Nginx 反向代理配置
Nginx 反向代理配置
什么是反向代理
反向代理是指 Nginx 代表后端服务器接收客户端请求,然后将请求转发给后端服务器,并将响应返回给客户端。客户端不知道实际的后端服务器地址。
基本反向代理配置
简单代理
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
完整代理配置
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://backend;
# 设置代理头
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 超时设置
proxy_connect_timeout 30s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 缓冲设置
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
}
}
Upstream 配置
定义后端服务器组
upstream backend {
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://backend;
}
}
带参数的 Upstream
upstream backend {
# 权重
server 192.168.1.10:8080 weight=3;
server 192.168.1.11:8080 weight=2;
server 192.168.1.12:8080 weight=1;
# 备用服务器
server 192.168.1.13:8080 backup;
# 最少连接
least_conn;
# 保持连接
keepalive 32;
}
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://backend;
# 保持连接配置
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
负载均衡算法
轮询(默认)
upstream backend {
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}
加权轮询
upstream backend {
server 192.168.1.10:8080 weight=5;
server 192.168.1.11:8080 weight=3;
server 192.168.1.12:8080 weight=2;
}
IP 哈希
upstream backend {
ip_hash;
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}
最少连接
upstream backend {
least_conn;
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}
代理缓存
配置缓存
# 在 http 块中定义缓存路径
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m;
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://backend;
# 启用缓存
proxy_cache my_cache;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
# 缓存键
proxy_cache_key "$scheme$request_method$host$request_uri";
# 缓存状态头
add_header X-Cache-Status $upstream_cache_status;
}
}
WebSocket 代理
upstream websocket {
server 192.168.1.10:8080;
}
server {
listen 80;
server_name ws.example.com;
location /ws {
proxy_pass http://websocket;
# WebSocket 配置
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 超时设置
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
}
代理缓冲
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://backend;
# 缓冲配置
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
# 代理缓冲临时目录
proxy_temp_path /var/cache/nginx/proxy_temp 1 2;
}
}
实践案例
部署 Spring Boot 应用
upstream springboot {
server 192.168.1.10:8080;
server 192.168.1.11:8080;
keepalive 32;
}
server {
listen 80;
server_name api.example.com;
# 重定向到 HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name api.example.com;
ssl_certificate /etc/ssl/certs/api.example.com.crt;
ssl_certificate_key /etc/ssl/private/api.example.com.key;
location / {
proxy_pass http://springboot;
# 代理头
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 保持连接
proxy_http_version 1.1;
proxy_set_header Connection "";
# 超时
proxy_connect_timeout 10s;
proxy_read_timeout 30s;
}
}
部署微服务
upstream user-service {
server 192.168.1.10:8081;
server 192.168.1.11:8081;
}
upstream order-service {
server 192.168.1.10:8082;
server 192.168.1.11:8082;
}
upstream product-service {
server 192.168.1.10:8083;
server 192.168.1.11:8083;
}
server {
listen 80;
server_name micro.example.com;
# 用户服务
location /api/user {
proxy_pass http://user-service;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# 订单服务
location /api/order {
proxy_pass http://order-service;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# 商品服务
location /api/product {
proxy_pass http://product-service;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
常见问题
502 Bad Gateway
# 检查后端服务
curl -v http://192.168.1.10:8080
# 检查 Nginx 错误日志
sudo tail -f /var/log/nginx/error.log
504 Gateway Timeout
# 增加超时时间
proxy_connect_timeout 60s;
proxy_read_timeout 120s;
最佳实践
- 使用 upstream 定义后端服务器组
- 配置合适的超时时间
- 启用代理缓冲
- 使用缓存提高性能
- 配置健康检查
总结
Nginx 反向代理是构建高性能 Web 架构的核心组件。通过合理配置 upstream、负载均衡和缓存,可以实现高可用、高性能的服务架构。