Nginx反向代理功能-添加头部报文信息

Nginx反向代理功能-添加头部报文信息

作者：尹正杰

版权声明：原创作品，谢绝转载！否则将追究法律责任。

一.添加头部报文的前提条件

　　nginx基于模块ngx_http_headers_module可以实现对头部报文添加指定的key与值，但前提功能是必须Nginx必须开启缓存功能。
关于如何开启缓存功能请参考我上一篇笔记:https://www.cnblogs.com/yinzhengjie/p/12100096.html。

　　博主推荐阅读:
　　　　https://nginx.org/en/docs/http/ngx_http_headers_module.html

二.配置Nginx添加自定义的头部报文

1>.修改Nginx的主配置文件

[root@node101.yinzhengjie.org.cn ~]# cat /yinzhengjie/softwares/nginx/conf/nginx.conf
worker_processes  4;
worker_cpu_affinity 00000001 00000010 00000100 00001000; 
 
events {
   worker_connections  100000;
   use epoll;
   accept_mutex on;
   multi_accept on; 
}
   
   http {
     include       mime.types;
       
     default_type  text/html;
    
     server_tokens off; 
      
     charset utf-8;
   
     log_format my_access_json '{"@timestamp":"$time_iso8601",' '"host":"$server_addr",' '"clientip":"$remote_addr",' '"size":$body_bytes_sent,' '"responsetime":$request_ti
me,' '"upstreamtime":"$upstream_response_time",' '"upstreamhost":"$upstream_addr",' '"http_host":"$host",' '"uri":"$uri",' '"domain":"$host",' '"xff":"$http_x_forwarded_for",' '"referer":"$http_referer",' '"tcp_xff":"$proxy_protocol_addr",' '"http_user_agent":"$http_user_agent",' '"status":"$status"}';   
    access_log logs/access_json.log my_access_json;
 
    #定义可用于proxy功能的缓存
    proxy_cache_path /yinzhengjie/data/web/nginx/proxycache levels=1:2:2 keys_zone=proxycache:512m inactive=10m max_size=1g;

    ssl_certificate /yinzhengjie/softwares/nginx/certs/www.yinzhengjie.org.cn.crt;
    ssl_certificate_key /yinzhengjie/softwares/nginx/certs/www.yinzhengjie.org.cn.key;
    ssl_session_cache shared:sslcache:20m;
    ssl_session_timeout 10m;
  
    include /yinzhengjie/softwares/nginx/conf.d/*.conf;
}
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# nginx -t
nginx: the configuration file /yinzhengjie/softwares/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /yinzhengjie/softwares/nginx/conf/nginx.conf test is successful
[root@node101.yinzhengjie.org.cn ~]# 

2>.修改Nginx的子配置文件

[root@node101.yinzhengjie.org.cn ~]# cat /yinzhengjie/softwares/nginx/conf.d/node101_yinzhengjie_org.cn.conf 
server {
    listen 80;
    listen 443 ssl;
    server_name node101.yinzhengjie.org.cn;
 
    access_log /yinzhengjie/softwares/nginx/logs/node101_yinzhengjie_org_cn_access.log my_access_json;
    error_log /yinzhengjie/softwares/nginx/logs/node101_yinzhengjie_org_cn_error.log;

    location / {
       root /yinzhengjie/data/web/nginx/static/cn;
       index index.html;

       valid_referers none blocked server_names *.baidu.com example.*  ~\.google\.;

       if ($invalid_referer) {
           return 403;
       }

       if ($http_user_agent ~ "ApacheBench|WebBench|TurnitinBot|Sougou web spider|Grid Server"){
           return 403;
       }
    }

    location = /favicon.ico {
       root /yinzhengjie/data/web/nginx/images/jd;
    }

    location /app01 {
        proxy_pass http://172.30.1.108/;
        proxy_connect_timeout 60s;
    }

    location /static {
        proxy_pass http://172.30.1.108;
        proxy_cache proxycache;
        proxy_cache_key $request_uri;
        proxy_cache_valid 200 302 301 10m;
        proxy_cache_valid any 5m;
        #调用Nginx的内置变量为Nginx的响应报文添加头部信息
        add_header X-Via $server_addr;
        add_header X-Cache $upstream_cache_status;
        add_header X-Accel $server_name;
    }
 
    location /image {
        proxy_pass http://172.30.1.108;
        proxy_hide_header ETag;
        proxy_set_header yinzhengjie_nginx_ip_forwarded $proxy_add_x_forwarded_for;
        
    }

    location /dynamic {
        proxy_pass http://172.30.1.108;
        proxy_set_header yinzhengjie_nginx_ip_forwarded $proxy_add_x_forwarded_for;
    }
}
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# nginx -t
nginx: the configuration file /yinzhengjie/softwares/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /yinzhengjie/softwares/nginx/conf/nginx.conf test is successful
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# 

3>.重新加载Nginx的配置文件

[root@node101.yinzhengjie.org.cn ~]# ps -ef | grep nginx | grep -v grep
root     21509     1  0 Dec26 ?        00:00:00 nginx: master process nginx
nginx    21782 21509  0 Dec26 ?        00:01:16 nginx: worker process
nginx    21783 21509  0 Dec26 ?        00:01:16 nginx: worker process
nginx    21784 21509  0 Dec26 ?        00:00:33 nginx: worker process
nginx    21785 21509  0 Dec26 ?        00:05:01 nginx: worker process
nginx    21786 21509  0 Dec26 ?        00:00:00 nginx: cache manager process
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# nginx -s reload
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# ps -ef | grep nginx | grep -v grep
root     21509     1  0 Dec26 ?        00:00:00 nginx: master process nginx
nginx    22571 21509 10 18:43 ?        00:00:00 nginx: worker process
nginx    22572 21509 10 18:43 ?        00:00:00 nginx: worker process
nginx    22573 21509  9 18:43 ?        00:00:00 nginx: worker process
nginx    22574 21509  9 18:43 ?        00:00:00 nginx: worker process
nginx    22575 21509  0 18:43 ?        00:00:00 nginx: cache manager process
[root@node101.yinzhengjie.org.cn ~]# 

三.验证头部信息是否添加成功

1>.客户端访问之前查看Nginx的缓存目录

[root@node101.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/web/nginx/proxycache/
total 0
[root@node101.yinzhengjie.org.cn ~]# 

2>.客户端第一次访问Nginx的文件未命中缓存

[root@node105.yinzhengjie.org.cn ~]# curl -I http://node101.yinzhengjie.org.cn/static/access.log
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 27 Dec 2019 10:46:41 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 348797
Connection: keep-alive
Last-Modified: Thu, 26 Dec 2019 09:00:16 GMT
ETag: "5527d-59a979b183760"
X-Via: 172.30.1.101
X-Cache: MISS　　　　　　　　　　　　　　　　　　#很明显，第一次访问时并没有命中访问的文件。
X-Accel: node101.yinzhengjie.org.cn
Accept-Ranges: bytes

[root@node105.yinzhengjie.org.cn ~]# 
[root@node105.yinzhengjie.org.cn ~]# 

3>.客户端访问后再一次查看Nginx的缓存目录

[root@node101.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/web/nginx/proxycache/
total 0
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/web/nginx/proxycache/　　　　　　　　　　　　#当有客户端访问时，在缓存目录就会有相应的缓存数据。
total 0
drwx------ 3 nginx nginx 16 Dec 27 18:46 4
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/web/nginx/proxycache/4/
total 0
drwx------ 3 nginx nginx 16 Dec 27 18:46 61
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/web/nginx/proxycache/4/61/
total 0
drwx------ 2 nginx nginx 46 Dec 27 18:46 8a
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/web/nginx/proxycache/4/61/8a/
total 344
-rw------- 1 nginx nginx 349426 Dec 27 18:46 8163c0ca4d4d0c1ec72229042cf8a614
[root@node101.yinzhengjie.org.cn ~]# 
[root@node101.yinzhengjie.org.cn ~]# 

4>.第二次访问相同的文件命中缓存

[root@node105.yinzhengjie.org.cn ~]# curl -I http://node101.yinzhengjie.org.cn/static/access.log
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 27 Dec 2019 10:48:46 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 348797
Connection: keep-alive
Last-Modified: Thu, 26 Dec 2019 09:00:16 GMT
ETag: "5527d-59a979b183760"
X-Via: 172.30.1.101
X-Cache: HIT　　　　　　　　　　　　　　　　　　　　#很明显，当客户端第二次访问时，会命中缓存。
X-Accel: node101.yinzhengjie.org.cn
Accept-Ranges: bytes

[root@node105.yinzhengjie.org.cn ~]# 
[root@node105.yinzhengjie.org.cn ~]# 

5>.使用浏览器访问同一个URL资源(http://node101.yinzhengjie.org.cn/static/access.log)，发现依旧是命中啦。