nginx 反向代理設定教學

--- title: nginx 反向代理設定教學 tags: nginx description: nginx 反向代理設定教學 --- # nginx 反向代理設定教學 ## 使用 nginx 反向代理情境使用情境為目前專案要使用前端 Server A 對於後端 Server C 機器做 restful api 的呼叫，前端 Server A 的 ip 為 192.168.1.192、Server B 的 ip 為 10.101.1.192、後端Server C 的 ip 為 10.101.3.154。如下圖所示，Server A 與 Server B 網路相通、 Server B 與 Server C 網路相通，但 Server A 與 Server C 網路並不相通，因此需要在 Server B 架設 nginx 反向代理作為 Server A 與 Server C 的中介點。 ![](https://i.imgur.com/ilnmtzu.png) ### Server C 使用 python3 flask 做為後端新增一個文件 backend.py 內容如下，將服務暴露在 10.101.3.154:9032 端口，當前端對於http://10.101.3.154:9032/api/test 進行 request 時，此時 response {'res': 'test'} 。 ``` # backend.py from flask import Flask import json app = Flask(__name__) CORS(app) @app.route("/api/test", methods = ['GET', 'POST']) def Test(): return json.dumps({'res': 'test'}) if __name__ == "__main__": app.run(host="0.0.0.0", port='9032', debug=True) ``` 後端執行 backend.py ``` $ python3 backend.py ``` ### Server B 建置 nginx 前端要透過 Server B 的 10.101.1.192:10012 端口轉發到 Server C 端口 10.101.3.154:9032 #### 下載 nginx ``` $ sudo apt-get install nginx ``` #### 編譯 nginx default 檔案 ``` $ sudo nano /etc/nginx/sites-enabled/default ``` 修改 default 檔案內容 ``` ## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # https://www.nginx.com/resources/wiki/start/ # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ # https://wiki.debian.org/Nginx/DirectoryStructure # # In most cases, administrators will remove this file from sites-enabled/ and # leave it as reference inside of sites-available where it will continue to be # updated by the nginx packaging team. # # This file will automatically load configuration files provided by other # applications, such as Drupal or Wordpress. These applications will be made # available underneath a path with that package name, such as /drupal8. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## # Default server configuration # server { # 更改為本機端監聽的端口 listen 10012 default_server; listen [::]:10012 default_server; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } # 將監聽端口轉發到以下 url location /api { proxy_pass http://10.104.85.246:9032; } # 傳遞 header 和參數要加入下列 error_page 405 =200 $uri; # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # Virtual Host configuration for example.com # # You can move that to a different file under sites-available/ and symlink that # to sites-enabled/ to enable it. # #server { # listen 80; # listen [::]:80; # # server_name example.com; # # root /var/www/example.com; # index index.html; # # location / { # try_files $uri $uri/ =404; # } #} ``` 重新載入 ngnix 服務 ``` $ sudo service nginx reload ``` ### Server A 前端 Curl 提交請求當 Server C backend.py 啟動以及 Server B nginx 服務啟動，前端 Server A 對 Server B 的 10.101.1.192:10012 端口請求，即可將服務轉發到 Server C 的 10.101.3.154:9032 真實端口。 ``` # curl -X GET http://10.101.1.192:10012/api/test ``` ## Thank you! :dash: You can find me on - GitHub: https://github.com/shaung08 - Email: a2369875@gmail.com