Nginx proxy基本指令整理5

  categories:nginx  author:

原创文章,转载请指明出处并保留原文url地址

本文主要针对nginx的几个主要proxy指令做一个简单的整理,另外部分指令做了实际测试,本文具体包括如下指令:

proxy_send_timeout,proxy_set_body,proxy_set_header,proxy_ssl_session_reuse,proxy_store,proxy_store_access,proxy_temp_file_write_size,proxy_temp_path

27. proxy_send_timeout 

syntax:

proxy_send_timeout   time;

default:

proxy_send_timeout 60s;

context:

http, server, location

定义一个发送请求给被代理服务器数据的超时时间.超时时间仅仅是两次成功的写操作的间隔时间,但是不计算整个响应的传输时间.如果被代理服务器在这个时间内没有任何接收就关闭这个连接.

Nginx原文:

Sets a timeout for transmitting a request to the proxied server. A timeout is only set between two successive write operations, not for the transmission of the whole request. If a proxied server does not receive anything within this time, a connection is closed.

28. proxy_set_body

syntax:

proxy_set_body        value;

default:

context:

http, server, location

允许重新定义发送到被代理服务器请求的body. Body数据可以包括文本,变量或者他们的组合.

Nginx原文:

Allows to redefine request body passed to the proxied server. A value can contain text, variables, and their combination.

29. proxy_set_header 

syntax:

proxy_set_header      fieldvalue;

default:

proxy_set_header Host $proxy_host;

proxy_set_header Connection close;

context:

http, server, location

允许新定义或者追加一些新的请求头然后传递给后端被代理的服务器.这个头的数据值可以是文本,变量,或者他们的组合. 当且仅当当前级别的配置中没有 proxy_set_header 指令设置, 然后这些添加的请求可以从前一个级别中继承.默认情况下仅有两个域被重新定义.

proxy_set_header Host      $proxy_host;

proxy_set_header Connection close;

没有经过改变的请求头可以通过下面的方法进行传递

proxy_set_header Host       $http_host;

但是,如果该字段在客户端请求头不存在的,那么什么都不会被传递给被代理的服务器。在这种情况下,最好是使用$host变量 - 如果字段($http_host)不存在的,其值等于请求标头字段Host中的server name如果请求中Host也不存在, 则原始server name中的服务器名称:
proxy_set_header Host       $host;

此外,服务器名称可以和端口一起传递到被代理服务器:

proxy_set_header Host       $host:$proxy_port;

如果header字段的值是一个空字符串,那么这个字段将不会被传递给一个代理服务器:
proxy_set_header Accept-Encoding "";

Nginx原文:

Allows to redefine or append fields to the request header passed to the proxied server. A value can contain text, variables, and their combination. These directives are inherited from the previous level if and only if there are no proxy_set_header directives defined on the current level. By default, only two fields are redefined:

proxy_set_header Host      $proxy_host;

proxy_set_header Connection close;

An unchanged “Host” request header field can be passed like this:

proxy_set_header Host       $http_host;

However, if this field is not present in a client request header then nothing will be passed. In such a case it is better to use the $host variable – its value equals the server name in the “Host” request header field, or the primary server name if this field is not present:

proxy_set_header Host       $host;

In addition, a server name can be passed together with a port of the proxied server:

proxy_set_header Host       $host:$proxy_port;

If the value of a header field is an empty string then this field will not be passed to a proxied server:

proxy_set_header Accept-Encoding "";

30. proxy_ssl_session_reuse 

syntax:

proxy_ssl_session_reuse       on | off;

default:

proxy_ssl_session_reuse on;

context:

http, server, location

nginx同被代理服务器一起工作时确定是否一个ssl会话可以被重用.如果错误信息为“SSL3_GET_FINISHED的错误出现在日志中,请尽量关闭重用功能

Nginx原文:

Determines whether SSL sessions can be reused when working with the proxied server. If the errors “SSL3_GET_FINISHED:digest check failed” appear in the logs, try to disable session reuse.

31. proxy_store

syntax:

proxy_store    on | off | string;

default:

proxy_store off;

context:

http, server, location

打开保存文件到磁盘上的功能. On参数要求保存文件的路径要同alias或者root指令指定相一致. Off参数关闭文件保存功能. 此外文件名可以显示的使用变量进行设置.

proxy_store /data/www$original_uri;

文件的修改时间根据接收到的相应中Last-Modified字段进行设置. 相应首先被写入一个临时文件中, 然后文件被重命名. 0.8.9开始临时文件及持久文件可以被放到不同的分区中了(不同的文件系统中),但是这也意味着这文件有被从一个文件系统拷贝到另外一个文件系统的情况,代替廉价的重命名操作等.因此建议临时文件及持久保留文件在同一个文件系统中.

这个指令可以用于创建本地的静态不变化的文件,例如:

location /images/ {

    root                   /data/www;

    open_file_cache_errors off;

    error_page             404 = /fetch$uri;

}

location /fetch/ {

    internal;

    proxy_pass             http://backend/;

    proxy_store            on;

    proxy_store_access     user:rw group:rw all:r;

    proxy_temp_path        /data/temp;

    alias                  /data/www/;

}

or like this:

location /images/ {

    root               /data/www;

    error_page         404 = @fetch;

}

location @fetch {

    internal;

    proxy_pass         http://backend;

    proxy_store        on;

    proxy_store_access user:rw group:rw all:r;

    proxy_temp_path    /data/temp;

    root               /data/www;

}


Nginx原文:

Enables saving of files to a disk. The on parameter saves files with paths corresponding to the directives alias or root. The off parameter disables saving of files. In addition, the file name can be set explicitly using the string with variables:

proxy_store /data/www$original_uri;

The modification time of files is set according to the received “Last-Modified” response header field. A response is first written to a temporary file, then a file is renamed. Starting from version 0.8.9 temporary files and the persistent store can be put on different file systems but be aware that in this case a file is copied across two file systems instead of the cheap rename operation. It is thus recommended that for any given location both saved files and a directory holding temporary files set by the proxy_temp_path directive are put on the same file system.

This directive can be used to create local copies of static unchangeable files, e.g.:

location /images/ {

    root                   /data/www;

    open_file_cache_errors off;

    error_page             404 = /fetch$uri;

}

location /fetch/ {

    internal;

    proxy_pass             http://backend/;

    proxy_store            on;

    proxy_store_access     user:rw group:rw all:r;

    proxy_temp_path        /data/temp;

    alias                  /data/www/;

}

or like this:

location /images/ {

    root               /data/www;

    error_page         404 = @fetch;

}

location @fetch {

    internal;

    proxy_pass         http://backend;

    proxy_store        on;

    proxy_store_access user:rw group:rw all:r;

    proxy_temp_path    /data/temp;

    root               /data/www;

}

32. proxy_store_access

syntax:

proxy_store_access   users:permissions …;

default:

proxy_store_access user:rw;

context:

http, server, location

为新创建的目录或者文件设置存取权限,例如:

proxy_store_access user:rw group:rw all:r;

如果任何组或所有访问权限指定用户权限可以省略:

proxy_store_access group:rw all:r;


Nginx原文:

Sets access permissions for newly created files and directories, e.g.:

proxy_store_access user:rw group:rw all:r;

If any group or all access permissions are specified then user permissions may be omitted:

proxy_store_access group:rw all:r;

33. proxy_temp_file_write_size

syntax:

proxy_temp_file_write_size   size;

default:

proxy_temp_file_write_size 8k|16k;

context:

http, server, location

当从被代理服务器的相应开启缓冲功能时, 限制一次写到临时文件的数据的数量. 默认的这个大小被proxy_buffer_size  proxy_buffers两个指令所限制. 最大的临时文件尺寸被proxy_max_temp_file_size 指令控制.

Nginx原文:

Limits the size of data written to a temporary file at a time, when buffering of responses from the proxied server to temporary files is enabled. By default, size is limited by two buffers set by the proxy_buffer_size and proxy_buffers directives. The maximum size of a temporary file is set by the proxy_max_temp_file_size directive.

34. proxy_temp_path

syntax:

proxy_temp_path  path[level1 [level2 [level3]]];

default:

proxy_temp_path proxy_temp;

context:

http, server, location

定义一个临时文件的存储目录用来存储来自方向代理服务器的数据。可以最终指定三级子目录结构来定义目录。例如下面配置

proxy_temp_path /spool/nginx/proxy_temp 1 2;

相应的一个临时文件为下面

/spool/nginx/proxy_temp/7/45/00000123457

Nginx原文:

Defines a directory for storing temporary files with data received from proxied servers. Up to three-level subdirectory hierarchy can be used underneath the specified directory. For example, in the following configuration

proxy_temp_path /spool/nginx/proxy_temp 1 2;

a temporary file might look like this:

/spool/nginx/proxy_temp/7/45/00000123457

内嵌(内置)变量

ngx_http_proxy_module模块支持使用内置变量在proxy_set_header指令的设置中进行组合使用,变量如下:

$ proxy_host
一个代理服务器的名称和端口;
$ PROXY_PORT
一个代理服务器的端口;
$ proxy_add_x_forwarded_for

客户端请求中“X-Forwarded-For” $remote_addr的值被追加到这个头的值中, 不同的值采用逗号分割。如果X-Forwarded-For没有出现在客户端的请求头中, 这个 $proxy_add_x_forwarded_for值就等于$remote_addr变量的值

Nginx原文:

Embedded Variables

The ngx_http_proxy_module module supports embedded variables that can be used to compose headers using the proxy_set_header directive:

$proxy_host

name and port of a proxied server;

$proxy_port

port of a proxied server;

$proxy_add_x_forwarded_for

the “X-Forwarded-For” client request header field with the $remote_addr variable appended to it, separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, the $proxy_add_x_forwarded_for variable is equal to the $remote_addr variable.



快乐成长 每天进步一点点      京ICP备18032580号-1