# 反向代理 Apache
nginx.conf
server
{
listen 80;
server_name www.sui.cn lucky.sui.cn;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
httpd.conf
#在httpd.conf中 添加 (/etc/httpd/conf/httpd.conf) <virtualhost *:8080> ServerName www.sui.cn ServerAlias www.sui.cn lucky.sui.cn DocumentRoot /www/one DirectoryIndex index.php index.html <Directory /www/one> Options +Includes +FollowSymLinks -Indexes AllowOverride All Order Deny,Allow Allow from All </Directory> </virtualhost>
通过域名反向代理:
upstream myapp { # server www.sui6666.com:8888 weight=1; # 应用服务器1 # server 121.65.111.236:8888 weight=3; server www.test.com; } server { listen 80; server_name sui1.lucky.com; location / { proxy_pass http://myapp; proxy_set_header Host www.test.com; } }
proxy_pass http://www.test.com;
nginx会把 www.test.com;转换成IP, 跟用IP直接访问网站的效果一样. 当网站设置了禁用IP访问或一个IP有多个网站时, 访问就会出错.
这时候就要设置 proxy_set_header的Host:
proxy_set_header Host www.test.com;;
这样才能通过域名解析到具体的网站, nginx反向代理同一ip多nginx反向代理同一ip多个域名,给header加上host就可以了个域名,给header加上host就可以了
反向代理gitlab
nginx.conf
server { listen 80; server_name git.sui.net; location / { proxy_pass http://127.0.0.1:8080; } }
gitlab 修改默认ssh端口为2222 ,使用git修改默认的ssh端口号(vim ~/.ssh/config)
Host git.sui.net HostName git.sui.net User 28456049@qq.com port 2222 IdentityFile ~/.ssh/git.sui.net_rsa
# 反向搭理wss
upstream wss_svr { server 127.0.0.1:2346 weight=1; #这里可以是多个服务端IP(分多行),设置权重就可以实现负载均衡了(websocket 服务的端口,swoole,nodejs.go服务的websocket都可以) } server { server_name www.sui.com; root /tmmee/sad.cn/public; listen 443 ssl; ssl_certificate /etc/fullchain.pem; ssl_certificate_key /etc/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_stapling on; ssl_stapling_verify on; add_header Strict-Transport-Security max-age=15768000; # websocket 代理 location /ws { proxy_redirect off; proxy_pass http://wss_svr; proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location / { index index.php index.html index.htm; } location ~ ^(.+.php)(.*)$ { fastcgi_pass 127.0.0.1:9000; fastcgi_split_path_info ^(.+.php)(.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; include fastcgi_params; } }
websocket 地址: var wsUrl = "wss://www.sui.com/ws";