CentOS7下搭建nginx反向代理服务器使得外网可以二级域名访问内网应用

创建nginx的本地yum源

[root@localhost ~]# yum list |grep nginx
No package nginx available.
[root@localhost ~]# //给跪了，什么鬼，怎么没有nginx的rpm？算了，直接自己手动配一个官网repo吧
[root@localhost ~]# //访问nginx官网，进入dowload页面，翻到底部的Pre-Build Package，选stable version
---------------------------
To set up the yum repository for RHEL/CentOS, create the file named /etc/yum.repos.d/nginx.repo with the following contents:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/OS/OSRELEASE/$basearch/
gpgcheck=0
enabled=1
Replace “OS” with “rhel” or “centos”, depending on the distribution used, and “OSRELEASE” with “5”, “6”, or “7”, for 5.x, 6.x, or 7.x versions, respectively.
---------------------------
[root@localhost ~]#
[root@localhost ~]# //大意就是：创建/etc/yum.repos.d/nginx.repo文件，贴入模板内容，替换相应的系统和软件版本号
[root@localhost ~]#
[root@localhost ~]# cd /etc/yum.repos.d
[root@localhost yum.repos.d]# vi nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

:wq

以yum方式安装nginx

[root@localhost yum.repos.d]# yum list |grep nginx
nginx.x86_64                               1:1.10.0-1.el7.ngx          nginx
nginx-debug.x86_64                         1:1.8.0-1.el7.ngx           nginx
nginx-debuginfo.x86_64                     1:1.10.0-1.el7.ngx          nginx
nginx-module-geoip.x86_64                  1:1.10.0-1.el7.ngx          nginx
nginx-module-image-filter.x86_64           1:1.10.0-1.el7.ngx          nginx
nginx-module-njs.x86_64                    1:1.10.0.0.0.20160414.1c50334fbea6-1.el7.ngx
nginx
nginx-module-perl.x86_64                   1:1.10.0-1.el7.ngx          nginx
nginx-module-xslt.x86_64                   1:1.10.0-1.el7.ngx          nginx
nginx-nr-agent.noarch                      2.0.0-9.el7.ngx             nginx
pcp-pmda-nginx.x86_64                      3.10.6-2.el7                base

[root@localhost yum.repos.d]# yum install nginx.x86_64
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* rpmforge: mirrors.neusoft.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 1:1.10.0-1.el7.ngx will be installed
--> Finished Dependency Resolution

Dependencies Resolved

####################################################################################
Package                   Arch                       Version                                Repository                 Size
####################################################################################
Installing:
nginx                     x86_64                     1:1.10.0-1.el7.ngx                     nginx                     640 k

Transaction Summary
####################################################################################
Install  1 Package

Total download size: 640 k
Installed size: 2.1 M
Is this ok [y/d/N]: y
Downloading packages:
nginx-1.10.0-1.el7.ngx.x86_64.rpm                                                                     | 640 kB  00:00:18
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:nginx-1.10.0-1.el7.ngx.x86_64                                                                           1/1
----------------------------------------------------------------------

Thanks for using nginx!

Please find the official documentation for nginx here:
* http://nginx.org/en/docs/ 
Commercial subscriptions for nginx are available on:
* http://nginx.com/products/ 
----------------------------------------------------------------------
Verifying  : 1:nginx-1.10.0-1.el7.ngx.x86_64                                                                                                         1/1

Installed:
nginx.x86_64 1:1.10.0-1.el7.ngx

Complete!
[root@localhost yum.repos.d]# nginx -v
nginx version: nginx/1.10.0

[root@localhost yum.repos.d]# service nginx start
Redirecting to /bin/systemctl start  nginx.service
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2016-05-10 10:19:20 CST; 3s ago
Docs: http://nginx.org/en/docs/ Process: 29730 ExecStart#/usr/sbin/nginx -c /etc/nginx/nginx.conf (code#exited, status#0/SUCCESS)
Process: 29729 ExecStartPre#/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code#exited, status#0/SUCCESS)
Main PID: 29733 (nginx)
CGroup: /system.slice/nginx.service
├─29733 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
└─29734 nginx: worker process

May 10 10:19:20 localhost systemd[1]: Starting nginx - high performance web server...
May 10 10:19:20 localhost nginx[29729]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
May 10 10:19:20 localhost nginx[29729]: nginx: configuration file /etc/nginx/nginx.conf test is successful
May 10 10:19:20 localhost systemd[1]: Failed to read PID from file /run/nginx.pid: Invalid argument
May 10 10:19:20 localhost systemd[1]: Started nginx - high performance web server.

[root@localhost yum.repos.d]# curl localhost   //或者打开浏览器访问http://localhost/
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href#"http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href#"http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

ok安装好了，下面就是配置的事情

配置nginx为反向代理服务器

设置nginx开机自启动

[root@localhost yum.repos.d]# cd /etc/nginx
[root@localhost nginx]# chkconfig nginx on
Note: Forwarding request to 'systemctl enable nginx.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

设置nginx的反向代理规则

[root@localhost nginx]# vi nginx.conf
user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
worker_connections  1024;
}

http {
include       /etc/nginx/mime.types;
default_type  application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile        on;
#tcp_nopush     on;

keepalive_timeout  65;

gzip  on;

#modify@2016-05-10 11:30
include /etc/nginx/conf.d/reverse-proxy.conf;

client_max_body_size        50m;    #缓冲区代理缓冲用户端请求的最大字节数,可以理解为保存到本地再传给用户
client_body_buffer_size     256k;
client_header_timeout       3m;
client_body_timeout         3m;
send_timeout                3m;

proxy_connect_timeout       300s;   #nginx跟后端服务器连接超时时间(代理连接超时)
proxy_read_timeout          300s;   #连接成功后，后端服务器响应时间(代理接收超时)
proxy_send_timeout          300s;
proxy_buffer_size           64k;    #设置代理服务器（nginx）保存用户头信息的缓冲区大小
proxy_buffers       4       32k;    #proxy_buffers缓冲区，网页平均在32k以下的话，这样设置
proxy_busy_buffers_size     64k;    #高负荷下缓冲大小（proxy_buffers*2）
proxy_temp_file_write_size  64k;    #设定缓存文件夹大小，大于这个值，将从upstream服务器传递请求，而不缓冲到磁盘
proxy_ignore_client_abort   on;     #不允许代理端主动关闭连接

server {
listen          80;
server_name     localhost;
location / {
root html;
index       index.html index.htm;
}
error_page      500 502 503 504 /50x.html;
location # /50x.html {
root html;
}
}
#modification is done!

}

:wq

[root@localhost nginx]# cd conf.d/
[root@localhost conf.d]# vi reverse-proxy.conf
## wiki.myweb.org -> http://10.1.1.230:8013 server
{
listen 80;
server_name         wiki.myweb.org;
location / {
proxy_redirect  off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.1.1.230:8013; }
access_log /var/log/nginx/wiki_access.log;
}

## zentao.myweb.org/zentao -> http://10.1.1.240:49017/zentao server
{
listen 80;
server_name         zentao.myweb.org;
location / {
proxy_redirect  off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.1.1.240:49017; }
access_log /var/log/nginx/zentao_access.log;
}

## trac.myweb.org -> http://10.1.1.240:8000/ server
{
listen 80;
server_name         trac.myweb.org;
location / {
proxy_redirect  off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.1.1.240:8000; }
access_log /var/log/nginx/trac_access.log;
}

## kb2.myweb.org -> http://10.1.1.230:8080/ server
{
listen 80;
server_name         kb2.myweb.org;
location / {
proxy_redirect  off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.1.1.230:8080; }
access_log /var/log/nginx/iphmk_admin_kb2_access.log;
}

:wq
[root@localhost conf.d]# service start nginx

最后一步

因为我们nginx的反向代理服务器是部署在10.1.1.230上，它本身也是内网服务器，所以需要在路由器上配一个路由转发规则：

所有从外网80端口进来的请求，都转发到nginx所在的服务器，由nginx来负责转发。

路由器设置：虚拟服务器
WAN口        wan1
WAN端口       80      常用服务：  DNS(53)
LAN端口       80
内网IP      10.1.1.230
协议：     全部

ok，大公告成～

本文参考以下博文来实现部署：

/article/1475908.html （考虑做window的测试）

http://www.ttlsa.com/nginx/use-nginx-proxy/

/article/3693387.html

http://blog.csdn.net/xshalk/article/details/51313101 （后续我也要做证书授权的说）

后续的改进

我这种代理配置，看着不怎么美观，我记得有更优美的配置方式的，等悠闲的时候，可以继续优化。

【重要补充：】

对了，还忘记了交代：还需要一个自己的域名（myweb.org），才可以这样去使用二级域名来解析内网应用。

如果没有，可以申请阿里云服务，然后在路由器上，来绑定内网入口的网络服务商分配给动态IP（这步很简单，就是路由器上设置填上申请的动态域名就好了）

这里的工作，属于准备期工作，申请啊备案啊，还是很繁琐的，本次没有记录下来～