Nginx Proxy

发表于 | 分类于

Force to SSL

Parameter

  • $uri

这个变量指当前的请求URI,不包括任何参数(见$args)。这个变量反映任何内部重定向或index模块所做的修改。注意,这和$request_uri不同,因$request_uri是浏览器发起的不做任何修改的原生URI。不包括协议及主机名。例如:”/foo/bar.html”

  • $request_uri

这个变量等于从客户端发送来的原生请求URI,包括参数。它不可以进行修改。$uri变量反映的是重写后/改变的URI。不包括主机名。例如:”/foo/bar.php?arg=baz”

force to downlaod

  1. Nginx配置
1
2
3
4
location /proxy/ {
  proxy_pass http://domain/;
  add_header Content-disposition "attachment; filename=$1";
}
  1. 前端请求URL格式http://www.xxx.com/proxy/xxx/xxx?filename=file.png

Websockets

默认情况下,反向代理不会转发原始请求中的 Host 头部,如果需要转发,就需要加上这句:proxy_set_header Host $host;

除了上面提到的常用配置项,还有 proxy_redirect、proxy_set_body、proxy_limit_rate 等参数。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
user  root;
# 处理请求的进程数量,CPU核心数量决定
worker_processes 1;

events {
  use epoll;
  multi_accept on;
  worker_connections  65535;
}

error_log /var/log/nginx/error.log info;

http {
  include mime.types;
  # 默认文件类型
  default_type  application/octet-stream;
  sendfile on;
  server_tokens off;
  tcp_nopush on;
  tcp_nodelay on;
  gzip on;
  gzip_comp_level 4;
  gzip_min_length 1000;
  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
  server {
    listen 80;
    charset utf-8;
    
    # visit /ws/v1/xxx/xxx/ is ok
    # client visit ws://xx/xx
    location /ws/ {
      # 注意尾部不带/的区别
      proxy_pass http://ethex-trade-ps-service:8081/;
      proxy_http_version 1.1;
      proxy_read_timeout 86400;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";

      proxy_set_header    X-Real_IP   $remote_addr;
      proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header    Host    $host;
      proxy_set_header    Authorization   $http_authorization;
    }

    location / {
      proxy_pass http://api-gateway-service/;
      proxy_set_header    X-Real_IP   $remote_addr;
      proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header    Host    $host;
      proxy_set_header    Authorization   $http_authorization;
    }
  }
}

Client连接http://ip/ws/test/ -> 连接http://ethex-trade-ps-service:8081/test/

使用HTTPS代理无法连接Websockets

注:使用SSR方式连接没有问题