Created at 2022-10-28 18:25:45
Last updated at 2022-10-28 18:25:45
4892 Clicks
将nginx作为webapp的前置端,使用nginx控制是否转发给webapp,还是转发给http服务。
其中分发的原来请自行搜索学习。
配置使用了nginx的stream等模块,在Ubuntu 20.04上的Nginx v.1.18.0(来自nginx官方apt源),所需的模块都启用了。
理论上就是通过proxy_protocol从stream将客户端ip传给http,在http的log_format中,将remote_addr更换成proxy_protocol_addr即可。
proxy_protocol在使用时注意,在输出时,使用"proxy_protocol on;"来配置,接受时在listen的末尾加上”proxy_protocol“即可。
但是webapp在接收tcp时,不能处理proxy_protocol,所以在转发给webapp之前,需要再将proxy_protocol去掉,只需多一步转发即可。
具体配置nginx.conf开头内容如下:
stream {
log_format basic '$remote_addr - $remote_user [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
map $ssl_preread_server_name $backend {
webapp6.domain.com unix:/run/nginx-webapp-stream.sock;
webapp.domain.com unix:/run/nginx-webapp-stream.sock;
default 127.0.0.1:443;
}
server {
listen unix:/run/nginx-webapp-stream.sock proxy_protocol;
proxy_pass 127.0.0.1:8443;
}
server {
listen 0.0.0.0:443;
listen [::]:443;
proxy_pass $backend;
ssl_preread on;
proxy_protocol on;
}
}
http {
log_format combined '$proxy_protocol_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
server {
listen 127.0.0.1:80 proxy_protocol;
listen [::1]:443 ssl proxy_protocol;
...
}
}Tags:ITNetworkUbuntuLinuxtrojanproxy
* Раскладной! Сложили-разложили. 5 минут дела!Детские игровые площадки с пластиковыми горками и каче
Created at 2024-04-22 16:34:28
Bitcoin (BTC) might just be the golden opportunity of our era, poised to skyrocket to $200,000 in th
Created at 2024-04-19 07:14:56
Men dating men sample get a bang, consistency, and the belle of relationships in their own unique wa
Created at 2024-04-04 18:27:30
Men dating men experience get a bang, connecting, and the dream of relationships in their own unmatc
Created at 2024-04-03 23:00:39
No Data Found!
@ 2019-2025 OWENDSWANG
Contact me: owendswang@qq.com
Men dating men sample tenderness, consistency, and the dream of relationships in their own unique wa
Created at 2024-04-24 07:31:40