“This is the second day of my participation in the Gwen Challenge in November. See details: The Last Gwen Challenge in 2021”
directory
- preface
- The body of the
- At the end
preface
Backend developers often use nginx tools, so we have to ask: what exactly does it do? Today we are going to use an example to find out!
The body of the
The whole thing is like this, I developed a service, external interface is HTTP protocol. However, other services, especially web pages, use HTTPS to avoid browser alarms and errors caused by the combination of HTTPS and HTTP. Therefore, something needs to be done about it.
Here’s a question. If it were you, how would you handle it?
You might also want to use Nginx, or repackage the corresponding HTTPS interface yourself. Both methods have their advantages and disadvantages. The advantage of the first method is that it does not need to modify the code and can be flexibly set by using Nginx at deployment time. The disadvantage is that the service itself does not support HTTPS, so it needs to work with Nginx. The advantage of the second method is that the service supports both HTTP and HTTPS protocols, which is more powerful. However, its disadvantages are also very obvious, requiring modification of the code and a certain amount of development work.
After weighing the pros and cons, especially considering the time factor, the first solution is temporarily decided to be implemented by configuring Nginx.
Nginx configuration file: nginx configuration file:
Upstream bag-API {server 47.4.5.13:9905; } upstream minio-API {server 47.4.5.13:9002; } server { listen 80; Server_name 47.4.5.13; rewrite ^ https://$http_host$request_uri? permanent; } server { listen 443 ssl ; ssl_certificate /etc/nginx/certs/service.cert; ssl_certificate_key /etc/nginx/certs/service.key; ssl_session_timeout 5m; ssl_session_cache shared:SSL:10m; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH:AESGCM:HIGH:! RC4:! DH:! MD5:! aNULL:! eNULL; ssl_prefer_server_ciphers on; Cn; server_name 47.4.5.13 lozen. 007. access_log logs/vhost_access.log ; error_log logs/vhost_error.log; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; location ^~ /bag { expires -1; proxy_pass http://bag-api; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location ^~ /test { expires -1; proxy_pass http://minio-api; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}Copy the codeBased on the above configuration, we know that two policies are configured. When an HTTPS request matches the BAG or test field, the corresponding HTTP interface is forwarded respectively. So as to achieve HTTPS protocol to HTTP protocol mutual conversion, to meet the requirements mentioned in the beginning.
At the end
The method described in this article essentially takes advantage of nginx reverse proxy capabilities, and we can see the power of nginx through this example. Therefore, it is very necessary to master the use of Nginx for back-end development partners. Through this event, I also have a new understanding and understanding of the reverse proxy function of Nginx.
About the author: Hello, everyone, I am Liuzhen007, an audio and video technology lover, CSDN blog expert, huawei cloud community cloud sharing expert, welcome to follow me to share more dry products!