ngx_http_proxy_module模块:
The ngx_http_proxy_module module allows passing requests to another server.
1、proxy_pass URL
Context: locatlon, if in location, limit_except
注意:proxy_pass后面的路径不带uri时,其会将location的uri传递给后端主机;
server {...server_name HOSTNAME;location /uri/ {proxy http://hos[:port];}...
}
http://HOSTNAME/uri--> http://host/uriproxy_pass后面的路径是一个uri时,其会将location的uri替换为proxy_pass的uri
server {...server_name HOSTNAME;location /uri/ {proxy http://host/new_uri/;}...
}
http://HOSTNAME/url/ --> http://host/new url/如果location定义其url时时使用了正则表达式的模式,则proxy.pass之后必须不能使用ur;用户请求时传递的ur!将直接附加代理到的服务的之后
server {...server_name HOSTNAME;location ~ | ~* /uri/ {proxy http://host;}...
}
http://HOSTNAME/uri/ --> http://host/ui/;2、proxy_set_heacer field value
设定发往后端主机的请求报文的请求首部的值;Context:http,server,location
proxy_set header X-Real-IP $remote_addr
proxy_set header X-Forwarded-For $proxy_add_x_forwarded_for;
3、proxy_cache_path
定义可用于proxy功能的缓存;Context: http
proxy_cache_path path [levels=levels] [use_temp_path=on | off] keys_zone=name:size [inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_thres_hold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on | off] [purger_files=number] [purger_sleep=time]
[purger threshold=time];
4、proxy_cache zone | off:
指明要调用的缓存,或关闭缓存机制:Context: http,server,location
5、proxy_cache_key string;
缓存中用于“键”的内容;
默认值:proxy_cache_key $scheme$proxy_host$request_uri
6、proxy_cache_valid [code ...] time
定义对特定响应码的响应内容的缓存时长;
定义在http{....}中;
proxy_cache_path /var/cache/nginx/proxy_cache levels=1:1:1 keys_zone=pxycache:20m max_size=1g;
定义在需要调用缓存功能的配置段,例如server{...};
proxy_cache pxycache;
proxy_cache_key $request_uri;
proxy_cache _valid 200 302 301 1h;
proxy_cache_valid any 1m,
7、proxy_cache_use_stale
proxy_cache_use_stale error | timeout | invalid_header | updating | http_500 | http_502 | http_503 | http 504 | http_403 |http 404 off...
Determines in which cases a stale cached response can be used when an error occurs during communicatlon with the proxied server.
8、proxy_cache_methods GET | HEAD | POST ...
if the client request method is listed in this directive then the response will be cached. "GT" and "HEAD" methods are always added to the list, though it is recommended to specify them explicitly.
9、proxy_hide_header field;
By default, nginx does not pass the header fields"Date","Server, "X-Pad", and"X-Accel..." from the response of a proxied server to a client. The proxy_hide_header directive sets additional fields that will not be passed.
10、proxy_connect_timeout time;
Defines a timeout for establshing a connection with a proxied server. it should be noted that this timeout cannot usualy exceed 75 seconds
默认为60s;
ngx_http_headers_module模块
The ngx_http_headers_module module allows adding the "Expires" and "Cache-Control" header fields, and arbitrary fields, to a response header.
向由代理服务器响应给客户端的响应报文添加自定义首部,或修改指定首部的值;
1、add_header name value [always];
添加自定义首部:
add_header X-Via $server_addr;
add_header X-Accel $server_name;
2、expires [modified] time;
expires epoch | max | off;
用于定义Expire或Cache-Control首部的值:
ngx_http_fastcgi_module模块:
The ngx_http_fastcgi_module module allows passing requests to a FastCGl server.
1、fastcgi_pass address;
address为fastcgi server的地址:location,if in location ;
2.fastcgi_index name;
fastcgi默认的主页资源:
3.fastcgi_param parameter value [if_not_empty];
Sets a parameter that should be passed to the FastCGI server. The value can contain text, variables, and their combination.
配置示例1:
前提:配置好fpm server和mariadb-server服务;
location ~*\.php$ {root /usr/share/nginx/html;fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;include fastcgi_params;
}配置示例2:通过/pm_status和/ping来获取fpm server状态信息;
location ~*^/(pm_status|ping)$ {include fastcgi_params;fastcgI_pass 127.0.0.1:9000;fastcgI_param SCRIPT_FILENAME $fastcgi_script_name;
}- fastcgi_cache_path path [levels=levels] [use_temp_path=on | off] keys_zone=name:size [inactive=time] [max_size=size] [manaeer_files=number] [manager_sleep=time]
[manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on | off] [purger_files=number] [purger_sleep=time]
[purger_threshold=time];
定义fastcgi的缓存:缓存位置为磁盘上的文件系统,由path所指定路径来定义;
levels=levels:缓存目录的层级数量,以及每一级的目录数量 eveIs=ONE:TWO:THREE
leves=1:2:2
keys_zone=name:size
k/v映射的内存空间的名称及大小
inactive=time
非活动时长
max_size=size
磁盘上用手缓存数据的缓存空间上限
5. fastcgi_cache zone | off:
调用指定的缓存空间来缓存数据:http,server,location
6.fastcgi_cache_key string;
定义用作缓存项的key的字符串;
7、fastcgi_cache_methods GET | HEAD | POST ...;
为哪些请求方法使用缓存:
8.fastcgi_cache_min_uses number.
缓存空间中的缓存项在inactive定义的非活动时间内至少要被访问到此处所指定的次数方可被认作活动项;
9、fastcgi_cache_valid [code ...] time;
不同的响应码各自的缓存时长;
示例:
http {...fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2:1 keys_zone=fcgi:20m inactive=120s;...server {....location ~*\.php$ {...fastcgi_cache fcgl;fastcgi_cache_key $request uri;fastcgi_cache_valld 200 302 10m;fastcgi_cache_valld 301 1h;fastcgi_cache_valld any 1m;...}...}...}10、fastcgi_keep_conn on | off;
By default, a fastCGI server will close a connection right after sending the response. However, when ths directive is set to the value on, nginx will instruct a FastCGI server to keep connections open.
ngx_http_upstream_module
The ngx_http_upstream_module module is used to define groups of servers that can be reerenced bythe proxy_pass, fastcgi_pass, uwsgi_pass, scgi_pass, and memcached_pass directives.
(1)upstream name{...}
定义后端服务器组;引入一个新的上下文;只能用于http{}分上下文中;
默认的调度方法是wrr:
(2)server address [parameters];
定义服务器地址和相关的参数
地址格式:
IP[:PORT]
HOSTNAME[:PORT]
unix:/PATH/TO/SOME_SOCK_FILE
参数:
weight=number
权重,默认为1;
max_fails=number
失败尝试的最大次数:
fail_timeout=time
设置服务器为不可用状态的超时时长:
backup
把服务器标记为"备用"状态;
down
手动标记其为不可用:
(3) least_conn;
最少连接调度算法;当server拥有不同的权重时为wic;当所有后端主机的连接数相同时,则使用wrr进行调度;
(4)ip_hash;
源地址hash算法;能够将来自同一个源IP地址的请求始终发往同一个upstream server;
(5)hash key [consistent];
基于指定的key的hash表实现请求调度,此处的key可以文本、变量或二者的组合;
consistent:参数,指定使用一致性hash算法;
示例:
hash $request_url consistent
hash $remote_addr
hash $cookie_name
(6)keepalive connections;
可使用长连接的连接数量;每worker与后端服务保持的最大空闲长连接数量;
ngx_stream_core_module
The ngx_stream_core_module module is avaable since version 1.9.0. This module s not butby default,it should be enabled with the --with-stream configuration parameter
(1) listen address:port [ssl] [udp] [backlog=number] [bind] [ipv6only=on | off] [reuseport] [so_keepalive=on | off | [keepidle]:[keepintvl]:[keepcnt]]
监听的端口;
默认为tcp协议;
udp: 监听udp协议的端口
ngx_stream_proxy module
The ngx _stream_proxy_module module (1.9.0) allows proxying data streams over TCP, UDP (1.9.13), and UNIX-domaln sockets.
(1)proxy_pass address;
Sets the address of a proxied server. The address can be specified as a domain name or IP address, and a por or as a UNIX-domain socket path
(2)proxy_timeout timeout;
Sets the timeout between two succesive read or wrte operations on client or proxied server coneclons. if no data is transmitted wthin this time. the connection is closed.
默认为10m;
(3)proxy_connect_timeout time;
Defines a timeout for establishing a connection with a proxied server
设置nginx与被代理的服务器尝试建立连接的超时时长;默认为60s;
示例:
stream {upstream sshsrvs {server 192.168.10.130:22:server 192.168.10.131:22:hash $remote_addr consistent;}server {listen 192.168.204.6:22202proxy_pass sshsrvs;proxy_timeout 60s;proxy_connect_timeout 10s;}
}编译安装:
前提:开发环境,包括nginx编译要启用的功能依赖到的开发库;
# yum groupinstall "Development Tools" "Server Platform Development"
# yum -y pcre-devel openssl-devel
编译过程:
# ./configure --prefix=/usr/local/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=
/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=nginx --group=nginx --with-http_ssl_module
--with-http_stub_status_module --with-http_fiv_module --with-http_mp4_module --wth-threads --with-file-aio# make && make installepel仓库中的nginx的configure脚本参数:
--prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/
nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp
-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/
nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-
path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-compat --with-debug --with-file
-aio --with-google_perftools_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module
--with-http_degradation_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-
http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module
--with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_
stub_status_module --with-http_sub_module --with-http_v2_module --with-http_xslt_module=dynamic --with-mail=dynamic
--with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_
preread_module --with-threads --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=
generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'nginx官方仓库中的nginx的unit file:
[Unit]
Description=nginx-high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target[Service]
Type=forking
PIDFlle=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true[Install]
WantedBy=multi-user.targetepel仓库中的nginx的unit file:
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true[Install]
WantedBy=multi-user.target
下载及安装教程)
)