nginx reverse proxy your site

readme.md

nginx proxy your site 代理网站

port 80 http

/ -> www.abc.com

/en -> www.abc.com/en

/hc -> health check 健康检查

port 443 stream

run it

setup your conf.d and logs dir

then,

default.conf -> /conf.d/default.conf

g2g now

#!/bin/bash
pwd=`pwd`
docker run --name nginx \
  -p 80:80 \
  -p 443:443 \
  -v ${pwd}/nginx.conf:/etc/nginx/nginx.conf:ro \
  -v ${pwd}/conf.d:/etc/nginx/conf.d:ro \
  -v ${pwd}/logs:/var/log/nginx:rw \
  --restart=unless-stopped \
  -m 1G --memory-swap -1 \
  --cpuset-cpus="0,1" \
  -d nginx:1.17-alpine

optional log format to get real ip

log_format main '$http_x_forwarded_for - $remote_user [$time_local] '
                '"$request" $status $body_bytes_sent "$http_referer" '
                '"$http_user_agent"' ;

Find Google IP ranges

for LINE in `dig txt _cloud-netblocks.googleusercontent.com +short | tr " " "\n" | grep include | cut -f 2 -d :`

do

 dig txt $LINE +short

done | tr " " "\n" | grep ip4  | cut -f 2 -d : | sort -n

default.conf

server {
  listen 80;
  # server_name _;

  # ssl_protocols TLSv1.2;

  charset utf-8;

  location /hc {
      access_log /var/log/nginx/health-check-access.log;
      error_log /var/log/nginx/health-check-error.log warn;
      return 200 "I'am awake, I'am awake!\n";
  }

  # suppose www.abc.com will redirect to /en
  location /en {
    # try_files $uri $uri/ /index.php?$query_string;
    proxy_pass https://www.abc.com/en;
    proxy_redirect     default;

    proxy_pass_request_headers      on;
    # proxy_set_header X-Real-IP $remote_addr;
    # proxy_set_header Host $host;
    proxy_hide_header Host;
    proxy_set_header Host www.abc.com;
    #proxy_set_header User-Agent $http_user_agent;
    # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    # proxy_set_header X-NginX-Proxy true;
    proxy_hide_header Cache-Control;
    proxy_hide_header Expires;
    proxy_hide_header Set-Cookie;
    add_header Cache-Control "public, max-age=3600";
  }

  location / {
    # try_files $uri $uri/ /index.php?$query_string;
    proxy_pass https://www.abc.com;
    proxy_redirect     default;

    proxy_pass_request_headers      on;
    # proxy_set_header X-Real-IP $remote_addr;
    # proxy_set_header Host $host;
    proxy_hide_header Host;
    proxy_set_header Host www.abc.com;
    #proxy_set_header User-Agent $http_user_agent;
    # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    # proxy_set_header X-NginX-Proxy true;
    proxy_hide_header Cache-Control;
    proxy_hide_header Expires;
    proxy_hide_header Set-Cookie;
    add_header Cache-Control "public, max-age=3600";
  }

  # location = /favicon.ico { access_log off; log_not_found off; }
  # location = /robots.txt  { access_log off; log_not_found off; }

  access_log off;
  error_log /var/log/nginx/proxy.error.log error;

  # error_page 404 /index.php;

  location ~ /\.ht {
    deny all;
  }
}

nginx.conf

user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
    multi_accept on;
}

stream {
  server {
    listen 443;
    proxy_pass www.abc.com:443;
    proxy_buffer_size 16k;
  }
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  /var/log/nginx/access.log  main;
    access_log off;

    sendfile        on;
    tcp_nopush     on;
    tcp_nodelay    on;

    # Timeout for keep-alive connections. Server will close connections after this time.
    keepalive_timeout  30;

    # Number of requests a client can make over the keep-alive connection. This is set high for testing.
    keepalive_requests 100000;

    # allow the server to close the connection after a client stops responding. Frees up socket-associated memory.
    reset_timedout_connection on;

    # send the client a "request timed out" if the body is not loaded by this time. Default 60.
    client_body_timeout 10;
    client_header_timeout 10;

    # If the client stops reading data, free up the stale client connection after this much time. Default 60.
    send_timeout 2;

    gzip  on;
    gzip_static on;
    gzip_http_version   1.1;
    gzip_comp_level     5;
    gzip_min_length     256;
    gzip_buffers 4 32k;
    gzip_proxied        any;
    gzip_vary   on;
    gzip_types
      application/atom+xml
      application/javascript
      application/json
      application/rss+xml
      application/x-font-ttf
      application/x-web-app-manifest+json
      application/xhtml+xml
      application/xml
      font/opentype
      image/svg+xml
      image/x-icon
      text/css
      text/plain
      text/x-component;

    client_body_buffer_size 10K;
    client_header_buffer_size 1k;
    client_max_body_size 8m;
    large_client_header_buffers 4 16k;

    open_file_cache max=1000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    include /etc/nginx/conf.d/*.conf;
}