255.255.0
~                                                                                                           
~                                                                                                           
~                                                                                                           
~                                                                                                           

systemctl restart network重启网络服务

[root@test02 network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.28.108  netmask 255.255.252.0  broadcast 192.168.31.255
        inet6 fe80::98ef:5fb6:2c54:d563  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::8eb9:eeb2:ea98:c999  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:20:ad:bc  txqueuelen 1000  (Ethernet)
        RX packets 3590  bytes 3292584 (3.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1547  bytes 161035 (157.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.229.129  netmask 255.255.255.0  broadcast 192.168.229.255
        inet6 fe80::20c:29ff:fe20:adc6  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:20:ad:c6  txqueuelen 1000  (Ethernet)
        RX packets 5  bytes 1331 (1.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 48  bytes 4364 (4.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 92  bytes 7564 (7.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 92  bytes 7564 (7.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

107
[root@test01 ~]# scp /etc/yum.repos.d/nginx.repo 192.168.28.108:/etc/yum.repos.d/

108
yum install -y nginx

[root@test02 ~]# cd /etc/nginx/conf.d/
[root@test02 conf.d]# ls
default.conf
[root@test02 conf.d]# vi default.conf
 deny all;掉default.conf

[root@test02 conf.d]# vi bbs.champin.top.conf

server
{
        listen 80;
        server_name bbs.champin.top;
    location /
    {
        proxy_pass http://192.168.28.107;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
~        

[root@test02 conf.d]# systemctl start nginx
[root@test02 conf.d]# ps aux |grep nginx
root       4440  0.0  0.0  46352   984 ?        Ss   03:20   0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx      4441  0.0  0.1  46864  1680 ?        S    03:20   0:00 nginx: worker process
root       4444  0.0  0.0 112664   972 pts/0    S+   03:22   0:00 grep --color=auto nginx
[root@test02 conf.d]# nginx -t 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test02 conf.d]# nginx -s reload

由于是虚拟机模拟，还要绑定hosts 192.168.229.129 bbs.champin.top

[root@test02 conf.d]# firewall-cmd --add-port=80/tcp --permanent
success
[root@test02 conf.d]# firewall-cmd --reload
success

[root@test02 conf.d]# iptables -nvL |grep 80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 ctstate NEW