【nginx】基于域名的nginx虚拟主机

一、背景

内网环境有多套系统，都监听80、443 端口

只有一个公网IP出口，无法实现将多个系统的 80 、443同时映射到公网IP上

只能通过加层来解决，通过基于域名的nginx虚拟机主机承载内网多套系统，将nginx虚拟机主机服务器上 80、443映射出去就可以了。

二、配置虚拟主机

在虚拟主机服务器上，安装nginx

# cat /etc/yum.repos.d/nginx.repo

#########################################

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/centos/7/$basearch/

gpgcheck=0

enabled=1

############################################

# yum  list  available  --disablerepo="*"  --enablerepo="nginx"

# yum  -y  install  nginx  --enablerepo="nginx" 

# mkdir  /etc/nginx/ssl

# cat /etc/nginx/nginx.conf

###############################################################

# For more information on configuration, see:

#  * Official English Documentation:http://nginx.org/en/docs/

#  * Official Russian Documentation:http://nginx.org/ru/docs/

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

events {

    worker_connections  1024;

}

# stream转发

stream {

    proxy_connect_timeout 10s;

    include /etc/nginx/conf.d/stream/*.conf;

}

# http转发

http {

    client_max_body_size      500M;

    include                  mime.types;

    default_type              application/octet-stream;

    server_tokens            off;

    sendfile                  on;

    keepalive_timeout        65;

    send_timeout              600;

    proxy_set_header          X-Real-IP $remote_addr;

    proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header          host $host;

    proxy_send_timeout        600;

    proxy_read_timeout        600;

    proxy_connect_timeout    600;

    proxy_max_temp_file_size 4096m;

#################################################

# 开启websocket支持

    proxy_http_version 1.1;

    proxy_set_header Connection "";

    map $http_upgrade $connection_upgrade {

        default upgrade;

        '' close;

        }

###################################################

    include /etc/nginx/conf.d/http/*.conf;

}

###############################################################

# cat /etc/nginx/conf.d/http/443.conf

###################################################################

upstream x1_443_service {

    server 192.168.1.101:443  max_fails=2 fail_timeout=60s;

  }

upstream x2_443_service {

    server 192.168.1.102:443    max_fails=2 fail_timeout=60s;

  }

# 虚拟机主机x1

server {

    listen 443 ssl;

    server_name www.example1.com;

    ssl_certificate         /etc/nginx/ssl/www.example1.com.cer;

    ssl_certificate_key  /etc/nginx/ssl/www.example1.com.key;

    location / {

        proxy_connect_timeout    600;

        proxy_send_timeout        600;

        proxy_read_timeout        600;

        send_timeout              600;

        proxy_set_header          X-Real-IP $remote_addr;

        proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header          host $host;

        proxy_pass                https://x1_443_service;

        # websocket

        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection "upgrade";

    }

}

#虚拟主机x2

server {

    listen 443 ssl;

    server_name www.example2.com;

    ssl_certificate        /etc/nginx/ssl/www.example2.com.pem;

   ssl_certificate_key  /etc/nginx/ssl/www.example2.com.key;

    location / {

        proxy_connect_timeout    600;

        proxy_send_timeout        600;

        proxy_read_timeout        600;

        send_timeout              600;

        proxy_set_header          X-Real-IP $remote_addr;

        proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header          host $host;

        proxy_pass                https://x2_443_service;

        # websocket

        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection "upgrade";

    }

}

###################################################################

# cat /etc/nginx/conf.d/stream/10086.conf

############################################

upstream 10086_service {

    hash $remote_addr consistent;

    server 192.168.1.103:10086  max_fails=2  fail_timeout=60s;

}

server {

    listen 10086;

    proxy_pass 10086_service;

}

############################################

#  systemctl restart nginx 

# ss -tan | grep -w  443 

# ss -tan | grep -w 10086

三、测试

在windows测试机器添加hosts映射

C:\Windows\System32\drivers\etc

##############################

192.168.1.100  www.example1.com

192.168.1.100  www.example2.com

###############################

浏览器分别访问  https://www.example1.com   https://www.example2.com

四、参考

nginx虚拟主机概念和类型介绍

https://blog.51cto.com/sandshell/1957701

Nginx 虚拟主机配置

https://www.cnblogs.com/wushuaishuai/p/9343044.html

How to Create an Nginx Virtual Host

https://www.keycdn.com/support/nginx-virtual-host

Server Block Examples

https://www.nginx.com/resources/wiki/start/topics/examples/server_blocks

Nginx如何处理一个请求

https://tengine.taobao.org/nginx_docs/cn/docs/http/request_processing.html