proxy internal vhost to web

# proxy internal vhost to web

---

## nginx反向代理内网域名转发

将nginx反向代理服务器的80映射到外网IP的8080，这样指向到公司外网IP的域名的HTTP请求就会发送到nginx反向代理服务器. 利用nginx反向代理将不同域名的请求转发给内网不同机器的端口，就起到了“根据域名自动转发到相应服务器的特定端口”的效果，而路由器的端口映射做到的只是“根据不同端口自动转发到相应服务器的特定端口”

# cat nginx.conf |grep -Ev "^#|^$"

```http
user  daemon;
worker_processes  2;
error_log  logs/error.log;
pid        logs/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  logs/access.log  main;
    include /usr/local/nginx/conf/vhost/proxy.conf;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    gzip  on;
    client_max_body_size 80m;
    client_body_buffer_size 256k; 
    client_header_timeout 3m;
    client_body_timeout 3m;
    send_timeout 3m;
    proxy_connect_timeout 300s;
    proxy_read_timeout 300s;
    proxy_send_timeout 300s;
    proxy_buffer_size 64k;
    proxy_buffers 4 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
    proxy_ignore_client_abort on;
}
```

## proxy vhost

# cat ./vhost/proxy.conf

```http
# ####################################### #

server {

listen       8080;
            server_name 172.31.42.202;

location / {
                proxy_redirect off;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://172.31.42.222:3000;
            }

error_page 500 502 503 504 /50x.html;

access_log logs/172.31.42.222_access.log;
    }

# ####################################### #
```

---

## proxy back band

ttp请求最后都是由反向代理服务器传递给后段的机器，所以后端的机器原来的访问日志记录的访问IP都是反向代理服务器的IP。 要想能记录真实IP，需要修改后端机器的日志格式，这里假设后端也是一台nginx： 在后端配置文件里面加入这一段即可：

```http

log_format access '$HTTP_X_REAL_IP - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $HTTP_X_Forwarded_For';

access_log logs/access.log access;

log_format access '$HTTP_X_REAL_IP - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $HTTP_X_Forwarded_For';

access_log logs/access.log access;
再看看原来日志的格式长什么样：

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;
        location /git/ {

proxy_pass http://git_server/;

#proxy_redirect off;
                proxy_set_header Host $host:$server_port;
                proxy_redirect http://git_server/ http://$host:$server_port/git/;
                #proxy_redirect http://10.81.238.6 http://172.31.42.230;
                #proxy_redirect http://172.31.42.230 http://172.31.42.230:3000;
                client_max_body_size 100M;
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Accept_Encoding Deflate;
                proxy_set_header X-Frame-Options SAMEORIGIN;

sub_filter_once off;
                sub_filter_types *;
                sub_filter '172.31.42.230:3000' '10.81.238.6';
                sub_filter '172.31.42.230:10022' '10.81.238.6:10022';

}

```