nginx如何代理多个express服务
原创
这其实又是我自己瞎折腾的系列
背景是这样的,我目前有一台服务器,域名已经申请了brzhang.club,证书也申请了,可以看到是https的,安全访问无污染,哈哈!
好的,那么问题来了,我现在想搞一个移动端的事情,自己想起一个服务,比如就使用express来搞,大家知道express得默认端口是3000的,当然你可以改为其他的端口,但是前提条件是,一台服务器上的端口只能不一个应用占用,因此,你想使用443,80,那自然是不可以的。因此,问题来了,我们要不带端口(就是默认80,443了,url上可以不写端口)访问怎么办?
换句话说,我们想这样访问我们的服务:
mobile.brzhang.club 或者 book.brzhang.club
brzhang.club/mobile 或者 brzhang.club/book
可以看到,我上面说的两种方式,一种是子域名的方式,一种是路径区分的方式,那么这两种方式是否都能够实现呢?答案自然是可以的。我们可以用nginx来配置出这两种方式。
nginx的配置原结构图
nginx配置结构图
与之对应的一个较为省略的配置文件大致长成这个模样:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}那么,这里http下的几个概念有必要稍微了解下:
- 第一个是server,其实就是指nginx的一个服务,可以配置多个,甚至同一个端口监听可以配置多个。
- upstream ,这个是做负载均衡用的,server可以结合这个upstream做负载均衡。
- location ,表示路径了,我们上面提到的那种
brzhang.club/book这种方式就是需要路径实现
好,下面就是开始开车了,配置
第一种方式,子域名
我们先搞一个负载均衡,当然你可以可以不搞,没关系
upstream mobile_pool{
server 127.0.0.1:3000;
}然后在搞一个server
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mobile.brzhang.club;
root /usr/share/nginx/html;
ssl_certificate "1_mobile.brzhang.club_bundle.crt";
ssl_certificate_key "2_mobile.brzhang.club.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://mobile_pool;
}
}可以看到location中proxy_pass 对应于上面那个负载均衡,你如果不想搞负载均衡,在这里写死就完了,只有一台机器,也没啥负载不负载的,我这里自我检讨下,有点装逼了,但是既然玩到了,也是要对这个有一定的了解吧。
ok,这里需要注意一下,因为我们配置的是443端口,因此,我们mobile.brzhang.club这个子域名是需要ssl证书的
ssl
如上,我是为这个子域名申请证书了的,但如果是使用的80端口,那就省去申请ssl证书的问题了,但是小程序这种严格要求是https访问的,你就玩不了了。
重启下nginx,子域名这种方式应该就ok啦。
nginx -s reload好的方式是验证一下nginx配置是否正确 nginx -t
第二种方式,路径区分的方式
这种方式就更加简单了,直接在443默认的server下面加一个location即可
location /mobile/{
proxy_pass http://mobile_pool;
}同样的方式,重启ok。
最后,附上的的整个nginx配置
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
#负载均衡池
upstream mobile_pool{
server 127.0.0.1:3000;
}
# Settings for a TLS enabled server.
#
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name localhost;
root /usr/share/nginx/html;
ssl_certificate "1_brzhang.club_bundle.crt";
ssl_certificate_key "2_brzhang.club.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
root html;
index index.html index.htm;
}
location /mobile/{
proxy_pass http://mobile_pool/;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mobile.brzhang.club;
root /usr/share/nginx/html;
ssl_certificate "1_mobile.brzhang.club_bundle.crt";
ssl_certificate_key "2_mobile.brzhang.club.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://mobile_pool;
}
}
# nginx 反向代理配置demo,8888指向3000
# server{
# listen 8888;
# server_name _;
# index index.html index.htm index.php default.html default.htm default.php;
#
# location / {
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $http_host;
# proxy_set_header X-NginX-Proxy true;
# proxy_pass http://127.0.0.1:3000/;
# proxy_redirect off;
# }
# }
}location 中 proxy_pass 结尾带/接不带的区别
- 在nginx中配置proxy_pass时,当在后面的url加上了/,相当于是绝对根路径,则nginx不会把location中匹配的路径部分代理走。
- 如果没有/,则会把匹配的路径部分也给代理走。举两个例子:
location /proxy/ {
proxy_pass http://127.0.0.1:81/;
}
结论:会被代理到http://127.0.0.1:81/test.html 这个urllocation /proxy/ {
proxy_pass http://127.0.0.1:81;
}
结论:会被代理到http://127.0.0.1:81/proxy/test.html 这个url原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读