反向代理（负载均衡）

1.反向代理就是 客户端通过访问代理服务器最终访问到真实服务器的过程

反向代理的作用：

 (1）保证内网的安全，可以使用反向代理提供WAF功能，阻止web攻击

大型网站，通常将反向代理作为公网访问地址，Web服务器是内网。

（2）负载均衡，通过反向代理服务器来优化网站的负载

配置

upstream backend {
   ip_hash;  #处理session共存
   server 47.106.163.103; #真实服务器ip
   
}

server {
        #listen 80 default_server;
        #listen [::]:80 default_server;
        listen  443 ; #https 443 端口 服务器必须要开放 443端口

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #rker_processes
        # include snippets/snakeoil.conf;

        root /var/www/html/default/public;

        # Add index.php to the list if you are using PHP
        index index.php  index.html ;

        server_name  myinterestis.com www.myinterestis.com ;
        #server_name 47.106.163.103;
        ssl on; # 开启https模块
        ssl_certificate  /var/www/html/default/public/214541076500893.pem;
        ssl_certificate_key  /var/www/html/default/public/214541076500893.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        # 默认请求
        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                #反向代理开始 
                proxy_pass http://backend; #代理服务器ip
                #proxy_set_header Host      $host;
                #proxy_set_header X-Real-IP $remote_addr;
                #proxy_redirect https:// $scheme://; #做https跳转
                #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
                #反向代理结束
                if (!-e $request_filename) {
                  rewrite  ^(.*)$  /index.php?s=/$1  last;
                  break;
                 }        }


        # 静态文件处理
        location ~ \.(txt|jpg|png|js|css|static)$ {


          #root   /var/www/html/default/public/.well-known/;
        }




        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #请求分发到 fpm 
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
        #
        #       # With php7.0-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php7.0-fpm:
                fastcgi_pass unix:/run/php/php5.6-fpm.sock;
        }


        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}