nginx反向代理用做内网域名转发
来源:互联网 发布:梅西和c罗谁厉害 知乎 编辑:程序博客网 时间:2024/05/16 08:53
由于公司内网有多台服务器的http服务要映射到公司外网静态IP,如果用路由的端口映射来做,就只能一台内网服务器的80端口映射到外网80端口,其他服务器的80端口只能映射到外网的非80端口。非80端口的映射在访问的时候要域名加上端口,比较麻烦。并且公司入口路由最多只能做20个端口映射。肯定以后不够用。因此,我们需要通过nginx来做端口转发。
环境准备
nginx
下载地址:http://nginx.org/en/download.html
Openssl
下载地址:http://slproweb.com/products/Win32OpenSSL.html
http服务器搭建
修改nginx.conf文件
server { listen 80; server_name oauth.d.cn; location / { proxy_set_header Host $host; proxy_set_header X-Real-Ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://127.0.0.1:8080/; } }
https服务器搭建
生成密钥
创建ssl文件夹,在该目录下执行如下命令:
openssl genrsa -des3 -out mycert.key 1024 #创建私钥openssl req -new -key mycert.key -out mycert.csr #创建csr证书openssl rsa -in mycert.key -out mycert_nopass.key #去除密码openssl x509 -req -days 365 -in mycert.csr -signkey mycert_nopass.key -out mycert.crt #生成crt证书
sh脚本:
#!/bin/sh#create self-signed server certificate:read -p "Enter your domain [www.example.com]:" DOMAINecho $DOMAINecho "Create server key..."openssl genrsa -des3 -out $DOMAIN.key 1024echo "Create server certificate signing request..."SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=$DOMAIN"openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csrecho "Remove password..."mv $DOMAIN.key $DOMAIN.origin.keyopenssl rsa -in $DOMAIN.origin.key -out $DOMAIN.keyecho "Sign SSL certificate..."openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crtecho "TODO:"echo "Copy $DOMAIN.crt to /etc/nginx/ssl/$DOMAIN.crt"echo "Copy $DOMAIN.key to /etc/nginx/ssl/$DOMAIN.key"echo "Add configuration in nginx:"echo "server {"echo " ..."echo " listen 443 ssl;"echo " ssl_certificate /etc/nginx/ssl/$DOMAIN.crt;"echo " ssl_certificate_key /etc/nginx/ssl/$DOMAIN.key;"echo "}"
修改nginx.conf文件
# HTTPS server # server { listen 443 ssl; server_name oauth.test.com; ssl_certificate mycert.crt; ssl_certificate_key mycert_nopass.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; location / { proxy_set_header Host $host; proxy_set_header X-Real-Ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://127.0.0.1:8080/; } }
nginx.conf完整配置
#user nobody;# 表示工作进程的数量,一般设置为cpu的核数worker_processes 1;#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;#nginx支持的总连接数就等于worker_processes * worker_connectionsevents { #表示每个工作进程的最大连接数 worker_connections 1024;}http { #include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; # 默认情况下,Nginx的gzip压缩是关闭的, gzip压缩功能就是可以让你节省不 # 少带宽,但是会增加服务器CPU的开销哦,Nginx默认只对text/html进行压缩 , # 如果要对html之外的内容进行压缩传输,我们需要手动来设置。 #gzip on; server { listen 80; server_name oauth.d.cn; location / { proxy_set_header HOST $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8080/; } } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # server { listen 443 ssl; server_name oauth.d.cn; ssl_certificate D:/nginx-script/ssl/oauth.d.cn.crt; ssl_certificate_key D:/nginx-script/ssl/oauth.d.cn.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; location / { proxy_set_header HOST $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8080/; } }}
运行脚本
启动
windows
@echo offecho "nginx is starting on port 80"nginx -t -p d:/nginx-script/ -c config/nginx.confnginx -p d:/nginx-script/ -c config/nginx.conf
linux
#!/bin/bashps -fe|grep nginx |grep -v grepif [ $? -ne 0 ]then /usr/local/openresty/nginx/sbin/nginx -t -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf /usr/local/openresty/nginx/sbin/nginx -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf "nginx start"else /usr/local/openresty/nginx/sbin/nginx -t -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf /usr/local/openresty/nginx/sbin/nginx -s reload -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf "nginx reload"fiecho -e "===========================================\n\n"tail -f ../logs/error.log
关闭
windows
@echo offtasklist | findstr /i "nginx.exe"echo "nginx is running, stopping..."rem nginx -s stopTASKKILL /F /IM nginx.exe /Techo "stop ok"
linux
#!/bin/bash/usr/local/openresty/nginx/sbin/nginx -t -p /Users/xx/workspace/nginx-script/ -c config/nginx.conf/usr/local/openresty/nginx/sbin/nginx -s quit -p /Users/xx/workspace/nginx-script/ -c config/nginx.confecho "nginx stop"echo -e "===========================================\n\n"tail -f ../logs/error.log
0 0
- 搭建nginx反向代理用做内网域名转发
- 搭建nginx反向代理用做内网域名转发
- 搭建nginx反向代理用做内网域名转发
- 搭建nginx反向代理用做内网域名转发
- nginx反向代理用做内网域名转发
- 搭建nginx反向代理用做内网域名转发
- nginx反向代理用做域名转发
- 利用nginx的upstream做反向代理解决内网域名转发的问题
- 2.反向代理-域名转发
- 使用反向代理(Nginx)和隧道转发(SSH)实现内网端口映射
- Nginx反向代理转发tomcat
- nginx 转发请求 反向代理
- 同一服务器下配置多域名,去掉Tomcat端口号,Nginx反向代理做转发
- nodejs使用nginx端口转发,端口映射,反向代理,子域名映射到不同端口
- nginx 转发,反向代理配置实例
- Nginx反向代理端口域名无法访问问题解决
- Nginx反向代理多个域名
- Nodejs绑定域名与Nginx反向代理
- L3-003. 社交集群
- 缓冲输入输出字符流(实现用户登录注册)
- 【BZOJ3994】【SDOI2015】约数个数和(莫比乌斯反演)
- 设计模式学习--迭代器模式
- 信号终端处理
- nginx反向代理用做内网域名转发
- 题目标题: 第39级台阶
- bzoj3891
- How tomcat works——16 关闭钩子
- Hibernate原生SQL查询
- 解决sublime text3显示中文小框框和运行浏览器时中文出现乱码。
- Struts2的struts.xml配置文件实例
- L1-016. 查验身份证
- Palindrome----Manacher