需求:
A城市---vpn---B城市(服務器所在地),C城市訪問B城市服務器的就需要走公網,所以B城市需要開通公網,但是B城市沒有公網ip分配給主機,計劃通過代理來上網。
方案確定為通過nginx代理,C城市----公網-------A城市---vpn-----B城市(服務器)。
1、給主機映射一個公網地址和端口。
2、域名解析
3、nginx代理配置
[root@wall nginx]$ cat nginx.conf
#basic
user nginx;
worker_processes 1;
pid /var/run/nginx.pid;
worker_rlimit_nofile 202400;
events
{
use epoll;
worker_connections 202400;
}
http
{
fastcgi_connect_timeout 300s;
fastcgi_send_timeout 300s;
fastcgi_read_timeout 300s;
include mime.types;
default_type application/octet-stream;
fastcgi_intercept_errors on;
charset utf-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
client_max_body_size 999m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
client_body_buffer_size 512k;
proxy_connect_timeout 5;
proxy_read_timeout 28400;
proxy_send_timeout 28400;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
gzip on;
#gzip_disable "msie6";
gzip_disable "MSIE [1-6]\.";
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#server_tag off;
#server_info off;
#server_tokens off;
###2012-12-19 change nginx logs
log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$http_host" "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $request_time $remote_addr';
##################################################################################################################
#加載vhost
include /etc/nginx/conf.d/*.conf;
}
[root@wall nginx]$ cd
conf.d/ fastcgi_params.default mime.types.default scgi_params.default
fastcgi.conf koi-utf nginx.conf uwsgi_params
fastcgi.conf.default koi-win nginx.conf.default uwsgi_params.default
fastcgi_params mime.types scgi_params win-utf
[root@wall nginx]$ cd conf.d/
[root@wall conf.d]$ ls
wall.conf
[root@wall conf.d]$ cat wall.conf
upstream wall {
server 192.168.1.2:80; (B城市服務器地址)
#check interval=3000 rise=2 fall=5 timeout=30000;
}
server {
listen 83;
server_name wall*;
location /
{
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto https;
proxy_pass http://wall;
expires off;
}
}