Preface: The reverse proxy service of the Nginx server is its most commonly used and important function. The reverse proxy service can also derive many important functions of the Nginx server related to this, such as load balancing. This blog mainly introduces the reverse proxy of Nginx first. Of course, before understanding the reverse proxy, we need to know what a proxy is and what a forward proxy is.
1. Agency
In the Java design pattern, the proxy mode is defined as follows: a proxy object is provided to an object, and the proxy object controls the reference of the original object.
Maybe you don’t understand this sentence. Let’s give a real-life example: For example, if we want to buy a second-hand house, although we can find the house on our own, it takes too much time and energy, and the house quality inspection and house transfer We have to go through a series of formalities. Besides, in this society, when we find a house, maybe the house price has risen, so what should we do? The easiest and fastest way is to find an intermediary company for second-hand housing (why? Others have a lot of housing), so we entrusted an intermediary company to find a suitable house for me, as well as the subsequent quality inspection and transfer operations, we only need to choose Just pay for the house you want.
To put it simply, the agency means that if we want to do something but don't want to do it directly, then we will find another person to do it for us at this time. Then the intermediary company in this example provides us with agency services, and we entrust an intermediary company to help us find a house.
Nginx can mainly proxy the following protocols, of which the most used is Http proxy server.
2. Forward Agent
Once you have figured out what an agency is, then what is a forward agency?
Here I will give another example: everyone knows that Google is not accessible in China, so how can we access Google? We also thought, can Americans not be able to access Google (this is not nonsense, Google is American), if our computer’s public Internet IP address can become a US IP address, then Google can’t be accessed. You are very smart, and this is how the virtual private network came about. When we visit Google, we first connect to the virtual private network server to change our IP address to an IP address in the United States, and then we can access it smoothly.
The virtual private network here is acting as a forward proxy. The forward proxy server is located between the client and the server. In order to obtain data from the server, the client must send a request to the proxy server and specify the target server. The proxy server forwards the data returned by the target server to the client. Here the client needs to set some forward proxy settings.
PS: Here is an introduction about what a virtual private network is. The virtual private network is a kind of transit service in common. When our computer is connected to the virtual private network, our external IP address will become the public network IP of the virtual private network server. Any data we request or accept will pass through this virtual private network server and then be transferred to our local machine. What are the benefits of doing this? For example, the principle of virtual private network game acceleration, we want to play the LOL of the Netcom zone, but this machine is connected to the telecom broadband, and the player in the Netcom zone will be more card. At this time, the virtual private network is used to turn the telecom network into Netcom. Network, and then the LOL in the Netcom zone will not be stuck (note: the virtual private network cannot increase the bandwidth, don’t think that it is not stuck because the network speed has increased).
You may hear that everyone is still very abstract here, it doesn't matter, it is simple to compare and understand with the reverse proxy below.
Three, reverse proxy
The difference between reverse proxy and forward proxy is: forward proxy proxy client, reverse proxy proxy server.
Reverse proxy, in fact, the client is unaware of the proxy, because the client can access without any configuration, we only need to send the request to the reverse proxy server, and the reverse proxy server selects the target server to obtain the data. When returning to the client, the reverse proxy server and the target server are external servers, exposing the address of the proxy server and hiding the real server IP address.
Below we use two pictures to compare the forward agent and the direction agent:
The key to understanding these two types of proxies is what the proxy server is proxying. The forward proxy is the client. We need to set some proxy settings on the client. The reverse proxy is the server, and as the client, we cannot perceive the real existence of the server.
To sum up, it is still a sentence: forward proxy proxy client, reverse proxy proxy server.
Four, Nginx reverse proxy
Example: Use nginx reverse proxy www.czs.com to jump directly to 127.0.0.1:8888
1. Start a tomcat, enter 127.0.0.1:8888 in the address bar of the browser, and the following interface will appear
2. Map www.123.com to 127.0.0.1 by modifying the local host file
127.0.0.1 www.czs.com
Add the above code to the end of the Windows host file. The file location and additional content are shown in the figure: After the
configuration is complete, we can access the Tomcat initial interface that appears in the first step through www.czs.com:8888.
So how can I jump to the initial interface of Tomcat just by typing www.czs.com? Use the reverse proxy of nginx.
3. Add the following configuration in the nginx.conf configuration file:
server {
listen 80;
server_name www.czs.com;
location / {
proxy_pass http://127.0.0.1:8888;
index index.html index.htm index.jsp;
}
}
As configured above, we listen on port 80 and the access domain name is www.czs.com. If the port number is not added, the default port is 80, so when accessing the domain name, it will jump to the path 127.0.0.1:8888.
We input www.czs.com in the browser and the results are as follows:
ps: If there is a problem that cannot be accessed, or if nginx is closed, nginx can still be accessed normally, please check whether it is the sixth chapter problem
Five, Nginx reverse proxy related instructions introduction
1. The listen
command is used to configure network monitoring. There are mainly three configuration syntax structures as follows:
1.1. Configure the listening IP address
listen address[:port] [default_server] [setfib=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [deferred]
[accept_filter=filter] [bind] [ssl];
1.2, configure the listening port
listen port[default_server] [setfib=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter]
[deferred] [bind] [ipv6only=on|off] [ssl];
1.3, configure UNIX Domain Socket
listen unix:path [default_server] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter]
[deferred] [bind] [ssl];
The above configuration seems more complicated, but in fact it is relatively simple to use:
1 listen *:80 | *:8888 #监听所有80端口和8888端口
2 listen IP_address:port #监听指定的地址和端口号
3 listen IP_address #监听指定ip地址所有端口
4 listen port #监听该端口的所有IP连接
The specific meaning of each option is explained below:
1. address: IP address. If it is an IPV6 address, it needs to be enclosed in square brackets [], such as [fe80::1].
2. port: port number. If only the IP address is defined and the port number is not defined, then port 80 is used.
3. Path: the path of the socket file, such as var/run/nginx.sock, etc.
4. Default_server: identifier, set this virtual host as the default host of address:port. (Before nginx-0.8.21, the default command was used)
5. This variable is used in setfib=number:Nginx-0.8.44 to monitor the socket associated routing table. Currently it only works for FreeBSD and is not commonly used.
6. backlog=number: Set the maximum number of network connections allowed by the listen function listen() to be in a suspended state at the same time. The default is -1 in FreeBSD and 511 by other platforms.
7. rcvbuf=size: Set the size of the listening socket receiving buffer.
8. Sndbuf=size: Set the size of the listening socket sending buffer.
9. Deferred: Identifier, set accept() to Deferred mode.
10. Accept_filter=filter: Set the listening port to filter all requests. The filtered content cannot be received and processed. This command is only valid under FreeBSD and NetBSD 5.0+ platforms. filter can be set to dataready or httpready.
11. Bind: Identifier, use independent bind() to process this address:port. Generally, for multiple connections with the same port but different IP addresses, the Nginx server will only use one listening command and use bind() to process All connections with the same port.
12. ssl: Identifier. Set the session connection to use SSL mode. This identifier is related to the HTTPS service provided by the Nginx server.
2. server_name
This instruction is used to configure the virtual host. Usually divided into the following two types:
2.1. Name-based virtual host configuration The
syntax format is as follows:
server_name name ...;
2.1.1. For name, there can be only one name or multiple names, separated by spaces. Each name consists of two or three paragraphs, separated by "." between each paragraph.
server_name czs.com www.czs.com
2.1.2. The wildcard character "*" can be used, but the wildcard character can only be used in the first paragraph or the end of the three-paragraph character, or the end of the character at both ends.
server_name *.czs.com www.czs.*
2.1.3. Regular expressions can also be used. Use "~" as the start tag of the regular expression string.
server_name ~^www\d+\.czs\.com$;
The expression "means matching regular expressions, starting with www ("^" means beginning), followed by a number between 0-9, immediately followed by ".czs.co", and finally followed by "m" ($ Signifies the end)
The priority of the above matching sequence is as follows:
1、准确匹配 server_name
2、通配符在开始时匹配 server_name 成功
3、通配符在结尾时匹配 server_name 成功
4、正则表达式匹配 server_name 成功
2.2. Virtual host configuration based on IP address
The grammatical structure is the same as domain-based matching, and there is no need to consider the issues of wildcards and regular expressions.
server_name 192.168.1.1
3. The location
instruction is used to match the URL.
The syntax is as follows:
1 location [ = | ~ | ~* | ^~] uri {
2
3 }
1. =: Before the uri without regular expressions, the request string is required to strictly match the uri. If the match is successful, the search will stop continuing and the request will be processed immediately.
2. ~: Used to indicate that uri contains regular expressions and is case sensitive.
3. ~*: Used to indicate that uri contains regular expressions and is not case sensitive.
4. ^~: Before the uri without regular expressions, the Nginx server is required to find the location with the highest matching degree between the identification uri and the request string, and immediately use this location to process the request, instead of using the regular uri in the location block. Match the request string.
Note: If the uri contains regular expressions, it must be marked with ~ or ~*.
4. proxy_pass
This command is used to set the address of the proxy server. It can be in the form of host name, IP address and port number.
The grammatical structure is as follows:
proxy_pass URL;
URL is the address of the proxy server, which can include the transmission protocol, host name or IP address plus port number, URI, etc.
proxy_pass http://www.czs.com/uri;
5. The index
command is used to set the default homepage of the website.
The syntax is:
index filename ...;
There can be more than one file name, separated by spaces.
index index.html index.jsp;
Usually this command has two functions: the first is that when the user requests to visit the website, the request address may not write the homepage name; the second is that a different homepage can be set for a request according to the content of the request.
6. Nginx in windows has quit, but the access is normal? CMD force kill process command
1. First cmd to view the process occupying port 80
netstat -ano | findstr 0.0.0.0:80
2. Check whether it is nginx process by PID
tasklist|findstr 18420
3. Kill ngnix processes in batch
taskkill /f /t /im nginx.exe
