配置nginx作为反向代理服务器,将部分请求转发到后端的apache2和tomcat服务器上。同时,nginx也提供基础web服务。以下是Nginx反代和web的配置:
/etc/nginx/conf.d/default.conf
server {
listen 8080;
server_name www.domain.fun;# 服务器地址或绑定域名
#请求域名www.domain.fun
location / {
#首页直接从nginx根目录的blog返回
root /usr/share/nginx/html/blog;
index index.html;
}
#访问其他目录反向代理到apache2
location /blog {
#不用设置root和index,默认使用apache2的根目录,如果有其他目录监听的话,需要设置
#root /var/www/html/blog;
#index index.html;
proxy_pass http://127.0.0.1:81;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 8070;
server_name domain.fun;# 服务器地址或绑定域名
location / {
#root /usr/local/tomcat/apache-tomcat-10.1.8/webapps;
#index index.html index.jsp;
proxy_pass http://127.0.0.1:8088;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
nginx监听8080端口,当请求到达8080后,会从location匹配url,如果是/根目录,则从nginx的默认根目录读取,比如这里的/usr/share/nginx/html/blog,如果访问的路径后面有/blog,那么请求就会转发到http://127.0.0.1:81,也就是apache2监听的端口,最终请求到达apache2。记得注释这一句#proxy_set_header X-Forwarded-Host $host;,要不然访问www.doamin.fun没问题,在后面加上www.doamin.fun/test后url会变成http://www.doamin.fun:8080/test,也就是会带上代理服务器nginx的端口。
设置了proxy_set_header指令以便将原始请求的头信息一并发送给后端服务器。其中,X-Forwarded-Host指令设置了请求的原始主机头,X-Forwarded-Proto指令设置了请求的原始协议头。
通过这个配置,Nginx将会正确地将请求转发到Apache服务器上,并保留原始请求的URL和主机头。这样,Apache服务器就可以正确地处理请求,并返回正确的响应了。
/etc/nginx/nginx.conf
当你使用/etc/nginx/conf.d/default文件作为配置文件的时候,删除sites-availabled下的配置文件,以免影响你配置,因为这个文件夹下的配置文件会覆盖你的default配置文件,比较麻烦,如果有最好就删除掉。不放心也先备份。然后修改nginx.conf文件, 注释#include /etc/nginx/sites-enabled/*;这样就不会加载sites-enabled下的配置文件。
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
#
#limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
#limit_req zone=one burst=5;
client_max_body_size 5m;
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_conn addr 10;
add_header X-XSS-Protection "1;mode=block";
#add_header Content-Security-Policy "default-src 'self'; script-src 'self' http://www.anyall.com;";
client_body_timeout 10s;
client_header_timeout 5s;
send_timeout 10s;
keepalive_timeout 60s;
resolver_timeout 8s;
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
#ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}最后修改一下apache2的端口和默认根目录,这里只监听本地,如果需要从互联网访问,别加127.0.0.1
/etc/apache2# cat ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 127.0.0.1:81
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet到这里基本就可以了,apache2还是默认目录/var/www/html。如果有其他项目文件要添加的话,直接放在/var/www/html下面,apache2配置文件增加访问权限,然后去nginx配置文件新加一个location,向上面的/blog一样重启nginx就可以访问了。
