使用 nginx 做反向代理
如果公网 ip 很少,而内网需要对外提供服务的服务器很多,最好的办法就是使用反向代理。大致如下:
首先安装 nginx :
pkg install nginx
或
cd /usr/ports/www/nginx && make install clean
然后再看看 nginx 的配置。
more nginx.conf
worker_processes 4;
error_log /var/log/nginx/nginx-error.log info;
worker_rlimit_nofile 65535;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/nginx-access.log main;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
# 有时候浏览器提交数据会报错,就是这儿设置的太小了导致的,可以适当调整一下
# 请求体缓存区大小
client_body_buffer_size 10m;
# 设置上传文件的最大值
client_max_body_size 300m;
# 隐藏 nginx 的版本号
server_tokens off;
ignore_invalid_headers on;
recursive_error_pages on;
server_name_in_redirect off;
fastcgi_intercept_errors on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
# 开启 gzip 压缩输出
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
server {
listen 80 default;
listen 8080 default;
listen 8081 default;
return 500;
}
# 为了使配置文件利于修改和整理,可以按端口或按域名把需要反向代理的服务器整合在一个配置文件中
include reverse_proxy_80.conf;
include reverse_proxy_443.conf;
include reverse_proxy_8080.conf;
include reverse_proxy_8081.conf;
}
more reverse_proxy_80.conf
server {
listen 80;
server_name www.mydomain.com;
charset utf-8;
access_log /var/log/nginx/www.mydomain.com/access.log main;
error_log /var/log/nginx/www.mydomain.com/error.log info;
location / {
proxy_pass http://www.mydomain.com;
proxy_set_header X-Real-IP $remote_addr;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
然后重启一下 nginx 服务就可以了。
后面的就是在网关上做 NAT 了。
