Nginx反向代理及反向代理负载均衡

1.反向代理实验环境

#172.25.254.10 RS1 172.25.254.20 RS2

root@RSX \~\]# dnf install httpd -y \[root@RSX \~\]# systemctl enable --now httpd \[root@RSX \~\]# echo 172.25.254.20 \> /var/www/html/index.html

在主机中测试

root@Nginx \~\]# curl 172.25.254.10 172.25.254.10 \[root@Nginx \~\]# curl 172.25.254.20 172.25.254.20

2.简单的代理方法

root@RS2 \~\]# mkdir /var/www/html/web \[root@RS2 \~\]# echo 172.25.254.20 web \> /var/www/html/web/index.html \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; location / { proxy_pass http://172.25.254.10:80; } location /web { proxy_pass http://172.25.254.20:80; } } \[root@Nginx \~\]# nginx -s reload

测试

root@Nginx \~\]# curl 172.25.254.20/web/ 172.25.254.20 web \[root@Nginx \~\]# curl 172.25.254.10 172.25.254.10

3.proxy_hide_header filed

Administrator.DESKTOP-VJ307M3\] ➤ curl -v lee.timinglee.org \* Trying 172.25.254.100:80... \* TCP_NODELAY set \* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0) \> GET / HTTP/1.1 \> Host: lee.timinglee.org \> User-Agent: curl/7.65.0 \> Accept: \*/\* \> \* Mark bundle as not supporting multiuse \< HTTP/1.1 200 OK \< Server: nginx/1.28.1 \< Date: Tue, 03 Feb 2026 06:31:03 GMT \< Content-Type: text/html; charset=UTF-8 \< Content-Length: 14 \< Connection: keep-alive \< Keep-Alive: timeout=100 \< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT \< ETag: "e-649e570e8a49f" #可以看到ETAG信息 \< Accept-Ranges: bytes \< 172.25.254.10 \* Connection #0 to host lee.timinglee.org left intact \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; location / { proxy_pass http://172.25.254.10:80; proxy_hide_header ETag; } location /web { proxy_pass http://172.25.254.20:80; } } \[root@Nginx \~\]# nginx -s reload

Administrator.DESKTOP-VJ307M3\] ➤ curl -v lee.timinglee.org \* Trying 172.25.254.100:80... \* TCP_NODELAY set \* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0) \> GET / HTTP/1.1 \> Host: lee.timinglee.org \> User-Agent: curl/7.65.0 \> Accept: \*/\* \> \* Mark bundle as not supporting multiuse \< HTTP/1.1 200 OK \< Server: nginx/1.28.1 \< Date: Tue, 03 Feb 2026 06:33:11 GMT \< Content-Type: text/html; charset=UTF-8 \< Content-Length: 14 \< Connection: keep-alive \< Keep-Alive: timeout=100 \< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT \< Accept-Ranges: bytes \< 172.25.254.10

4.proxy_pass_header

Administrator.DESKTOP-VJ307M3\] ➤ curl -v lee.timinglee.org \* Trying 172.25.254.100:80... \* TCP_NODELAY set \* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0) \> GET / HTTP/1.1 \> Host: lee.timinglee.org \> User-Agent: curl/7.65.0 \> Accept: \*/\* \> \* Mark bundle as not supporting multiuse \< HTTP/1.1 200 OK \< Server: nginx/1.28.1 #默认访问不透传server信息 \< Date: Tue, 03 Feb 2026 06:35:35 GMT \< Content-Type: text/html; charset=UTF-8 \< Content-Length: 14 \< Connection: keep-alive \< Keep-Alive: timeout=100 \< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT \< Accept-Ranges: bytes \< 172.25.254.10 \* Connection #0 to host lee.timinglee.org left intact \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; location / { proxy_pass http://172.25.254.10:80; proxy_pass_header Server; } location /web { proxy_pass http://172.25.254.20:80; } } \[root@Nginx \~\]# nginx -s reload Administrator.DESKTOP-VJ307M3\] ➤ curl -v lee.timinglee.org \* Trying 172.25.254.100:80... \* TCP_NODELAY set \* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0) \> GET / HTTP/1.1 \> Host: lee.timinglee.org \> User-Agent: curl/7.65.0 \> Accept: \*/\* \> \* Mark bundle as not supporting multiuse \< HTTP/1.1 200 OK \< Date: Tue, 03 Feb 2026 06:37:25 GMT \< Content-Type: text/html; charset=UTF-8 \< Content-Length: 14 \< Connection: keep-alive \< Keep-Alive: timeout=100 \< Server: Apache/2.4.62 (Red Hat Enterprise Linux) #透传结果 \< Last-Modified: Tue, 03 Feb 2026 06:20:50 GMT \< Accept-Ranges: bytes \< 172.25.254.10 \* Connection #0 to host lee.timinglee.org left intact

5.透传信息

root@RS1 \~\]# vim /etc/httpd/conf/httpd.conf LogFormat "%h %l %u %t \\"%r\\" %\>s %b \\"%{Referer}i\\" \\"%{User-Agent}i\\" \\"%{X-Forwarded-For}i\\"" combined \[root@RS1 \~\]# systemctl restart httpd \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 80; server_name lee.timinglee.org; location / { proxy_pass http://172.25.254.10:80; proxy_set_header X-Forwarded-For $remote_addr; } location /web { proxy_pass http://172.25.254.20:80; } \[root@Nginx \~\]# nginx -s reload \[Administrator.DESKTOP-VJ307M3\] ➤ curl lee.timinglee.org 172.25.254.10 \[root@RS1 \~\]# cat /etc/httpd/logs/access_log 172.25.254.100 - - \[03/Feb/2026:14:47:37 +0800\] "GET / HTTP/1.0" 200 14 "-" "curl/7.65.0" "172.25.254.1"

6.反向代理负载均衡

root@Nginx \~\]# mkdir /usr/local/nginx/conf/upstream/ \[root@Nginx \~\]# vim /usr/local/nginx/conf/nginx.conf

root@Nginx \~\]# vim /usr/local/nginx/conf/upstream/loadbalance.conf

root@Nginx \~\]# mkdir /webdir/timinglee.org/error/html -p \[root@Nginx \~\]# echo error \> /webdir/timinglee.org/error/html/index.html \[root@Nginx \~\]# vim /usr/local/nginx/conf/conf.d/vhosts.conf server { listen 8888; root /webdir/timinglee.org/error/html; }

测试

root@RS1+2 \~\]# systemctl stop httpd