Of Stack

The nginx reverse proxy is used as an Intranet domain name forwarding agent

  • 2020-05-12 06:50:20
  • OfStack

Since the http service of multiple servers in the company's Intranet needs to be mapped to the static IP of the company's extranet, if the port mapping of routing is used, port 80 of one Intranet server can be mapped to port 80 of the extranet, and port 80 of other servers can only be mapped to non-port 80 of the extranet. Non-80 port mapping in the access to the domain name plus the port, more trouble. And the company entry route can only do a maximum of 20 port mappings.

It won't be enough later.

Then found to trying to build a nginx reverse proxy server, will nginx reverse proxy server IP mapped to the network of 80 to 80, this domain pointing to the outside of the company network IP HTTP request will be sent to the nginx reverse proxy server, using nginx reverse proxy will give different domain name forward requests to different network port of the machine, has played a "according to the specific domain name automatically forwarded to the appropriate server port" effect, What the router's port mapping does is "automatically forward to the specific port of the corresponding server according to different ports".

This experiment aims to achieve: enter xxx123.tk into the browser to access port 3000 of the Intranet machine 192.168.10.38, enter xxx456.tk to access port 80 of the Intranet machine 192.168.10.40. 


vim nginx.conf
worker_processes 1;
error_log logs/error.log;
pid logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
  use epoll;
  worker_connections 65535;
}
http {
  include mime.types;
  default_type application/octet-stream;
  include /usr/local/nginx/conf/reverse-proxy.conf;
  sendfile on;
  keepalive_timeout 65;
  gzip on;
  client_max_body_size 50m; # The buffer agent buffers the maximum number of bytes requested by the client , Can be understood as saving to the local and then to the user 
  client_body_buffer_size 256k;
  client_header_timeout 3m;
  client_body_timeout 3m;
  send_timeout 3m;
  proxy_connect_timeout 300s; #nginx The connection timeout with the back-end server ( Proxy connection timeout )
  proxy_read_timeout 300s; # Back end server response time after successful connection ( Agent receive timeout )
  proxy_send_timeout 300s;
  proxy_buffer_size 64k; # Set up the proxy server ( nginx ) the buffer size to hold the user header information 
  proxy_buffers 4 32k; #proxy_buffers Buffer the average page in 32k Set this as follows 
  proxy_busy_buffers_size 64k; # Buffer size under high load ( proxy_buffers*2 ) 
  proxy_temp_file_write_size 64k; # Set the size of the cache folder to be greater than this value and will start from upstream The server delivers the request without buffering it to disk 
  proxy_ignore_client_abort on; # The proxy side is not allowed to actively close the connection 
  server {
    listen 80;
    server_name localhost;
    location / {
      root html;
      index index.html index.htm;
    }
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
      root html;
    }
  }
}
server
{
  listen 80;
  server_name xxx123.tk;
  location / {
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://192.168.10.38:3000;
  }
  access_log logs/xxx123.tk_access.log;
}
server
{
  listen 80;
  server_name xxx456.tk;
  location / {
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://192.168.10.40:80;
  }
  access_log logs/xxx456.tk_access.log;
}

Enter xxx123.tk in the browser to access the Intranet server 192.168.10.38 port 3000, enter xxx456.tk to access the 192.168.10.40 port 80 function. If you want to load balance the back-end machines, you can do this configuration by distributing requests for nagios.xxx123.tk to the 131 and 132 machines on the Intranet. 


upstream monitor_server {
  server 192.168.0.131:80;
    server 192.168.0.132:80;
}
server
{
  listen 80;
  server_name nagios.xxx123.tk;
  location / {
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://monitor_server;
  }
  access_log logs/nagios.xxx123.tk_access.log;
}

The following section was not configured before, and the 504 gateway timeout occasionally appears during access 


  proxy_connect_timeout 300s;  proxy_read_timeout 300s;
  proxy_send_timeout 300s;
  proxy_buffer_size 64k;
  proxy_buffers 4 32k;
  proxy_busy_buffers_size 64k;
  proxy_temp_file_write_size 64k;
  proxy_ignore_client_abort on;
Related articles: