1.反向代理就是 客户端通过访问代理服务器最终访问到真实服务器的过程
反向代理的作用:
(1)保证内网的安全,可以使用反向代理提供WAF功能,阻止web攻击
大型网站,通常将反向代理作为公网访问地址,Web服务器是内网。
(2)负载均衡,通过反向代理服务器来优化网站的负载
配置
upstream backend { ip_hash; #处理session共存 server 47.106.163.103; #真实服务器ip } server { #listen 80 default_server; #listen [::]:80 default_server; listen 443 ; #https 443 端口 服务器必须要开放 443端口 # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! #rker_processes # include snippets/snakeoil.conf; root /var/www/html/default/public; # Add index.php to the list if you are using PHP index index.php index.html ; server_name myinterestis.com www.myinterestis.com ; #server_name 47.106.163.103; ssl on; # 开启https模块 ssl_certificate /var/www/html/default/public/214541076500893.pem; ssl_certificate_key /var/www/html/default/public/214541076500893.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; # 默认请求 location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. #反向代理开始 proxy_pass http://backend; #代理服务器ip #proxy_set_header Host $host; #proxy_set_header X-Real-IP $remote_addr; #proxy_redirect https:// $scheme://; #做https跳转 #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #反向代理结束 if (!-e $request_filename) { rewrite ^(.*)$ /index.php?s=/$1 last; break; } } # 静态文件处理 location ~ \.(txt|jpg|png|js|css|static)$ { #root /var/www/html/default/public/.well-known/; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #请求分发到 fpm location ~ \.php$ { include snippets/fastcgi-php.conf; # # # With php7.0-cgi alone: # fastcgi_pass 127.0.0.1:9000; # # With php7.0-fpm: fastcgi_pass unix:/run/php/php5.6-fpm.sock; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} }