Appearance
反向代理实战案例
本节提供多个反向代理的实际应用案例。
案例1:前端+后端分离
架构说明
Nginx
├── / → 前端静态文件
└── /api → 后端API服务配置文件
nginx
server {
listen 80;
server_name www.example.com;
root /var/www/frontend;
index index.html;
# 前端静态文件
location / {
try_files $uri $uri/ /index.html;
# 静态资源缓存
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 30d;
add_header Cache-Control "public";
}
}
# 后端API
location /api/ {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
}
}案例2:多服务网关
架构说明
Nginx
├── /api/user → 用户服务
├── /api/order → 订单服务
├── /api/product → 产品服务
└── /static → 静态资源服务配置文件
nginx
upstream user_service {
server 192.168.1.10:8080;
server 192.168.1.11:8080;
keepalive 32;
}
upstream order_service {
server 192.168.1.20:8080;
server 192.168.1.21:8080;
keepalive 32;
}
upstream product_service {
server 192.168.1.30:8080;
server 192.168.1.31:8080;
keepalive 32;
}
upstream static_service {
server 192.168.1.40:8080;
keepalive 32;
}
server {
listen 80;
server_name gateway.example.com;
# 用户服务
location /api/user/ {
proxy_pass http://user_service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
# 订单服务
location /api/order/ {
proxy_pass http://order_service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
# 产品服务
location /api/product/ {
proxy_pass http://product_service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
# 静态资源
location /static/ {
proxy_pass http://static_service/;
proxy_cache my_cache;
proxy_cache_valid 200 60m;
proxy_cache_key "$scheme$request_method$host$request_uri";
add_header X-Cache-Status $upstream_cache_status;
}
}案例3:微服务架构
架构说明
Nginx (API网关)
├── /auth → 认证服务
├── /users → 用户服务
├── /orders → 订单服务
├── /products → 产品服务
└── /notifications → 通知服务配置文件
nginx
upstream auth_service {
server 192.168.1.10:8080;
server 192.168.1.11:8080;
keepalive 32;
}
upstream user_service {
server 192.168.1.20:8080;
server 192.168.1.21:8080;
keepalive 32;
}
upstream order_service {
server 192.168.1.30:8080;
server 192.168.1.31:8080;
keepalive 32;
}
upstream product_service {
server 192.168.1.40:8080;
server 192.168.1.41:8080;
keepalive 32;
}
upstream notification_service {
server 192.168.1.50:8080;
server 192.168.1.51:8080;
keepalive 32;
}
server {
listen 80;
server_name api.example.com;
# CORS配置
add_header 'Access-Control-Allow-Origin' 'https://www.example.com' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
# OPTIONS请求
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://www.example.com';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
# 认证服务
location /auth/ {
proxy_pass http://auth_service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
# 用户服务
location /users/ {
proxy_pass http://user_service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
# 订单服务
location /orders/ {
proxy_pass http://order_service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
# 产品服务
location /products/ {
proxy_pass http://product_service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
# 通知服务
location /notifications/ {
proxy_pass http://notification_service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}案例4:CDN回源
架构说明
CDN边缘节点 → Nginx回源服务器 → 后端源站配置文件
nginx
upstream origin {
server 192.168.1.10:8080;
server 192.168.1.11:8080;
keepalive 32;
}
server {
listen 80;
server_name cdn.example.com;
# 静态资源
location ~* \.(jpg|jpeg|png|gif|webp|svg|css|js|woff|woff2|ttf|otf|eot)$ {
proxy_pass http://origin;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 缓存配置
proxy_cache my_cache;
proxy_cache_valid 200 7d;
proxy_cache_valid 404 1m;
proxy_cache_key "$scheme$request_method$host$request_uri";
add_header X-Cache-Status $upstream_cache_status;
# 长期缓存
expires 30d;
add_header Cache-Control "public, immutable";
}
# HTML文件
location ~* \.html$ {
proxy_pass http://origin;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 短期缓存
proxy_cache my_cache;
proxy_cache_valid 200 1h;
proxy_cache_key "$scheme$request_method$host$request_uri";
add_header X-Cache-Status $upstream_cache_status;
expires 1h;
add_header Cache-Control "public";
}
}案例5:WebSocket代理
架构说明
客户端 → Nginx → WebSocket服务器配置文件
nginx
upstream websocket_backend {
server 192.168.1.10:8080;
server 192.168.1.11:8080;
}
server {
listen 80;
server_name ws.example.com;
location /ws/ {
proxy_pass http://websocket_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 长连接超时
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
}案例6:GRPC代理
架构说明
客户端 → Nginx → GRPC服务器配置文件
nginx
upstream grpc_backend {
server 192.168.1.10:50051;
server 192.168.1.11:50051;
keepalive 32;
}
server {
listen 80 http2;
server_name grpc.example.com;
location / {
grpc_pass grpc://grpc_backend;
grpc_set_header Host $host;
grpc_set_header X-Real-IP $remote_addr;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 超时设置
grpc_connect_timeout 60s;
grpc_send_timeout 60s;
grpc_read_timeout 60s;
}
}总结
反向代理实战案例的关键点:
- 前后端分离:静态文件+API代理
- 多服务网关:统一入口,路由分发
- 微服务架构:API网关,CORS支持
- CDN回源:缓存优化,长期缓存
- WebSocket:长连接支持
- GRPC:HTTP/2支持
根据实际业务需求,选择合适的代理架构和配置。