在这种特殊情况下,我可以使用Nginx作为反向代理吗? [英] Can I use nginx as reverse proxy in this particular case?
问题描述
我需要知道是否可以使用Nginx作为反向代理来服务在不同的Raspberry Pi中托管的每个Web应用程序.
I need to know if it is possible to use Nginx as a reverse proxy to serve several web apps hosted each one in a different Raspberry Pi.
从图中可以看出,Raspberry将全部连接到非托管交换机,这是我打算安装nginx的第一个交换机,因此它可以用作反向代理,具体取决于互联网请求的网站.例如:wwww.site1.com,www.site2.www等
As it can be seen in the diagram, the Raspberries will be all connected to an unmanaged switch, the first switch I intend to install nginx so it could serve as reverse proxy depending on the website requested from the internet. Ex: wwww.site1.com, www.site2.www, etc
这可能吗? 我能否从连接到调制解调器而不是交换机的计算机上访问那些RPis?
Is this possible? Will I be able to access those RPis from a computer connected to the modem, not to the switch?
注意:调制解调器是wifi调制解调器,而交换机是不受管理的有线交换机.
Note: The modem is a wifi modem and the switch is an unmanaged wired switch.
很抱歉,我的绘画技巧很差,感谢您的帮助.在购买所有这些东西之前,我需要知道这种想法是否可行.
Apologies for my poor drawing skills, and thanks for any help. I need to know if this idea is possible before buying all this stuff.
推荐答案
我认为有可能,但是有一些要求:
I think, it is possible, but there are some requrements:
-
分配给调制解调器的静态外部IP;
static external IP assigned to Modem;
静态IP;
调制解调器上正确的转发规则.
correct forwarding rules on modem.
我的意思是,您需要转发所有如下请求:
I mean, you need forward all requests like the following:
调制解调器:80-> rp0:80
modem:80 -> rp0:80
调制解调器:443-> rp0:443
modem:443 -> rp0:443
在rp0上,端口可能与80和443不同,因此,请设置正确的规则,并在nginx配置中记录下来.
On rp0 ports may differ from 80 and 443, so, please, set up correct rules and note it in nginx config.
之后,在网站配置中设置上游或使用rp1-3的IP:
After that set up upstreams or use IP's of rp1-3 in websites configs:
upstream rp1 {
server 192.168.1.11:port;
}
upstream rp2 {
server 192.168.1.12:port;
}
upstream rp3 {
server 192.168.1.13:port;
}
用端口替换端口,该端口在适当的RPi上侦听. 网站配置将如下所示:
Replace port with port, which is listened on apropriate RPi. Website configs will be like the following:
server {
server_name site1.com www.site1.com ;
location / { proxy_pass http://rp1 ; }
}
server {
server_name site2.com www.site2.com ;
location / { proxy_pass http://rp2 ; }
}
添加您需要的任何参数. 另外,如果您要托管一些静态网站,最好的方法是将它们也放置在rp0上.
Add any params you need. Also, if you are going to host some static websites, the best way is too place them on rp0.
编辑1 工作配置示例:
server {
listen 80;
server_name site1.com www.site1.com ;
location / { rewrite ^ https://$host$request_uri permanent;}
}
server {
listen 443 ssl;
server_name site1.com www.site1.com;
ssl_certificate /etc/letsencrypt/live/site1/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://rp1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
port_in_redirect off;
proxy_redirect http://rp1/ /;
}
请注意,如果要使用Letsencrypt,最好的方法是在rp0上设置certbot(或其他).自动续订证书会更容易.另外,使用/etc/letsencrypt/live/site1/fullchain.pem . 为了使用多个SSL域,请确保安装Nginx支持SNI:
Please, note, if you are going to use Letsencrypt, the best way is to set up certbot (or smth else) on rp0. It will be easier to renew certs automatically. Also, use /etc/letsencrypt/live/site1/fullchain.pem . In order to use multiple SSL-domains, be sure that install nginx supports SNI:
# nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
这篇关于在这种特殊情况下,我可以使用Nginx作为反向代理吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!