Nginx concept

  • Nginx is a high-performance HTTP server, reverse proxy server, and email (IMAP/POPP3) proxy server. Developed by Igor Sysoev in Russia,Nginx can support up to 50,000 concurrent links with very low CPU, memory and other resource consumption and runs very stable

Nginx application scenarios

  • HTTP server, virtual host: Nginx is an HTTP service can provide HTTP services independently, can do static web server, can be implemented in a server virtual multiple sites, such as the use of personal websites virtual host
  • Reverse proxy: When the number of visits to a website reaches a certain level and a single server cannot meet user requests, Nginx can be used as a reverse proxy when multiple server clusters are required
  • Load balancing: Multiple servers can share the load evenly, so that no server is idle due to the breakdown of a server due to high load

HTTP server, virtual host

  • Use the Docker installation to run Nginx, create the nginx.conf file in./conf, and configure docker-comemess.yml
version: '3.1'
services: 
 nginx:
  restart: always
  image: nginx
  container_name: nginx
  ports:
   - 80: 80
  volumes:
   - ./conf/nginx.conf:/etc/nginx/nginx.conf	
   - ./wwwroot:/usr/share/nginx/wwwroot
Copy the code
  • Virtual host: virtual host is a special software and hardware technology. Each computer can be divided into multiple virtual hosts on the network, each virtual host can provide WWW services independently, so that a host can provide multiple web services externally, between each virtual host is independent, each other
  • Nginx allows you to configure virtual hosts. Nginx supports three types of virtual host configuration:
    • Ip-based virtual hosting
    • Domain-based virtual hosting
    • Port-based virtual host
  • Nginx configuration file structure: Each server is a host
events {
}

http {
	server{
	}

	server{
	}
}
Copy the code
Domain-based virtual host configuration
  • Requirements:
    • Two domain names point to the same Nginx server, and users accessing different domain names display different web pages
    • The two domain is admin.service.itoken.oxford.com and admin.web.itoken.oxford.com
    • The Nginx server uses vm 192.168.32.255
  • Configure the Windows Hosts file:
    • Modify the Windows hosts file (C: / Windows/System32 / drivers/etc) – SwitchHosts
    • By the host file specifies 192.168.32.255 virtual machine admin.service.itoken.oxford.com and admin.web.itoken.oxford.com
  • Create the directory and file: / usr/local/docker/nginx/below directory to create htmlservice and htmlweb two directories, and create the index respectively. The HTML file
  • Configure the virtual host: modify the/usr/local/docker/nginx/conf directory nginx. Conf configuration file
user nginx; worker_processes 1; events { worker_connections 1024; } http{ include mime.type; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server{ listen 80; Server_name admin.service.itoken.oxford.com # all requests are/start, all request to match the location of the location / {root /usr/local/docker/nginx/wwwroot/htmlservice; Index.html index.htm; } } server{ listen 80; server_name admin.web.itoken.oxford.com location / { root /usr/share/nginx/wwwroot/htmlweb; index index.html index.htm; }}}Copy the code
Port-based virtual host configuration
  • Requirements:
    • Nginx provides two port 80 and 8080 listening services
    • Requesting port 80 requests HTML in the HTML80 directory
    • Request port 8080 request HTML in html8080 directory
  • Create the directory and file: / usr/local/docker/nginx/below directory to create html80 and html8080 two directories, and create two index respectively. The HTML file
  • Configure the virtual host: modify the/usr/local/docker/nginx/conf directory nginx. Conf configuration file
worker_processes 1; events { worker_connections 1024; } http{ include mime.type; default_type application/octet-stream; sendfile on; keepalive_timeout 65; 192.168.32.255:80 listen 80 192.168.32.255:80 listen 80 Server_name 192.168.32.255; # all requests start with /, all requests match this location location / {# use the root directive to specify the virtual host directory, that is, the directory where the web pages are stored # for example: visit http://ip/index.html to find / usr/local/docker/nginx/below/html80 / index. The HTML #, for example: http://ip/item/index.html will find it /usr/local/docker/nginx/wwwroot/html80/item/index.html root /usr/share/nginx/wwwroot/html80; Index.html index.htm; }} # 192.168.32.255 server{listen 8080; Server_name 192.168.32.255; location / { root /usr/share/nginx/wwwroot/html8080; index index.html index.htm; }}}Copy the code

Nginx reverse proxy

Proxy server

The client does not directly send requests to the destination host. The proxy server receives the request from the client and then sends it to the host. The proxy server receives the data returned by the destination host and stores it on the proxy server’s hard disk before sending it to the client

Role of proxy server
  • Improve access speed: because the data returned by the target host is stored in the hard disk of the proxy server, the next time customers visit the same site data, it will be directly read from the hard disk of the proxy server, playing a role of cache, especially for popular sites can significantly improve the request speed
  • What the firewall does: Because all client requests must go through the proxy server to the remote site, restrictions can be placed on the proxy server to filter out some insecure information
  • Access inaccessible target sites through proxy servers: There are many open proxy servers on the Internet, and clients can access target sites through unrestricted proxy servers when access is restricted
Forward agent

Set up between the client and the target host, only used to proxy the internal network to the Internet connection requests, the client must specify a proxy server, and the HTTP request that would have been sent directly to the Web server to send to the proxy server

The reverse proxy

The reverse proxy server is set up on the server side, through the buffer is often requested page to alleviate the workload of server, client request is forwarded to internal target server on the network, and from the server to get results back to the Internet client request connection, proxy server at this time with the target host foreign performance for a server

Reverse proxy Application
  • Prevents the Internet from attacking Intranet servers
  • Caching to reduce server stress
  • Access security control
  • Load balancing to distribute user requests to multiple servers
Nginx reverse proxy Tomcat
  • Start Tomcat containers: Start two Tomcat containers, map ports 9090 and 9091, and configure docker-comemess.yml
version: '3'
services:
 tomcat1:
  image: tomcat
  container_name: tomcat1
  ports:
   - 9090: 8080
 tomcat2:
  image: tomcat
  container_name: tomcat2
  ports:
   - 9091: 8080
Copy the code
  • Configure Nginx reverse proxy: modify the/usr/local/docker/Nginx/conf directory Nginx. Conf configuration file
user nginx; worker_processes 1; events { worker_connection 1024; } http { include mime.type; default_type application/octet-stream; sendfile on; keepalive_timeout 65; Upstream tomcat_server1 {server 192.168.32.255:9090; Upstream tomcat_server2{server 192.168.32.255:9091; } server { listen 80; Server_name admin.service.itoken.oxford.com # all requests are/start, all request to match the location of the location / {# the domain name Admin.service.itoken.oxford.com request forwarded to all tomcat_server1, namely tomcat1 proxy_pass http://tomcat_server1; on the server Index.jsp index.html index.htm; } } server{ listen 80; Server_name admin.web.itoken.oxford.com location / {# all forwarded to the request of the domain name admin.web.itoken.oxford.com tomcat_server2, namely tomcat2 server  proxy_pass http://tomcat_server2; index index.jsp index.html index.htm; }}}Copy the code

Nginx load balancing

Load balancing
  • Based on the existing network structure, load balancing provides a cheap, effective and transparent method to expand the bandwidth of network devices and servers, increase the throughput, strengthen the network data processing ability, and improve the flexibility and availability of the network
  • Load Balance is distributed among multiple operation units, such as the Web server,FTP server, enterprise critical application server, and other critical task servers, to jointly complete work tasks
Nginx implements load balancing
  • Requirements:
    • As a load balancing server, nginx first sends user requests to Nginx and then forwards the requests to the Tomcat server based on the load balancing configuration
    • Nginx load balancing server :192.168.32.255:80
    • Tomcat server :192.168.32.255:9090
  • Nginx configuration load balancing: modify the/usr/local/docker/Nginx/conf Nginx. Under the conf configuration file
user nginx; worker_processes 1; events { worker_connection 1024; } http { include mime.type; default_type application/octet-stream; sendfile on; keepalive_timeout 65; Upstream myapp {server 192.168.32.255:9090 weight=10; Server 192.168.32.255:9091 weight = 10; } server{ listen 80; server_name nginx.oxford.com; location / { proxy_pass http://myapp; index index.jsp index.html index.htm; }}}Copy the code

Nginx solves cross-domain problems

Cross-domain problem

  • Cross-domain problems occur when Ajax requests are made on the browser side
  • Cross-domain: browsers cannot execute scripts from other sites. This is due to the same origin policy of the browser, a security restriction that the browser imposes on JavaScript

homologous

  • Same-origin: the domain name, protocol, and port are the same

A way to solve cross-domain problems

Use CORS(Cross-resource Sharing) to solve cross-domain problems
  • CORS, a W3C standard that stands for “Cross-Origin Resource Sharing,” allows browsers to issue XMLHttpRequest requests to cross-source servers, overcoming the limitation that Ajax can only be used in the same source
  • CORS requires both browser and server support
  • Currently, all browsers support this function, and Internet Explorer cannot be lower than Internet Explorer 10.
  • The entire CORS communication process is completed automatically through the browser without user participation. For developers,CORS communication is no different from same-origin Ajax communication, with the code exactly the same.
  • As soon as the browser discovers that an Ajax request crosses the source, it automatically adds some additional headers, and sometimes an additional request, but the user doesn’t feel it
  • The key to CORS communication is the server. As long as the server implements THE CORS interface, it can communicate across domains
  • Set access-Control-allow-Origin in header (controller class annotated @crossorigin (value=”*”))
Use JSONP to solve cross-domain problems
  • JSONP:(JSON with Padding) JSONP:(JSON with Padding) JSONP:(JSON with Padding
  • Due to the same origin policy, the web pages of server1.example.com cannot be accessed from the server of Server2.example.com, with the exception of HTML < script> elements
  • Using the open strategy of < Script > elements, web pages can get JSON data dynamically generated from other sources, using a pattern called JSONP
  • The data captured with JSONP is not JSON, but arbitrary JavaScript, executed with a JavaScript translator rather than parsed with a JSON parser
  • The target server is required with a callback function

  • Comparison between CORS and JSONP:
    • CORS is used for the same purpose as JSON, but is more powerful than JSONP
    • CORS supports all types of HTTP requests
    • JSONP only supports GET requests. JSON has the advantage of supporting older browsers and being able to request data from sites that do not support CORS

Nginx reverse proxy solves cross-domain problems

  • Nginx reverse proxies can be used to resolve cross-domain problems when the server is unable to set headers or provide callback functions
Nginx configuration across domains
  • In/usr/local/docker/nginx/conf in nginx. The increase in the location in the conf configuration (Get: font cross-domain) :
Add_header access-control-allow-origin * add_header Access-Control-Allow-Headers X-Requested-with; add_header Access-Control-Allow-Methods GET,POST,OPTIONS;Copy the code
  • Configuration/usr/local/docker/nginx/conf in nginx. Conf configuration file (POST: upload a file) :
user nginx; worker_processes 1; events { worker_connection 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80; server_name upload.myshop.com; add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-with,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Ra nge'; The location / {proxy_pass http://192.168.32.255:8888; if($request_method = 'OPTIONS'){ add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Headers X-Requested-with; add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,PATCH,OPTIONS; Add_header access-control-allow-headers' = POST; add_header access-control-allow-headers' = POST; 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-with,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Ra nge; return 200; }}}}Copy the code