「Nginx」- 反向代理常用配置(proxy_pass)

  CREATED BY JENKINSBOT

问题描述

该笔记将记录:与 proxy_pass 有关的常见问题,以及使用配置

解决方案

使用方法可以参考 Module ngx_http_proxy_module / proxy_pass 文档 

location /some/path/ {
    proxy_pass http://localhost:8000;
    
    proxy_set_header Host              $host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host  $host;
    proxy_set_header X-Forwarded-Port  $server_port;
}

场景:通过不同的 URI 进行反向代理

Module ngx_http_proxy_module / proxy_pass
How to remove the path with an nginx proxy_pass – Server Fault
How can query string parameters be forwarded through a proxy_pass with nginx? – Stack Overflow

问题描述

1)访问 http://example.com/a/foo/auth 地址,则反向代理到 http://127.0.0.1:8443/foo/auth 地址
1)访问 http://example.com/b/foo/auth 地址,则反向代理到 http://127.0.0.1:8993/foo/auth 地址

解决方法

server {
    listen 80;
    server_name example.com;

    location /a/ {
        # 注意,一定要使用 http://127.0.0.1:8443/ 而不是 http://127.0.0.1:8443,否则 传递的 URL 将携带 /a/ 前缀
        # 参考文档对 proxy_pass 的描述(是否携带 URI 的区别)
        proxy_pass http://127.0.0.1:8443/;

        # 传递请求头(默认)
        proxy_pass_request_headers on;

        # 传递请求提(默认)
        proxy_pass_request_body on;
    }

    location /b/ {
        proxy_pass http://127.0.0.1:8993/;
    }

    location / {
        return 404;
    }
}

当然,还有其他配置方法,比如 rewrite正则表达式匹配 location 等等。

注意事项,如果在 location 中使用正则表达式匹配的方式,需要自行处理 GET 参数问题。如下配置: 

server {
...
    location ~ ^/a/(.*)$ {
        proxy_pass http://127.0.0.1:7011/$1$is_args$args;
    }
...
}

场景:反向代理 WebSocket 连接

nginx反向代理WebSocket 

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

upstream websocket {
    server localhost:8282; # appserver_ip:ws_port
}

server {
     server_name test.enzhico.net;
     listen 443 ssl;
     
     location / {
         proxy_pass http://websocket;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;

         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
     }
     
     ssl_certificate /etc/letsencrypt/live/test.enzhico.net/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/test.enzhico.net/privkey.pem;
}

场景:反向代理 HTTPS 服务

nginx as reverse proxy with upstream SSL – Server Fault 

...
server {

    location / {
         proxy_pass                    https://backend.server.ip/;
         proxy_ssl_trusted_certificate /etc/nginx/sslcerts/backend.server.pem;
         # 关闭证书检查
         proxy_ssl_verify              off;
    }
...

参考文献

DNS for Service Discovery with NGINX and NGINX Plus
NGINX Reverse Proxy
nginx反向代理配置