Detail the example of Nginx using a proxy to forward a request
- 2020-05-14 06:04:45
- OfStack
Our business of mipu technology is spread all over the world. Sometimes foreign customers cannot access our services set up in China, which requires us to set up a proxy forwarding service on the foreign server. The user requests the domain name of the foreign server, and then the agent forwards it to China. Nginx can not only realize load balancing, but also realize reverse proxy forwarding, which is very suitable for our usage scenarios. Therefore, we use Nginx in mipu technology to forward request instances by proxy.
Nginx makes use of the proxy to forward request instances
As one of the most popular web servers today, nginx makes it easy to implement reverse proxies.
nginx reverse agent official documentation: NGINX REVERSE PROXY
When deployed on a number of different web 1 host server, and need to be able to access these web server at the same time in the ports 80 and 443, can use nginx reverse proxy function, use nginx listen on port 80 all requests, and sent to port 443, again by port 443 series 1 based on the forward to the corresponding domestic web forwarding rules on the server.
Example:
The domain name proxy.mimvp.com is put on record in aliyun and deployed in aliyun server in Beijing
proxy.mimgu.cn domain name shall be registered in tencent cloud, and deployed in tencent cloud server in Singapore (foreign domain name may not be registered)
1. Domestic Beijing aliyun server (proxy.mimvp.com)
vim mimvp_proxy.conf
server {
listen 80;
server_name proxy.mimvp.com; # Domain names can be multiple, separated by Spaces
root www/mimvp_proxy;
rewrite ^(.*)$ https://$host$1 permanent;
location / {
root www/mimvp_proxy;
index index.php index.html index.htm;
}
location ~ \.php$ {
root www/mimvp_proxy;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi.conf;
}
location ~* ^/(images|img|javascript|js|css|blog|flash|media|static)/ {
root www/mimvp_proxy;
expires 30d;
}
location ~* ^/(robots\.txt) {
root www/mimvp_proxy;
expires 365d;
}
location ~* ^/favicon\.ico {
root www/mimvp_proxy;
expires 365d;
}
location ~* ^/img/logo\.png {
root www/mimvp_proxy;
expires 365d;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 443 ssl http2;
server_name proxy.mimvp.com; # Domain names can be multiple, separated by Spaces
root www/mimvp_proxy;
ssl on;
ssl_certificate proxy.mimvp.com.crt;
ssl_certificate_key proxy.mimvp.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root www/mimvp_proxy;
index index.php index.html index.htm;
}
location ~ \.php$ {
root www/mimvp_proxy;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi.conf;
}
location ~* ^/(images|img|javascript|js|css|blog|flash|media|static)/ {
root www/mimvp_proxy;
expires 30d;
}
location ~* ^/(robots\.txt) {
root www/mimvp_proxy;
expires 365d;
}
location ~* ^/favicon\.ico {
root www/mimvp_proxy;
expires 365d;
}
location ~* ^/img/logo\.png {
root www/mimvp_proxy;
expires 365d;
}
location ~ /\.ht {
deny all;
}
}
2. Tencent cloud server (proxy.mimgu.cn)
vim mimvp_proxy2.conf
server {
listen 80;
server_name proxy.mimgu.cn;
root www/mimvp_proxy;
rewrite ^(.*)$ https://$host$1 permanent; ## All requests force jump to https
}
server {
listen 443 ssl http2;
server_name proxy.mimgu.cn;
root www/mimvp_proxy;
ssl on;
ssl_certificate proxy.mimgu.cn.crt;
ssl_certificate_key proxy.mimgu.cn.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://proxy.mimvp.com; ## All requests are forced to jump to the domestic server https://proxy.mimvp.com
}
location ~ \.php$ {
proxy_pass https://proxy.mimvp.com;
}
location ~* ^/(images|img|javascript|js|css|blog|flash|media|static)/ {
proxy_pass https://proxy.mimvp.com; ## css,js,img All have to be forced forward, otherwise the typesetting may be disordered
}
location ~* ^/(robots\.txt) {
proxy_pass https://proxy.mimvp.com;
}
location ~* ^/favicon\.ico {
proxy_pass https://proxy.mimvp.com;
}
location ~* ^/img/logo\.png {
proxy_pass https://proxy.mimvp.com;
}
location ~ /\.ht {
deny all;
}
}
3. View the results
http proxy.mimvp.com // Forced jump to https proxy.mimvp.com
https proxy.mimvp.com // Only external display 1 Domain url
http proxy.mimgu.cn // Forced jump to https proxy.mimgu.cn , and then continue to force the jump to https proxy.mimvp.com
https proxy.mimgu.cn // Forced jump to https proxy.mimvp.com
summary
https proxy.mimvp.com http implements a forced jump to https, and the entire site is encrypted using ssl Overseas tencent cloud domain name (proxy.mimgu.cn), nginx agent forwarded to domestic aliyun domain name (proxy.mimvp.com) The above nginx configuration file is a classic configuration with a large amount of information