准备三台机器,一台作为代理(ip:192.168.122.150 ;hostname:proxy),一台作为client(ip:192.168.122.1;hostname:client),一台作为后端服务器(ip :192.168.122.64
;hostname: really)。
实验一:客户端通过proxy的ip访问nginx时,以本地页面响应;通过http://192.168.122.150/test 访问时,代理到后端服务器上,后端服务器的nginx的访问日志显示真实访问自己的主机,即客户端。
#在后端服务器准备页面
[root@really ~]# cat /webroot/test/index.html
welcome to really world
[root@really ~]# vim /etc/nginx/conf.d/default.conf
location /test {
root /webroot;
index index.html;
}
#分别从client和proxy测试后端服务器准备的页面能否正常访问
[root@chenjiaqi ~]# links --dump http://192.168.122.64/test/
welcome to really world
[root@proxy ~]# links --dump 192.168.122.64/test
welcome to really world
#修改proxy配置文件,实现访问192.168.122.150/forum时访问的是在后端服务器准备好的页面
[root@proxy ~]# vim /etc/nginx/conf.d/default.conf
location /forum {
proxy_pass http://192.168.122.64/test;
}
[root@proxy ~]# nginx -t
[root@proxy ~]# nginx -s reload
#设置proxy自己的本地页面
[root@proxy ~]# echo "hello,I'am proxy" > /usr/share/nginx/html/index.html
#测试客户端访问proxy的本地页面和代理功能
[root@chenjiaqi ~]# links --dump http://192.168.122.150/
hello,I'am proxy
[root@chenjiaqi ~]# links --dump http://192.168.122.150/forum
welcome to really world
#检查日志发现后端服务器的访问日志不能显示真实访问自己的主机
[root@really ~]# tail -5 /var/log/nginx/access.log
192.168.122.150 - - [21/Sep/2018:15:53:55 +0800] "GET /test/ HTTP/1.0" 200 24 "http://192.168.122.150/forum" "ELinks/0.12pre6 (textmode; Linux; -)" "-"
192.168.122.150 - - [21/Sep/2018:15:53:57 +0800] "GET /test HTTP/1.0" 301 185 "-" "ELinks/0.12pre6 (textmode; Linux; -)" "-"
192.168.122.150 - - [21/Sep/2018:15:53:57 +0800] "GET /test/ HTTP/1.0" 200 24 "http://192.168.122.150/forum" "ELinks/0.12pre6 (textmode; Linux; -)" "-"
192.168.122.150 - - [21/Sep/2018:15:53:58 +0800] "GET /test HTTP/1.0" 301 185 "-" "ELinks/0.12pre6 (textmode; Linux; -)" "-"
192.168.122.150 - - [21/Sep/2018:15:53:58 +0800] "GET /test/ HTTP/1.0" 200 24 "http://192.168.122.150/forum" "ELinks/0.12pre6 (textmode; Linux; -)" "-"
#修改proxy配置,重新做访问测试发现在日志最后显示真实访问主机
[root@proxy ~]# vim /etc/nginx/conf.d/default.conf
location /forum {
proxy_pass http://192.168.122.64/test;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
[root@proxy ~]# nginx -s reload
[root@chenjiaqi ~]# links --dump http://192.168.122.150/forum
welcome to really world
[root@really ~]# tail -5 /var/log/nginx/access.log
192.168.122.150 - - [21/Sep/2018:15:57:07 +0800] "GET /test/ HTTP/1.0" 200 24 "http://192.168.122.150/forum" "ELinks/0.12pre6 (textmode; Linux; -)" "192.168.122.1"
192.168.122.150 - - [21/Sep/2018:15:57:08 +0800] "GET /test HTTP/1.0" 301 185 "-" "ELinks/0.12pre6 (textmode; Linux; -)" "192.168.122.1"
192.168.122.150 - - [21/Sep/2018:15:57:08 +0800] "GET /test/ HTTP/1.0" 200 24 "http://192.168.122.150/forum" "ELinks/0.12pre6 (textmode; Linux; -)" "192.168.122.1"
192.168.122.150 - - [21/Sep/2018:15:57:09 +0800] "GET /test HTTP/1.0" 301 185 "-" "ELinks/0.12pre6 (textmode; Linux; -)" "192.168.122.1"
192.168.122.150 - - [21/Sep/2018:15:57:09 +0800] "GET /test/ HTTP/1.0" 200 24 "http://192.168.122.150/forum" "ELinks/0.12pre6 (textmode; Linux; -)" "192.168.122.1"
#假如把后端服务器的端口改为8080,第一次请求结束后,第二次请求时,client----->proxy:8080回给客户端的是8080,所以下一次访问时就会访问8080,但是代理端并没有8080端口,所以需要代理重定向
[root@really ~]# vim /etc/nginx/conf.d/default.conf
listen 8080;
[root@chenjiaqi ~]# links --dump http://192.168.122.64/test
ELinks: Connection refused
[root@chenjiaqi ~]# links --dump http://192.168.122.64:8080/test
welcome to really world
[root@proxy ~]# vim /etc/nginx/conf.d/default.conf
[root@proxy ~]# nginx -s reload
location /forum {
proxy_pass http://192.168.122.64:8080/test;
proxy_redirect default;#代理是80,后端是8000,所以需要呼叫转移
proxy_set_header x-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
proxy_busy_buffers_size 256k;
proxy_max_temp_file_size 256k;
}
[root@chenjiaqi ~]# links --dump http://192.168.122.150/forum
welcome to really world