A proxy server is a go-between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate back-end server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.
Common uses for a reverse proxy server include:
Load balancing – A reverse proxy server can act as a “traffic cop,” sitting in front of your back-end servers and distributing client requests across a group of servers in a manner that maximizes speed and capacity utilization while ensuring no server is overloaded, which can degrade performance. If a server goes down, the load balancer redirects traffic to the remaining online servers.
Web acceleration – Reverse proxies can compress inbound and outbound data, as well as cache commonly requested content, both of which speed up the flow of traffic between clients and servers. They can also perform additional tasks such as SSL encryption to take load off of your web servers, thereby boosting their performance.
Security and anonymity – By intercepting requests headed for your back-end servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locater or URL regardless of the structure of your local area network.
Using Nginx as reverse HTTP proxy is not hard to configure. A very basic reverse proxy setup might look like this:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://example.com/;
}
In this example all requests received by Nginx, depending on the configuration of the server parameters in /etc/nginx/nginx.conf, are forwarded to an HTTP server running on localhost and listening on port 8000. The Nginx configuration file looks like this:
server {
listen 80;
root /var/www/;
index index.php index.html index.htm;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://localhost:8070;
}
}
The line starting with location ~ /\.ht is added to prevent Nginx of displaying the content of Apache's .htaccess files. The try_files line is used to attempt to serve whatever page the visitor requests. If nginx is unable, then the file is passed to the proxy.
For PHP support Nginx relies on a PHP fast-cgi spawner. Preferable is php-fpm which can be found at http://php-fpm.org. It has some unique features like adaptive process spawning and statistics and has the ability to start workers with different uid/gid/chroot/environment and different php.ini. The safe_mode can be replaced using this feature.
You can add the content below to nginx.conf. A better practice is to put the contents in a file and include this file into the main configuration file of Nginx. Create a file, for example php.conf and include the next line at the end of the Nginx main configuration file:
include php.conf;
The content of php.conf :
location ~ \.php {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
}
Common uses for a reverse proxy server include:
Load balancing – A reverse proxy server can act as a “traffic cop,” sitting in front of your back-end servers and distributing client requests across a group of servers in a manner that maximizes speed and capacity utilization while ensuring no server is overloaded, which can degrade performance. If a server goes down, the load balancer redirects traffic to the remaining online servers.
Web acceleration – Reverse proxies can compress inbound and outbound data, as well as cache commonly requested content, both of which speed up the flow of traffic between clients and servers. They can also perform additional tasks such as SSL encryption to take load off of your web servers, thereby boosting their performance.
Security and anonymity – By intercepting requests headed for your back-end servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locater or URL regardless of the structure of your local area network.
Using Nginx as reverse HTTP proxy is not hard to configure. A very basic reverse proxy setup might look like this:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://example.com/;
}
In this example all requests received by Nginx, depending on the configuration of the server parameters in /etc/nginx/nginx.conf, are forwarded to an HTTP server running on localhost and listening on port 8000. The Nginx configuration file looks like this:
server {
listen 80;
root /var/www/;
index index.php index.html index.htm;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://localhost:8070;
}
}
The line starting with location ~ /\.ht is added to prevent Nginx of displaying the content of Apache's .htaccess files. The try_files line is used to attempt to serve whatever page the visitor requests. If nginx is unable, then the file is passed to the proxy.
For PHP support Nginx relies on a PHP fast-cgi spawner. Preferable is php-fpm which can be found at http://php-fpm.org. It has some unique features like adaptive process spawning and statistics and has the ability to start workers with different uid/gid/chroot/environment and different php.ini. The safe_mode can be replaced using this feature.
You can add the content below to nginx.conf. A better practice is to put the contents in a file and include this file into the main configuration file of Nginx. Create a file, for example php.conf and include the next line at the end of the Nginx main configuration file:
include php.conf;
The content of php.conf :
location ~ \.php {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
}
No comments:
Post a Comment