NGINX как прокси для APACHE

Установаливаем nginx:


#yum install nginx -y

#yum install nginx -y

После установки создаем дефолтный конфиг для проксирования всех запросов по дефолту (/etc/nginx/conf.d/default.conf):


#
# The default server
#
server {
listen 80;
server_name _;

location / {
proxy_pass http://192.168.0.xx:8080;
proxy_redirect http://192.168.0.xx:8080 /;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
}

# The default server

server {

listen 80;

server_name _;

location / {

proxy_pass http://192.168.0.xx:8080;

proxy_redirect http://192.168.0.xx:8080 /;

proxy_set_header Host $host:$server_port;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

}

Далее редактируем nginx.conf, где указываем наш виртуальный хост со всеми настройками проксирования:


# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

#max размер POST
client_max_body_size 50m;

proxy_read_timeout 300;

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
server_name mysite.ru www.mysite.ru;
listen 80;
set $root_path /data/www/mysite.ru/htdocs;
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
root $root_path;
access_log /data/www/httpd-logs/mysite.ru.access.log ;
error_page 404 = @fallback;
}
location / {
proxy_pass http://192.168.0.xx:8080;
proxy_redirect http://192.168.0.xx:8080/ /;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location ~* ^/(adminka|phpmyadmin)/ {
proxy_pass http://192.168.0.xx:8080;
proxy_redirect http://192.168.0.xx:8080/ /;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
location @fallback {
proxy_pass http://192.168.0.xx:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
}
}

# For more information on configuration, see:

# * Official English Documentation: http://nginx.org/en/docs/

# * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;

worker_processes 1;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

events {

worker_connections 1024;

}

http {

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

#max размер POST

client_max_body_size 50m;

proxy_read_timeout 300;

access_log /var/log/nginx/access.log main;

sendfile on;

tcp_nopush on;

tcp_nodelay on;

keepalive_timeout 65;

types_hash_max_size 2048;

include /etc/nginx/mime.types;

default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.

# See http://nginx.org/en/docs/ngx_core_module.html#include

# for more information.

include /etc/nginx/conf.d/*.conf;

server {

server_name mysite.ru www.mysite.ru;

listen 80;

set $root_path /data/www/mysite.ru/htdocs;

location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {

root $root_path;

access_log /data/www/httpd-logs/mysite.ru.access.log ;

error_page 404 = @fallback;

}

location / {

proxy_pass http://192.168.0.xx:8080;

proxy_redirect http://192.168.0.xx:8080/ /;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

}

location ~* ^/(adminka|phpmyadmin)/ {

proxy_pass http://192.168.0.xx:8080;

proxy_redirect http://192.168.0.xx:8080/ /;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

}

location @fallback {

proxy_pass http://192.168.0.xx:8080;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

}

Осталаось только решить проблему с корректной передачей ip-адресов от nginx апачу. На CentOS7 проблематично найти и установить mod-rpaf для апача, поэтому я использовал mod-remoteip. Он устанавливается с апачем и уже активирован. Нужно всего лишь добавить в конфиг апача две строчки (заголовок, который добавляет nginx и адрес прокси):


RemoteIPHeader X-Real-IP #заголовок в конфиге nginx
RemoteIPInternalProxy 192.168.0.xx #ip на котором работает nginx

RemoteIPHeader X-Real-IP #заголовок в конфиге nginx

RemoteIPInternalProxy 192.168.0.xx #ip на котором работает nginx

Есдинственная проблема с логами апача. Чтобы адрес клиента отображался корректно нужно %h заменить на %a:


CustomLog /var/log/httpd/mysite_access_log "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""

CustomLog /var/log/httpd/mysite_access_log "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""

Оставить комментарий