Original Address: https://www.cnblogs.com/relax-zw/p/9922144.html
The only network service within 2.1 port outside the network map
(A) Network FIG.
(B) a brief description:
As its title, this function may be implemented within the network environment, all of the service port by the forward proxy nginx by a unique port mapping to the external network environment; local service provided and when a particular domain name, the external network may be used as a custom service network the domain name mapping plus port access.
As shown below:
Function: external network access to each domain name service custom + unified mapping port access.
Solve the problem:
(A) port mapping to achieve unlimited amount
Effective solution to insufficient number of ports in the network by the situation, since the conventional external router can support the mapping of port 20, when the demand exceeded only manually replace the corresponding mapped port; but with nginx, we only need to profile added information services to be mapped to realize the need of external mapping and routing without the need to make any changes.
(B) increase the safety factor
a) The network mapping services to access customized domain name, do not know the premise of the corresponding domain name services, public environment is unable to access the corresponding network services.
b) Because the external public network only provides a unique mapping port, even if the visitor knows your public IP and port, due nignx can customize the default settings to access the page for visitors, all services within the network are in relatively safe state.
(C) nginx configuration:
#user nobody;
worker_processes 1; # turn niginx work process, generally a few CUP write a few core
error_log /usr/local/nginx/logs/error.log; # start the log storage path settings
events {
worker_connections 1024; # a process able to handle 1024 requests
}
http {
# Enable gzip compression
gzip on;
# Set the minimum allowed compression byte page (obtained from the header of Content-Length header) is larger than the recommended 1k
gzip_min_length 1k;
# In units 16k, 16k in accordance with the size of the original data in units of 4 times the application memory
gzip_buffers 4 16k;
# Identify the http protocol version, get up early browser may not support gzip self-extracting, users will see garbled
gzip_http_version 1.1;
# Compression level 1-9 but the smallest of the fastest cpu consumption
gzip_comp_level 4;
# Match the type of compression
gzip_types text/plain text/css test/javascript application/json application/javascript application/x-javascript application/xml;
# Settings need compressed data format
gzip_vary on; # enable response header "Vary: Accept-Encoding"
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# Configure access log
access_log /usr/local/nginx/access.log;
upstream mytomcat123{
server 192.168.1.119:15588;
}
upstream isatomcat{
server 192.168.1.119:15587;
}
upstream isatomcat60{
server 192.168.1.60:15587;
}
# Set the virtual host configuration 1
server {
listen 88;
server_name mytomcat123;
# After mapping the same port outside the network, using a different different ip access network services
charset utf-8;
access_log logs/host.access.log;
error_log logs/host.error.log;
location / {
proxy_pass http://mytomcat123;
root html;
index index.html index.htm;
}
}
# 2 set the virtual host configuration
server {
listen 88;
server_name isatomcat;
# After mapping the same port outside the network, using a different different ip access network services
charset utf-8;
access_log logs/host.access.log;
error_log logs/host.error.log;
location / {
proxy_pass http://isatomcat;
root html;
index index.html index.htm;
}
}
# Set the virtual host configuration 3
server {
listen 88;
server_name isatomcat60;
# After mapping the same port outside the network, using a different different ip access network services
charset utf-8;
access_log logs/host.access.log;
error_log logs/host.error.log;
location / {
proxy_pass http://isatomcat60;
root html;
index index.html index.htm;
}
}
}
Test configuration file backup:
Note that the red mark here to configure three network services,
192.168.1.60:15587 (service alias: tomcat60)
192.168.1.119:15587 (service alias: tomcat)
192.168.1.119:15588 (service alias: mytomcat123)
While listening port is 88, I am here to be mapped to the external network, external network access port 10388
(D) Local DNS configuration to facilitate access to the external network
Objective: To quickly locate resolve domain access
Note: Due to the current internal company using a free domain name resolution tool case (old issue) access DNS abnormalities caused by the failure occurs, the method used directly in the external IP network without affecting the work of suggestions to avoid this kind of problem .
a) Windows to configure access verification
Access to C: \ Windows \ hosts file to open the drivers under System32 \ \ etc added
relaxsystem027.gnway.cc isatomcat isatomcat60 mytomcat123
Under Windows tries to access:
As shown below
We can see the three services have access to a common external network port mapping accessed via a custom domain name up. Inexplicable feel very strong, there are none.
Note: the domain name plus a well-mapped port access, the default is the first to jump to a virtual path service nginx configuration; here on the realization of access security policy.
b) Linux configure access verification
Access Edit / etc / hosts
Under Linux access
Taking into account the client access scenarios should all use on windows, not mentioned here verification
Here a little