服务器的简单反代

啥是反代

反向代理
其中一个作用就是隐藏源服务器,比如你的服务器存储着大量的盗版数据,你就很有必要把你的DCMA ignore的主机给隐藏起来。当然顺带还可以做缓存相关啦,好处多多。。。

上游源服务器

server
{
listen 80;
server_name www.example.com;
index index.html index.htm index.php;
root /home/wwwroot/movie/public;
charset utf-8;
location / {
allow 2.3.4.5; //仅允许反代服务器过来获取数据
deny all;
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location ~ .*\.(js|css|png|jpg|ico)?$
{
allow 2.3.4.5;
deny all;
expires 12h;
}
error_page 404 /index.php;
sendfile off;
location ~ \.php$ {
allow 2.3.4.5;
deny all;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ /\.ht {
deny all;
}
access_log /home/wwwlogs/movie.log access;
error_log /home/wwwlogs/error_movie.log;
}

下游反代服务器

proxy_temp_path /var/www/temp 1 2;
proxy_cache_path /var/www/cache levels=1:2 keys_zone=one:100m inactive=1d max_size=10g;
upstream source_server_alias {
server 1.2.3.4 max_fails=3 fail_timeout=10s; # 上游IP地址
}
server {
listen 80;
server_name www.new-example.com; # 对用户访问的域名
# 采用一定的缓存策略
location / {
proxy_cache one;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 10m;
proxy_pass http://source_server_alias;
proxy_set_header Host "www.example.com"; # 带上源站域名访问(隐藏源服务器)
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_cache_key $host$request_uri;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; # 忽略上游提供的缓存头部,由反代服务器自行决定缓存逻辑
add_header X-Cache-Status $upstream_cache_status; # 显示缓存命中情况
expires 10m; 缓存过期时间
}
# 不缓存某些请求域,直接请求源站
location ^~ /dt/ {
proxy_pass http://source_server_alias;
proxy_set_header Host "www.example.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
}
location /resource/ {
proxy_cache one;
proxy_cache_valid 200 302 1d;
proxy_cache_valid 404 10m;
proxy_pass http://source_server_alias;
proxy_set_header Host "www.example.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_cache_key $host$request_uri;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache-Status $upstream_cache_status;
expires 1d;
}
# 图片相关的均缓存10天
location ~ .*\.(js|css|png|jpg|ico)?$ {
proxy_cache one;
proxy_cache_valid 200 302 10d;
proxy_cache_valid 404 10m;
proxy_pass http://source_server_alias;
proxy_set_header Host "www.example.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_cache_key $host$request_uri;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache-Status $upstream_cache_status;
expires 10d;
}
}