Author: JackTian wechat public ID: Jake_Internet

This is the second day of my participation in Gwen Challenge


In an article in Nginx series (a) | taught you how to setup Nginx services under Linux environment, through the easiest way to let everybody how to setup Nginx services under Linux environment, at the same time also received several readers look forward to the follow-up Nginx series of articles, So we’re not just building for the sake of building services, but we’re leveraging it to provide us with more services. In today’s article, we will further guide you to understand what Nginx forward proxy and reverse proxy and do a simple practical case through these two proxies;

1. Forward proxy

Forward proxy: You can think of the Internet outside the LAN as an extranet world. When a client device in the LAN wants to access the Internet outside the LAN, it needs to configure a proxy server in the browser of the client and access the Internet through the proxy server. The forward proxy service returns the content of Internet websites outside the LAN to the client rather than directly accessing Internet websites outside the LAN through the client device on the LAN.

Forward proxy uses:
  • Access to previously inaccessible resources;
  • Can do cache, accelerate access to resources;
  • Client access authorization, Internet access authentication;
  • The proxy can record user access records and hide user information externally.

Reverse proxy

Reverse proxy: No configuration is required on the client. We only need to send the request to the reverse proxy server. Then the reverse proxy server selects the target server to access the data and returns the data to the client. The reverse proxy server and the target server access the same server. The reverse proxy server knows the IP address of the reverse proxy server, but hides the IP address of the real server. This proxy service is called reverse proxy.

Reverse proxy uses:
  • To ensure Intranet security, the reverse proxy is usually used as the IP address for accessing the public network, and the Web server is the Intranet.
  • Load balancing, through the reverse proxy server to optimize the load of the website;

3. Forward proxy configuration

On the Nginx server, modify the nginx.conf configuration file to a server block in line 35, where the server_name directive does not set the name and IP of the virtual host, use the default. Resolver must be configured. Without this directive, Nginx will not be able to process received IP addresses. Secondly, the Nginx proxy service does not support forward proxy HTTPS sites.

# vi /root/nginx-1.17.0/conf/nginx.conf 35 server {36 resolver 192.168.1.10 # 44 location / { 45 proxy_pass http://$http_host$request_uri; Set the protocol and address of the proxy serverCopy the code

Restart the Nginx service and turn off the firewall and SELINUX.

# ./nginx -s reload
# service iptables stop
# setenforce 0
Copy the code

Configure the proxy server address and port number on the client device to match the configuration of the Nginx server configuration file. In this way, Nginx forward proxy can be used to access the resources that the proxy server can access.

Verify: Enter the Nginx server address in the client browser.

Four, reverse agent preparatory work practice

Effect: On the client, enter the Nginx server address in the browser address bar to access the Tomcat page.

The preparatory work

1. Install Tomcat on the Nginx server, use the default port 8080, decompress the package, go to the bin directory of Tomcat, and run the./startup.sh command to start the Tomcat service.

2. Add external open ports, save the configurations and view them.

3. Use the Browser of the Windows client to access the Tomcat service.

First of all, before installing Tomcat, we need a JDK environment, so we need to check whether the JDK exists on the Nginx server. If so, we can use the JDK of the system first, if not suitable, you can manually install one.

# Java version Java version "1.7.0_45" OpenJDK Runtime Environment (RHEL-2.4.3.3.el6-x86_64 U45-b15) OpenJDK 64-bit Server VM (Build 24.45-B08, Mixed mode)Copy the code

Decompress the Tomcat package, run the startup.sh file in the bin directory to start Tomcat.

# tar -xvf apache-tomcat-7.0.70.tar.gz # CD apache-tomcat-7.0.70 # ls bin conf lib LICENSE logs NOTICE release-notes RUNNING.txt temp webapps work # cd bin/ # ./startup.sh Using CATALINA_BASE: /root/apache-tomcat-7.0.70 Using CATALINA_HOME: /root/apache-tomcat-7.0.70 Using CATALINA_TMPDIR: /root/apache-tomcat-7.0.70/temp Using JRE_HOME: /usr Using CLASSPATH: / root/apache tomcat - 7.0.70 / bin/bootstrap jar: / root/apache tomcat - 7.0.70 / bin/tomcat - juli. Jar tomcat is started.Copy the code

Access the log file to view the startup effect.

# cd logs/
# tail -f catalina.out
Copy the code

In Linux, not all ports are open. To add open ports, run the following command:

# /sbin/iptables -I INPUT -p TCP --dport 80 -j ACCEPT # Add open port # /etc/init.d/iptables save # save configuration # service iptables Iptables # netstat -ntlpCopy the code

Verify on the client device;

5. Reverse Proxy Configuration (1)

Implementation effect

The preparatory work

1. Configure the mapping between domain names and IP addresses in the Host file of the Windows client.

In Windows, find the Hosts file in C:\Windows\System32\drivers\etc, open the Notepad on the local PC as an administrator, find the Hosts file path, and add the domain name and IP address.

After adding the Hosts file, save the file and replace the original Hosts file instead of a. TXT file.

192.168.1.10 www.jacktian.com
Copy the code

In addition to the Windows client configuration, the Nginx server needs to be configured.

# vi /etc/hosts
192.168.1.10 www.jacktian.com
Copy the code

Adding environment variables

# vim /etc/profile.d/nginx.sh
export PATH=/usr/local/nginx/sbin:$PATH
Copy the code

Include vhost/*.conf;

# vim /usr/local/nginx/conf/nginx.conf
35     server {
36         listen       8000;
37         server_name  localhost;
38 
39         #charset koi8-r;
40 
41         #access_log  logs/host.access.log  main;
42 
43         location / {
44             root   html;
45             index  index.html index.htm;
46         }
79     }
116 include vhost/*.conf;
Copy the code

In the /usr/local/nginx/conf/ directory, create a vhost directory, create tomcat.conf in this directory, and add the following configuration:

# mkdir vhost # cd vhost/ # ls tomcat.conf # vim tomcat.conf 1 server { 2 listen 80; 3 server_name 192.168.1.10. 4 5 location / {6 proxy_pass http://192.168.1.10:8080; 8 7}}Copy the code

Access the domain name www.jacktian.com on a Windows client.

6. Reverse Proxy Configuration (2)

Implementation effect

Use the Nginx reverse proxy to jump to a service on a different port based on the path accessed.

The Nginx listening port is 9001

Visit http://192.168.1.10:9001/abc to jump directly to the 192.168.1.10:8080 http://192.168.1.10:9001/def jump straight to 192.168.1.10:8081

The preparatory work

1. Prepare two Tomcat servers with ports 8080 and 8081 respectively;

Create two Tomcat directories under the /root directory.

# mkdir tomcat8080
# mkdir tomcat8081
Copy the code

Cp the apache-tomcat-7.0.70.tar.gz package to the two directories respectively.

# cp -r /root/apache-tomcat-7.0.70.tar.gz /root/tomcat8080
# cp -r /root/apache-tomcat-7.0.70.tar.gz /root/tomcat8081
Copy the code

Viewing the Tomcat Process

# ps -ef | grep tomcat root 3974 3280 16 12:15 pts/3 00:00:00 grep tomcat root 64376 1 0 Jun07 pts/2 00:05:37 / usr/bin/Java - Djava. Util. Logging. Config. The file = / root/apache tomcat - 7.0.70 / conf/logging properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 - Djava. Endorsed inside. Dirs = / root/apache tomcat - 7.0.70 / endorsed inside - the classpath / root/apache tomcat - 7.0.70 / bin/bootstrap jar: / root/apache tomcat - 7.0.70 / bin/tomcat - juli. Jar - Dcatalina. Base = / root/apache tomcat - 7.0.70 - Dcatalina. Home = / root/apache tomcat -- 7.0.70 - Djava. IO. Tmpdir = / root/apache tomcat - 7.0.70 / temp org. Apache. Catalina. Startup. The Bootstrap startCopy the code

Kill the original Tomcat service and check whether the Tomcat service is stopped.

# kill -9 64376
# ps -ef | grep tomcat
root      3994  3280  7 12:23 pts/3    00:00:00 grep tomcat
Copy the code

Modify the configuration file of Tomcat8080 as follows:

# vim /root/tomcat8080/apache-tomcat-7.0.70/conf/server. XML Port=" 8080" protocol="HTTP/1.1" 93 <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />Copy the code

Modify the configuration file of Tomcat8081 as follows:

# vim /root/tomcat8081/apache-tomcat-7.0.70/conf/server. XML 22 < server port="8015" shutdown=" shutdown "> 71 <Connector Port=" 8081" protocol="HTTP/1.1" 93 <Connector port="8019" protocol="AJP/1.3" redirectPort="8443" />Copy the code

Start tomcat8080 and Tomcat8081 services.

#. / tomcat8080 / apache tomcat - 7.0.70 / bin/startup. Sh #. / tomcat8081 / apache tomcat - 7.0.70 / bin/startup. ShCopy the code

validation

Enter 192.168.1.10:8080 and 192.168.1.10:8081 in the address box of the browser to view the page result.

Tomcat8080 create folders and test pages

# CD /root/tomcat8080/apache-tomcat-7.0.70/webapps/ # mkdir ABC # CD ABC / # vim 20200320.html <h1> Welcome to tomcat 8080! </h1>Copy the code

Tomcat8081 create folders and test pages

# mkdir def # CD def/ # vim 20200320.html <h1> Welcome to tomcat 8081! </h1>Copy the code

validation

Enter in the client browser address: see http://192.168.1.10:8080/abc/20200320.html;

2. Configure the reverse proxy to the nginx.conf configuration file of the Nginx server.

# vim /usr/local/nginx/conf/nginx.conf 84 server { 85 listen 9001; 86 server_name 192.168.1.10. 87 88 location ~ / ABC / {89 proxy_pass http://192.168.1.10:8080; 90} 91 92 location ~ /def/ {93 proxy_pass http://192.168.1.10:8081; 95 94}}Copy the code

Location configuration directive description:

Usage: For matching urIs;

Syntax format:

location [ = | ~ | ~* | ^~ ] uri {
}
Copy the code
  • = : Indicates that the request string must match the URI before the URI without the regular expression. If the match is successful, the downward search is stopped and the request is processed.

  • ~ : Indicates that the URI contains regular expressions and is case-sensitive.

  • ~* : indicates that the URI contains a regular expression and is case insensitive.

  • ^~ : the Nginx server needs to find a location with a high degree of matching between the URI and the request string. The Nginx server does not use the request string of the regular URI in the location block for matching.

If a URI contains a regular expression, it must be identified by ~ or ~*.

Edit the firewall configuration file and add ports 8080, 8081, and 9001.

# vim /etc/sysconfig/iptables
6 -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
7 -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
8 -A INPUT -m state --state NEW -m tcp -p tcp --dport 8081 -j ACCEPT
9 -A INPUT -m state --state NEW -m tcp -p tcp --dport 9001 -j ACCEPT
Copy the code

Restart the firewall and view it.

Iptables restart # service iptables status Filter Chain INPUT (policy ACCEPT) Num target prot opt source destination 1 ACCEPT TCP -- 0.0.0.0/0 0.0.0.0/0 state NEW TCP DPT :80 2 ACCEPT TCP -- 0.0.0.0/0 0.0.0.0/0 state NEW TCP DPT :80 3 ACCEPT TCP -- 0.0.0.0/0 0.0.0.0/0 state NEW TCP DPT :8081 4 ACCEPT TCP -- 0.0.0.0/0 0.0.0.0/0 state NEW TCP DPT :9001Copy the code

Finally, restart the Nginx service or reload the configuration file.

# cd /usr/local/nginx/
# cd sbin/
# ls
nginx
# ./nginx -s stop
# ./nginx 
Copy the code

validation

Enter in the client browser address: see http://192.168.1.10:9001/abc/20200320.html;

7. Common Problems

The following error occurs when the Nginx service is restarted:

Nginx: [emerg] Bind () to 0.0.0.0:80 failed (98: Address already in use)Copy the code

Solutions:

If this error occurs, port 80 is occupied. Run the following command to kill the process and start Nginx.

# fuser -k 80/tcp
# ./nginx
Copy the code

conclusion

Through this article, introduced what is forward proxy and reverse proxy, forward proxy and reverse proxy use, forward proxy configuration practice, reverse proxy preparation practice, reverse proxy configuration operation case (1) : You can modify the Hosts file on the Windows client, add the domain name and IP address, and configure a forwarding reverse proxy on the Nginx server. By accessing the domain name of the Nginx server, the client is automatically redirected to the Tomcat home page. The Nginx reverse proxy is used to jump to a service on a different port based on the accessed path.

Original is not easy, if you think this article is useful to you, please kindly like, comment or forward this article, because this will be my power to output more high-quality articles, thank you!

See you next time!