Nginx server set up reverse proxy strategy
- 2020-05-14 05:33:01
- OfStack
The Nginx reverse agent has a lot of problems that need to be solved, many of which are based on the installation, and the related debugging after the installation is completed is also a headache for many people. The following is the introduction of the installation and debugging of the relevant introduction.
Due to server apache resist the concurrent. Plus the front-end squid configuration, still can solve problem. And the most dynamic page program. Can't use fastcgi to deal with. So want to use Nginx reverse proxy apache. The entire configuration installation process is simple. In the case of considering the high concurrency, do some optimization before installation. The current configuration can withstand more than 3000 concurrent. As if is not particularly big & # 63; Ha ~~ but enough ~~ there are only a few problems with 499.. I am looking forward to someone to discuss it with me.
Part 1: installation
Create users and groups
/usr/sbin/groupadd www
/usr/sbin/useradd -g www www
2. Install pcre to make Nginx reverse proxy support rewrite convenient for later use
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.8.tar.gz
tar zxvf pcre-7.8.tar.gz
cd pcre-7.8/
./configure
make && make install
Install the Nginx reverse agent
wget http://sysoev.ru/nginx/nginx-0.7.58.tar.gz
tar zxvf nginx-0.7.58.tar.gz
cd nginx-0.7.58/
./configure --user=www --group=www --prefix=/usr/
local/webserver/nginx --with-http_stub_status_module
--with-http_ssl_module --with-cc-opt='-O2' --with-cpu-opt
=opteron
make && make install
Note the above -- with-cc-opt =' -O2 '-- with-cpu-opt =' opteron'. This is compiler optimization, and is currently most commonly used for -02 instead of 3.
Part 2: configuring and optimizing configuration files
1 Nginx.conf configuration file:
user www www;
worker_processes 4;
# [ debug | info | notice | warn | error | crit ]
error_log /usr/local/webserver/nginx/logs/nginx_error.log crit;
pid /usr/local/webserver/nginx/nginx.pid;
#Specifies the value for maximum file descriptors that
can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http
{
include mime.types;
default_type application/octet-stream;
source_charset GB2312;
server_names_hash_bucket_size 256;
client_header_buffer_size 256k;
large_client_header_buffers 4 256k;
#size limits
client_max_body_size 50m;
client_body_buffer_size 256k;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
# The parameters are adjusted . The purpose is to resolve issues that arise during the proxy process 1 some 502 499 error
sendfile on;
tcp_nopush on;
keepalive_timeout 120; # Parameters increase , To solve when acting as an agent 502 error
tcp_nodelay on;
include vhosts/upstream.conf;
include vhosts/bbs.linuxtone.conf;
}
2 upstream.conf configuration file (this is also how you configure the load
upstream.conf
upstream bbs.linuxtone.com {
server 192.168.1.4:8099;
}
3. Site profile
bbs.linuxtone.conf
server
{
listen 80;
server_name bbs.linuxtone.conf;
charset GB2312;
index index.html index.htm;
root /date/wwwroot/linuxtone/;
location ~ ^/NginxStatus/ {
stub_status on;
access_log off;
}
location / {
root /date/wwwroot/linuxtone/;
proxy_redirect off ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500
http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_pass http://bbs.linuxtone.com;
}
The parameters have been adjusted to resolve 1 502 499 errors in the proxy process
#Add expires header for static content
location ~* \.(jpg|jpeg|gif|png|swf)$ {
if (-f $request_filename) {
root /date/wwwroot/linuxtone/;
expires 1d;
break;
}
}
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log /exp/nginxlogs/bbs.linuxtone_access.log access;
}
Commonly used instructions
Let's take a look at some common reverse proxy instructions for Nginx
proxy_pass instruction
grammar
proxy_pass [url | upstream]
role
This directive is used to set the proxy server port or socket, as well as URL
proxy_redirect instruction
grammar
proxy_redirect [off | default | redirect replacement]
role
This directive is used to change "location" and "refresh" in the reply Header header of the proxy server
Supplement:
I have not mastered the function of this command, and off is used in the actual Settings. If you have any idea, please leave a comment on the blog to guide me
proxy_next_upstream instruction
grammar
proxy_next_upstream [error|timeout|invalid_header|http_500|http_502|http_503|http_504|http_404|off]
role
This directive is used to set when the request is forwarded to the next server. In the upstream load balancing proxy server pool, this directive can be used to forward requests to the next server in the pool, assuming that one server at the back end is unable to access or return the specified error response code.
Parameters that
error: if an error occurs when connecting to a server, sending a request, or reading a reply message
timeout: timeout if connecting to a server, passing a request, or reading a reply message from a back-end server
invalid_header: the backend server returns an empty or incorrect reply
http_[500|502|503|504|404] : the backend server returns the specified reply status code
off: request forwarding to the next backend server is not allowed
proxy_set_header instruction
grammar
proxy_set_header header value
role
This directive allows you to redefine or add the header line to the request information forwarded to the proxy server, whose value can be text, can be a variable, or can be a combination of text and variables