Nginx反向代理及反向代理负载均衡

1.反向代理实验环境

#172.25.254.10 RS1 172.25.254.20 RS2

$root@RSX \~$ # dnf install httpd -y

$root@RSX \~$ # systemctl enable --now httpd

$root@RSX \~$ # echo 172.25.254.20 > /var/www/html/index.html

在主机中测试

$root@Nginx \~$ # curl 172.25.254.10

172.25.254.10

$root@Nginx \~$ # curl 172.25.254.20

172.25.254.20

2.简单的代理方法

$root@RS2 \~$ # mkdir /var/www/html/web

$root@RS2 \~$ # echo 172.25.254.20 web > /var/www/html/web/index.html
$root@Nginx \~$ # vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.timinglee.org;

location / {

proxy_pass http://172.25.254.10:80;

}

location /web {

proxy_pass http://172.25.254.20:80;

}

}
$root@Nginx \~$ # nginx -s reload

测试

$root@Nginx \~$ # curl 172.25.254.20/web/

172.25.254.20 web

$root@Nginx \~$ # curl 172.25.254.10

172.25.254.10

3.proxy_hide_header filed

$Administrator.DESKTOP-VJ307M3$ ➤ curl -v lee.timinglee.org

* Trying 172.25.254.100:80...

* TCP_NODELAY set

* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)

> GET / HTTP/1.1

> Host: lee.timinglee.org

> User-Agent: curl/7.65.0

> Accept: */*

>

* Mark bundle as not supporting multiuse

< HTTP/1.1 200 OK

< Server: nginx/1.28.1

< Date: Tue, 03 Feb 2026 06:31:03 GMT

< Content-Type: text/html; charset=UTF-8

< Content-Length: 14

< Connection: keep-alive

< Keep-Alive: timeout=100

< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT

< ETag: "e-649e570e8a49f" #可以看到ETAG信息

< Accept-Ranges: bytes

<

172.25.254.10

* Connection #0 to host lee.timinglee.org left intact

$root@Nginx \~$ # vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.timinglee.org;

location / {

proxy_pass http://172.25.254.10:80;

proxy_hide_header ETag;

}

location /web {

proxy_pass http://172.25.254.20:80;

}

}

$root@Nginx \~$ # nginx -s reload

测试

$Administrator.DESKTOP-VJ307M3$ ➤ curl -v lee.timinglee.org

* Trying 172.25.254.100:80...

* TCP_NODELAY set

* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)

> GET / HTTP/1.1

> Host: lee.timinglee.org

> User-Agent: curl/7.65.0

> Accept: */*

>

* Mark bundle as not supporting multiuse

< HTTP/1.1 200 OK

< Server: nginx/1.28.1

< Date: Tue, 03 Feb 2026 06:33:11 GMT

< Content-Type: text/html; charset=UTF-8

< Content-Length: 14

< Connection: keep-alive

< Keep-Alive: timeout=100

< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT

< Accept-Ranges: bytes

<

172.25.254.10

4.proxy_pass_header

$Administrator.DESKTOP-VJ307M3$ ➤ curl -v lee.timinglee.org

* Trying 172.25.254.100:80...

* TCP_NODELAY set

* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)

> GET / HTTP/1.1

> Host: lee.timinglee.org

> User-Agent: curl/7.65.0

> Accept: */*

>

* Mark bundle as not supporting multiuse

< HTTP/1.1 200 OK

< Server: nginx/1.28.1 #默认访问不透传server信息

< Date: Tue, 03 Feb 2026 06:35:35 GMT

< Content-Type: text/html; charset=UTF-8

< Content-Length: 14

< Connection: keep-alive

< Keep-Alive: timeout=100

< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT

< Accept-Ranges: bytes

<

172.25.254.10

* Connection #0 to host lee.timinglee.org left intact

$root@Nginx \~$ # vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.timinglee.org;

location / {

proxy_pass http://172.25.254.10:80;

proxy_pass_header Server;

}

location /web {

proxy_pass http://172.25.254.20:80;

}

}

$root@Nginx \~$ # nginx -s reload

Administrator.DESKTOP-VJ307M3] ➤ curl -v lee.timinglee.org

* Trying 172.25.254.100:80...

* TCP_NODELAY set

* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)

> GET / HTTP/1.1

> Host: lee.timinglee.org

> User-Agent: curl/7.65.0

> Accept: */*

>

* Mark bundle as not supporting multiuse

< HTTP/1.1 200 OK

< Date: Tue, 03 Feb 2026 06:37:25 GMT

< Content-Type: text/html; charset=UTF-8

< Content-Length: 14

< Connection: keep-alive

< Keep-Alive: timeout=100

< Server: Apache/2.4.62 (Red Hat Enterprise Linux) #透传结果

< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT

< Accept-Ranges: bytes

<

172.25.254.10

* Connection #0 to host lee.timinglee.org left intact

5.透传信息

$root@RS1 \~$ # vim /etc/httpd/conf/httpd.conf

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Forwarded-For}i\"" combined

$root@RS1 \~$ # systemctl restart httpd
$root@Nginx \~$ # vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 80;

server_name lee.timinglee.org;

location / {

proxy_pass http://172.25.254.10:80;

proxy_set_header X-Forwarded-For $remote_addr;

}

location /web {

proxy_pass http://172.25.254.20:80;

}
$root@Nginx \~$ # nginx -s reload

$Administrator.DESKTOP-VJ307M3$ ➤ curl lee.timinglee.org

172.25.254.10

$root@RS1 \~$ # cat /etc/httpd/logs/access_log

172.25.254.100 - - $03/Feb/2026:14:47:37 +0800$ "GET / HTTP/1.0" 200 14 "-" "curl/7.65.0" "172.25.254.1"

6.反向代理负载均衡

$root@Nginx \~$ # mkdir /usr/local/nginx/conf/upstream/

$root@Nginx \~$ # vim /usr/local/nginx/conf/nginx.conf

$root@Nginx \~$ # vim /usr/local/nginx/conf/upstream/loadbalance.conf

$root@Nginx \~$ # mkdir /webdir/timinglee.org/error/html -p

$root@Nginx \~$ # echo error > /webdir/timinglee.org/error/html/index.html

$root@Nginx \~$ # vim /usr/local/nginx/conf/conf.d/vhosts.conf

server {

listen 8888;

root /webdir/timinglee.org/error/html;

}

测试

$root@RS1+2 \~$ # systemctl stop httpd