Nginx forward and reverse proxy

what is a proxy

A classmate started his entrepreneurial journey under the background of the AI ​​era. The biggest problem he encountered so far was the start-up capital, so he decided to ask Ma Yun’s father to borrow money. , In desperation, he thought of a way to find a relationship to open the back door. After some information inquiries, it turned out that Mr. Wang, the university teacher of student A, was a classmate of Ma Yun, so student A found Mr. Wang and asked Mr. Wang to borrow 5 million from Ma Yun. Come on, of course it's finally done. However, Ma Yun didn't know that the money was borrowed by classmate A. Ma Yun lent it to Mr. Wang, and Mr. Wang handed it over to classmate A in the end. Mr. Wang here played a very key role in this process. This is the agent , which can also be said to be a positive agent. Mr. Wang handles this matter on behalf of student A. In this process, who is the real borrower, Jack Ma I don't know, this is very important.

forward proxy

Our commonly used VPN is generally a forward proxy.

The forward proxy is characterized by hiding the real client, the server does not know who the requesting client is, and the service requested by the client is the proxy server instead of the request.

For example, when domestic users want to access Google, they will be blocked. So we can set up a proxy server abroad (which can access Google's server), let the proxy help me to request google.com, and the proxy returns the corresponding structure returned by the request to me.

When there are multiple clients, it looks like this:

Nginx forward proxy configuration

Configure the proxy address http://google.com through proxy_pass. When we request www.example.com it will be forwarded to http://google.com.

    server {
    
    
        server_name www.example.com;
        listen 80;
        location / {
    
    
            proxy_pass http://google.com;     #设定代理服务器的协议和地址 
            proxy_set_header HOST $host;
        }
    }

summary

The object of the forward proxy is the client, and the real service of the forward proxy is the client. Whether it is one-to-one or many-to-one, the process of client and server requests always hides the client IP, and the server does not know who the client is.

From a client point of view it has the following advantages:

• It can break through access restrictions, so we can access external networks, such as: YouTube, Google. It is an agent controlled by the client (you can open it if you want to, and you can’t open it if you don’t want to), so that you can surf the Internet scientifically

• The forward proxy can hide its real IP, and only the proxy server can know the client's IP

• To improve the access speed, the proxy server can cache resources. When multiple users access the same resource, the proxy server returns the cached resources directly. There is no need to repeatedly request the same resource from the target server.

reverse proxy

A long time ago, when Pharaoh went to a restaurant to eat, he had to go to the restaurant first, order delicious dishes with all kinds of meat and eight vegetables, wait for the food to be served, and then feast on it.

With the third-party food ordering platform (agent), Lao Wang is too lazy to go to the restaurant. Lao Wang makes a phone call or uses an APP, first chooses a restaurant, and then orders the food, and the delivery boy will deliver it to the door.

Due to the reputation of a restaurant of a certain brand is particularly good, diners pour in continuously, and third-party ordering calls are also heard endlessly. However, due to the limited reception capacity of the hotel, it is unable to provide timely service. The boss watched the cooked duck fly away, feeling distressed.

After learning from the pain, the boss has set up several chain restaurants to form a cluster to provide uniform and standard dish service to the outside world. Order by phone at 400-xxx-7777. When diners flood into the main station of the restaurant, the main station will transport the diners to each chain store by bus , In this way, diners do not need to queue up, and all chain stores can operate at high speed, killing two birds with one stone. The boss is very happy, and for this mode of operation, he named it "reverse proxy".

On the Internet, a single server has limited ability to handle client requests. When the client sends too many requests, the server will be overwhelmed. At this time, we can set up multiple servers to share the requests together. These servers provide the same service, and for users, there is no difference at all. We just need to know who the reverse proxy server is. For example: www.baidu.com is our reverse proxy server, and the reverse proxy server will help us forward the request to the real server. Nginx is a reverse proxy server with very good performance, used for load balancing

When there are multiple clients (many-to-many), it looks like this:

Nginx reverse proxy configuration

Regardless of complex configuration, just complete an http reverse proxy

The nginx.conf configuration file is as follows:

conf/nginx.conf It is the default configuration file of nginx. You can also use nginx -c to specify your configuration

    
    //省略
    http {
    
    
        #连接超时时间
        keepalive_timeout  120;
        tcp_nodelay        on;
    
    
        #设定实际的服务器列表
        upstream my_server{
    
    
            server 127.0.0.1:8089;
        }
    
        #HTTP服务器
        server {
    
    
            #监听80端口，80端口是知名端口号，用于HTTP协议
            listen       80;
    
            #定义使用www.xx.com访问
            server_name  www.baidu.com;
    
    		#编码格式
    		charset utf-8;
            #反向代理的路径（和upstream绑定），location 后面设置映射的路径
            location / {
    
    
                proxy_pass http://my_server;
            }
            
            //省略
        }
    }

In the above example, the proxy points to only one server. However, in the actual operation process of the website, most of them operate in the form of clusters, and at this time, load balancing needs to be used to distribute traffic.

    
    //省略
    http {
    
    
        keepalive_timeout  120;
        tcp_nodelay        on;
        #设定实际的服务器列表
        upstream my_server{
    
    
            #weigth参数表示权值，权值越高被分配到的几率越大
            server 192.168.1.11:80   weight=5;
            server 192.168.1.12:80   weight=1;
            server 192.168.1.13:80   weight=6;
        }
    
        server {
    
    
            listen       80;
            server_name  www.baidu.com;
    		charset utf-8;
            location / {
    
    
                proxy_pass http://my_server;
            }
            
            //省略
        }
    }

Nginx provides a variety of load balancing strategies, which will not be described here.

summary

The object of the reverse proxy is the server, and the real service of the reverse proxy is the server. Whether it is one-to-many or many-to-many, the process of client and server requests always hides the server IP, and the client does not know who the server is.

From a server point of view it has the following advantages:

• Hide server IP

• Load balancing, the reverse proxy server can distribute requests to different real servers according to the load condition

• Security protection, the reverse proxy server can be used as an application layer firewall to provide protection for websites against web-based attacks

Summarize

The difference between reverse proxy and forward proxy:

• Forward proxy and reverse proxy target different service groups. The object of forward proxy is the client, and the reverse proxy is the server.

• The "vision" of forward proxy and reverse proxy is different. The server under forward proxy does not know the real IP of the client, and the client under reverse proxy does not know the real IP of the server.

References

https://github.com/dunwu/nginx-tutorial
https://zhuanlan.zhihu.com/p/500768064
https://zhuanlan.zhihu.com/p/25707362