Nginx 可以作为代理服务器,将客户端请求转发到后端服务器,实现负载均衡、缓存等功能。
基本代理配置
简单代理
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
完整代理配置
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
代理指令说明
| 指令 | 说明 |
|---|
proxy_pass | 指定代理服务器的协议和地址 |
proxy_set_header | 设置发送给代理服务器的请求头 |
proxy_redirect | 修改代理服务器返回的响应头 |
常用请求头
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
负载均衡
定义上游服务器
upstream backend {
server backend1.example.com:8080;
server backend2.example.com:8080;
server backend3.example.com:8080;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://backend;
}
}
负载均衡方法
轮询(默认)
upstream backend {
server backend1.example.com:8080;
server backend2.example.com:8080;
server backend3.example.com:8080;
}
最少连接
upstream backend {
least_conn;
server backend1.example.com:8080;
server backend2.example.com:8080;
server backend3.example.com:8080;
}
IP 哈希
upstream backend {
ip_hash;
server backend1.example.com:8080;
server backend2.example.com:8080;
server backend3.example.com:8080;
}
加权轮询
upstream backend {
server backend1.example.com:8080 weight=5;
server backend2.example.com:8080;
server backend3.example.com:8080;
}
服务器参数
upstream backend {
server backend1.example.com:8080 weight=5;
server backend2.example.com:8080 max_fails=3 fail_timeout=30s;
server backend3.example.com:8080 backup;
}
| 参数 | 说明 |
|---|
weight | 服务器权重 |
max_fails | 最大失败次数 |
fail_timeout | 失败超时时间 |
backup | 备用服务器 |
down | 标记服务器不可用 |
max_conns | 最大连接数 |
健康检查
主动健康检查(需要商业版)
upstream backend {
zone backend 64k;
server backend1.example.com:8080;
server backend2.example.com:8080;
}
server {
location / {
proxy_pass http://backend;
health_check;
}
}
被动健康检查
upstream backend {
server backend1.example.com:8080 max_fails=3 fail_timeout=30s;
server backend2.example.com:8080 max_fails=3 fail_timeout=30s;
}
缓存配置
定义缓存路径
proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off;
server {
location / {
proxy_cache my_cache;
proxy_pass http://backend;
}
}
缓存指令
location / {
proxy_cache my_cache;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
proxy_cache_key "$scheme$request_method$host$request_uri";
proxy_cache_bypass $http_cache_control;
add_header X-Cache-Status $upstream_cache_status;
proxy_pass http://backend;
}
HTTPS 代理
代理到 HTTPS 后端
location / {
proxy_pass https://backend;
}
代理到 HTTP 后端(前端 HTTPS)
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
location / {
proxy_pass http://backend;
proxy_set_header X-Forwarded-Proto https;
}
}
WebSocket 代理
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server 127.0.0.1:8000;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
代理超时设置
location / {
proxy_pass http://backend;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
缓冲区设置
location / {
proxy_pass http://backend;
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
}
完整配置示例
基本代理服务器
http {
upstream backend {
server backend1.example.com:8080;
server backend2.example.com:8080;
server backend3.example.com:8080;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
高级代理服务器
http {
# 缓存配置
proxy_cache_path /var/cache/nginx/proxy levels=1:2 keys_zone=proxy_cache:10m max_size=100m inactive=60m;
# 上游服务器
upstream backend {
least_conn;
server backend1.example.com:8080 weight=5;
server backend2.example.com:8080 max_fails=3 fail_timeout=30s;
server backend3.example.com:8080 backup;
keepalive 32;
}
server {
listen 80;
server_name localhost;
# 代理配置
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 缓存
proxy_cache proxy_cache;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
proxy_cache_key "$scheme$request_method$host$request_uri";
add_header X-Cache-Status $upstream_cache_status;
# 超时
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 缓冲
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
}
# 健康检查
location /health {
proxy_pass http://backend/health;
access_log off;
}
}
}
测试配置
sudo nginx -t
sudo nginx -s reload
验证代理
curl -H "Host: example.com" http://localhost/
curl -I http://localhost/
curl -I http://localhost/ | grep X-Cache-Status
最佳实践
- 使用 upstream:方便管理和扩展
- 设置超时:避免长时间等待
- 启用缓存:提高性能
- 健康检查:确保后端可用
- 负载均衡:分担服务器压力
- 监控日志:及时发现异常
