共计 10699 个字符,预计需要花费 27 分钟才能阅读完成。
背景 :
最近因工作需要,需在 Web 前端做一个代理,来解决部分用户不能访问的需求;之前通过 Nginx 反向代理已实现对 Web 的代理,但后来发现还有站点为 https 的,所以又找了些资料,整理了一下,测试完成。
————————————– 分割线 ————————————–
CentOS 6.2 实战部署 Nginx+MySQL+PHP http://www.linuxidc.com/Linux/2013-09/90020.htm
使用 Nginx 搭建 WEB 服务器 http://www.linuxidc.com/Linux/2013-09/89768.htm
搭建基于 Linux6.3+Nginx1.2+PHP5+MySQL5.5 的 Web 服务器全过程 http://www.linuxidc.com/Linux/2013-09/89692.htm
CentOS 6.3 下 Nginx 性能调优 http://www.linuxidc.com/Linux/2013-09/89656.htm
CentOS 6.3 下配置 Nginx 加载 ngx_pagespeed 模块 http://www.linuxidc.com/Linux/2013-09/89657.htm
CentOS 6.4 安装配置 Nginx+Pcre+php-fpm http://www.linuxidc.com/Linux/2013-08/88984.htm
Nginx 安装配置使用详细笔记 http://www.linuxidc.com/Linux/2014-07/104499.htm
Nginx 日志过滤 使用 ngx_log_if 不记录特定日志 http://www.linuxidc.com/Linux/2014-07/104686.htm
————————————– 分割线 ————————————–
方法 :
Nginx 代理 web 站点 ttxsgoto.com 的相关部署和配置主要如下脚本实现:
#!/bin/bash
path_soft=$(pwd)
function base(){
yum -y install make gcc gcc-c++ autoconf
}
function install(){
groupadd www
useradd -g www www
wget http://1.1.1.1/nginx/pcre-8.36.tar.gz
tar zxvf pcre-8.36.tar.gz
cd pcre-8.36
./configure
make && make install
wget http://1.1.1.1/nginx/nginx-1.6.2.tar.gz
tar zxvf nginx-1.6.2.tar.gz
cd nginx-1.6.2
./configure –user=www –group=www –prefix=/usr/local/web/nginx –with-http_stub_status_module –with-http_ssl_module
make &&make install
}
function config(){
sed -i “s#\#gzip\ \ on;#\#gzip\ \ on;\n\n include\ \ vhosts/*.conf; #g” /usr/local/web/nginx/conf/nginx.conf
mkdir /usr/local/web/nginx/conf/vhosts
cat << EOF >> /usr/local/web/nginx/conf/vhosts/ttxsgoto.com.conf
server
{
listen 80;
server_name ttxsgoto.com;
charset GB2312;
index index.html index.htm;
root /date/wwwroot/ttxsgoto.com/;
location ~ ^/NginxStatus/ {
stub_status on;
access_log off;
}
location / {
proxy_redirect off ;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header REMOTE-HOST \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_pass http://ttxsgoto.com;
}
}
server
{
listen 8081;
server_name ttxsgoto.com:8081;
charset GB2312;
index index.html index.htm;
root /date/wwwroot/ttxsgoto.com/;
location ~ ^/NginxStatus/ {
stub_status on;
access_log off;
}
location / {
proxy_redirect off ;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header REMOTE-HOST \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_pass http://ttxsgoto.com:8081;
}
}
EOF
cat << EOF >> /etc/hosts
2.2.2.2 ttxsgoto.com
EOF
ln -s /usr/local/lib/libpcre.so.1 /lib64/
ulimit -SHn 51200
}
function start(){
/usr/local/web/nginx/sbin/nginx
}
function main(){
base
install
config
start
}
main
至此,nginx 代理 web 的安装和配置都已完成,验证方法:在本地修改 hosts 文件:x.x.x.x ttxsgoto.com, 通过浏览访问页面成功。
更多详情见请继续阅读下一页的精彩内容 :http://www.linuxidc.com/Linux/2014-11/109632p2.htm
代理 https 的实现:
1. 在 /usr/local/web/nginx/conf 中新建目录 ssl(创建相关 ssl 文件)
openssl genrsa -des3 -out ttxsgoto.com.key 1024
openssl req -new -key ttxsgoto.com.key -out ttxsgoto.com.csr
cp ttxsgoto.com.key ttxsgoto.com.key.orgi
openssl rsa -in ttxsgoto.com.key.orgi -out ttxsgoto.com.key
openssl x509 -req -days 365 -in ttxsgoto.com.csr -signkey ttxsgoto.com.key -out ttxsgoto.com.crt
2. 在 nginx.conf 中增加相关配置(内容如下):
include vhosts/ttxsgoto.com.conf;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443 ssl;
server_name ttxsgoto.com;
ssl on;
ssl_certificate ssl/ttxsgoto.com.crt;
ssl_certificate_key ssl/ttxsgoto.com.key;
keepalive_timeout 60;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
access_log /usr/local/web/nginx/logs/ssl-access.log;
error_log /usr/local/web/nginx/logs/ssl-error.log;
location / {
proxy_pass https://ttxsgoto.com;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
}
3.vhosts 目录下 ttxsgot.com.conf 的配置文件内容:
server
{
listen 80;
server_name ttxsgoto.com;
charset GB2312;
index index.html index.htm;
root /date/wwwroot/ttxsgoto.com/;
location ~ ^/NginxStatus/ {
stub_status on;
access_log off;
}
location / {
proxy_redirect off ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_pass http://ttxsgoto.com;
}
}
server
{
listen 8082;
server_name ttxsgoto.com:8082;
charset GB2312;
index index.html index.htm;
root /date/wwwroot/ttxsgoto.com/;
location ~ ^/NginxStatus/ {
stub_status on;
access_log off;
}
location / {
proxy_redirect off ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_pass http://ttxsgoto:8082;
}
}
4. 添加 /etc/hosts 的解析
2.2.2.2 ttxsgoto.com
5.iptables 防火墙开放相关的端口,像这里开放 80,8082,443 给外网访问
6. 验证修改本地 hosts 文件,浏览器中验证访问成功,至此 nginx 反向代理 https 完成!
Nginx 的详细介绍 :请点这里
Nginx 的下载地址 :请点这里
背景 :
最近因工作需要,需在 Web 前端做一个代理,来解决部分用户不能访问的需求;之前通过 Nginx 反向代理已实现对 Web 的代理,但后来发现还有站点为 https 的,所以又找了些资料,整理了一下,测试完成。
————————————– 分割线 ————————————–
CentOS 6.2 实战部署 Nginx+MySQL+PHP http://www.linuxidc.com/Linux/2013-09/90020.htm
使用 Nginx 搭建 WEB 服务器 http://www.linuxidc.com/Linux/2013-09/89768.htm
搭建基于 Linux6.3+Nginx1.2+PHP5+MySQL5.5 的 Web 服务器全过程 http://www.linuxidc.com/Linux/2013-09/89692.htm
CentOS 6.3 下 Nginx 性能调优 http://www.linuxidc.com/Linux/2013-09/89656.htm
CentOS 6.3 下配置 Nginx 加载 ngx_pagespeed 模块 http://www.linuxidc.com/Linux/2013-09/89657.htm
CentOS 6.4 安装配置 Nginx+Pcre+php-fpm http://www.linuxidc.com/Linux/2013-08/88984.htm
Nginx 安装配置使用详细笔记 http://www.linuxidc.com/Linux/2014-07/104499.htm
Nginx 日志过滤 使用 ngx_log_if 不记录特定日志 http://www.linuxidc.com/Linux/2014-07/104686.htm
————————————– 分割线 ————————————–
方法 :
Nginx 代理 web 站点 ttxsgoto.com 的相关部署和配置主要如下脚本实现:
#!/bin/bash
path_soft=$(pwd)
function base(){
yum -y install make gcc gcc-c++ autoconf
}
function install(){
groupadd www
useradd -g www www
wget http://1.1.1.1/nginx/pcre-8.36.tar.gz
tar zxvf pcre-8.36.tar.gz
cd pcre-8.36
./configure
make && make install
wget http://1.1.1.1/nginx/nginx-1.6.2.tar.gz
tar zxvf nginx-1.6.2.tar.gz
cd nginx-1.6.2
./configure –user=www –group=www –prefix=/usr/local/web/nginx –with-http_stub_status_module –with-http_ssl_module
make &&make install
}
function config(){
sed -i “s#\#gzip\ \ on;#\#gzip\ \ on;\n\n include\ \ vhosts/*.conf; #g” /usr/local/web/nginx/conf/nginx.conf
mkdir /usr/local/web/nginx/conf/vhosts
cat << EOF >> /usr/local/web/nginx/conf/vhosts/ttxsgoto.com.conf
server
{
listen 80;
server_name ttxsgoto.com;
charset GB2312;
index index.html index.htm;
root /date/wwwroot/ttxsgoto.com/;
location ~ ^/NginxStatus/ {
stub_status on;
access_log off;
}
location / {
proxy_redirect off ;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header REMOTE-HOST \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_pass http://ttxsgoto.com;
}
}
server
{
listen 8081;
server_name ttxsgoto.com:8081;
charset GB2312;
index index.html index.htm;
root /date/wwwroot/ttxsgoto.com/;
location ~ ^/NginxStatus/ {
stub_status on;
access_log off;
}
location / {
proxy_redirect off ;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header REMOTE-HOST \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_pass http://ttxsgoto.com:8081;
}
}
EOF
cat << EOF >> /etc/hosts
2.2.2.2 ttxsgoto.com
EOF
ln -s /usr/local/lib/libpcre.so.1 /lib64/
ulimit -SHn 51200
}
function start(){
/usr/local/web/nginx/sbin/nginx
}
function main(){
base
install
config
start
}
main
至此,nginx 代理 web 的安装和配置都已完成,验证方法:在本地修改 hosts 文件:x.x.x.x ttxsgoto.com, 通过浏览访问页面成功。
更多详情见请继续阅读下一页的精彩内容 :http://www.linuxidc.com/Linux/2014-11/109632p2.htm
