Nginx reverse proxy practice

An overview of the

Nginx Reverse Proxy A reverse proxy is when the server obtains resources from one or more groups of back-end servers (such as Web servers) in relation to the client based on the client’s request, and then returns these resources to the client. The client only knows the IP address of the reverse proxy, but does not know the existence of the server cluster behind the proxy server.

The role of the reverse proxy

Hide the IP address of the server (cluster) from clients
Security: As an application-layer firewall, it provides protection against Web-based attacks, such as DoS and DDoS, and facilitates malware detection
Provide unified encryption and SSL acceleration for back-end servers (clusters) (such as SSL terminal agents)
Load balancing: If the server cluster has a high load, the reverse proxy obtains the same resources or backup required from the low load person according to the connection request through URL rewriting
Provide caching for static content and dynamic content with a large number of access requests in a short period of time
Compression of some content to save bandwidth or to serve networks with poor network bandwidth
Slow to upload
Provide HTTP access authentication

Practice The Nginx reverse proxy Intranet penetrates port 8081

Objective: To hide port 8081 and access port 8081 by accessing port 80

Implementation steps

We configured the API on port 8081 and successfully deployed it. At this time, 8081 is open to the public, so it is accessible

Take the Ubuntu environment for example

$ cd /etc/nginx/
$ vim nginx.conf
Copy the code

Configure the reverse proxy of port 8081 on the Nginx HTTP node as follows

server { listen 80 default_server; listen [::]:80 default_server; Location/API / {proxy_pass http://127.0.0.1:8081; } location /apidocs/ { proxy_pass http://localhost:8081/api/; index swagger-ui.html; error_page 404 http://localhost:8081/api/swagger-ui.html; }}Copy the code

After the configuration, restart the Nginx service

$ service nginx restart
Copy the code

Visit http://ip/apidocs/swagger-ui.html success

We can turn off the server security group rule, remove port 8081 – security group rule, you can log in aliyun configuration, aliyun as an example, other similar
http://ip/apidocs/swagger-ui.html can still visit
http://ip:8081/api/swagger-ui.html is inaccessible

So far, we have realized the nGINx reverse proxy port 8081, by accessing port 80, proxy to port 8081 purpose
Focus on understanding the Ngnix Location&proxy _pass field rule

Implementation Mode 2: Configure upstream

Under the HTTP node, add the upstream node

upstream demo { 
   server ip:8080; 
   server ip:8081; 
}
Copy the code

Set proxy_pass in the location node under server node to http:// + upstream name

location / { 
      proxy_pass http://demo; 
}
Copy the code

Nginx configure HTTPS support

 # #
        # add cnn SSL Settings
        # #
        server{
                listen 443;
                server_name demo.com;
                ssl on;
                ssl_certificate /etc/nginx/cert/test.pem;
                ssl_certificate_key /etc/nginx/cert/test.key;
                ssl_session_timeout 5m;
                location / {
                							# Root domain name or IP addressproxy_pass http://demo.com; }}Copy the code

An overview of the

The role of the reverse proxy

Practice The Nginx reverse proxy Intranet penetrates port 8081

Implementation steps

Implementation Mode 2: Configure upstream

Nginx configure HTTPS support

Related Posts

Write a Mybatis framework from 0, in 3 steps!

Small white can understand Java IOl flow, the most SAO most complete notes, no one!

Spring IOC container core process source analysis