1. http_proxy_module

1.1. proxy_buffering

  • Directives

    1. Syntax: proxy_buffering on|off ;
    2. Default: proxy_buffering on ;
    3. Context: http,server,location
  • Introduction

When buffering is enabled, nginx receives a response from the proxied server as soon as possible, saving it into the buffers set by the proxy_buffer_size and proxy_buffers directives. If the whole response does not fit into memory, a part of it can be saved to a temporary file on the disk. Writing to temporary files is controlled by the proxy_max_temp_file_size and proxy_temp_file_write_size directives.
When buffering is disabled, the response is passed to a client synchronously, immediately as it is received. Nginx will not try to read the whole response from the proxied server. The maximum size of the data that nginx can receive from the server at a time is set by the proxy_buffer_size directive.
Buffering can also be enabled or disabled by passing “yes” or “no” in the “X-Accel-Buffering” response header field. This capability can be disabled using the proxy_ignore_headers directive.

1.2. proxy_buffer_size

  • Directives

    1. Syntax: proxy_buffer_size size ;
    2. Default: proxy_buffer_size 4k|8k ;
    3. Context: http,server,location
  • Instroduction

Sets buffer size used for reading first part of the response(for single request) recived from the proxide server,it usually just response header.If the whole response size large than buffer,others parts will save in temporary files.
The default buffer size is equal to one memory page size that equal to proxy_buffers one page (usually 4k in linux platform).

1.3. Proxy_buffers

  • Directives

    1. Syntax: proxy_buffers number size ;
    2. Default: proxy_buffers 8 4k|8k ;
    3. Context: http,server,location
  • Instroduction

Sets the number and size of the buffers used for reading a response from proxied server,for a single connection.The default size is equal to one memory page size that can query by # getconf PAGESIZE command.

1.4. proxy_max_temp_file_size

  • Directives

    1. Syntax: proxy_max_temp_file_size size ;
    2. Default: proxy_max_temp_file_size 1024m ;
    3. Context: http,server,location
  • Instroduction

When buffering of responses from the proxied server is enabled, and the whole response does not fit into the buffersset by the proxy_buffer_size and proxy_buffers directives, a part of the response can be saved to a temporary file. This directive sets the maximum size of the temporary file. The size of data written to the temporary file at a time is set by the proxy_temp_file_write_size directive.
The zero value disables buffering of responses to temporary files.
This restriction does not apply to responses that will be cached(proxy_cache) or stored on disk(proxy_disk).

1.5. proxy_temp_file_write_size

  • Directives

    1. Syntax: proxy_temp_file_write_size size ;
    2. Default: proxy_temp_file_write_size 8k|16k ;
    3. Context: http,server,location
  • Instroduction

Limit size write to temporary file by single request.It default equal toproxy_buffer_size * 2.

1.6. proxy_busy_buffers_size

  • Directives

    1. Syntax: proxy_busy_buffers_size size ;
    2. Default: proxy_busy_buffers_size 8k|16k ;
    3. Context: http,server,location
  • Instroduction

When buffering of responses from the proxied server is enabled,if unsented responses size large to proxy_busy_buffers_size, nginx will send responses to client until unsented response size less thanproxy_busy_buffers_size.
In other word, if response not resived finish from proxied server,and unsend buffer size is large than proxy_busy_buffers_size, nginx will send response from buffers to client until unsend buffers less thanproxy_busy_buffers_size.The rest buffer size or temporary file size can use to cache other response from proxied server.
The default size is equal to proxy_buffer_size * 2.

1.7. proxy_set_header

  • Directives

    1. Syntax: proxy_set_header field value ;
    2. Default: proxy_set_header Host $proxy_host ;
    3. proxy_set_header Connection close ;
    4. Context: http,server,location
  • Instroduction

Allows redefining or appending fields to request header passed to proxied server.If current level doesn’t set the direcitives,if will inherite from previous level.
If you don’t want to change “Host” in request header,you need set : proxy_set_header Host $http_host; _But if $http_host is not present in request header,then nothing to do. In this case,you can set : _proxy_set_header Host $host ;
Notice: if the value of header field is an empty string,the field will not be passwd to proxied server,such as : proxy_set_header Accept-Encoding “” ;
In most case,proxied server need client IP used for write to log or limit access, such as:
proxy_set_header X-Real-IP $remote_addr ;
proxy_set_headerX-Forwarded-For $proxy_add_x_forwarded_for ;

1.8. proxy_connect_timeout

  • Directives

    1. Syntax: proxy_connect_timeout time;
    2. Default: proxy_connect_timeout 60s;
    3. Context: http, server, location
  • Instroduction

Defines a timeout for establishing a connection with a proxied server. It should be noted that this timeout cannot usually exceed 75 seconds.

1.9. proxy_read_timeout

  • Directives

    1. Syntax: proxy_read_timeout time;
    2. Default: proxy_read_timeout 60s;
    3. Context: http, server, location
  • Instroduction

Defines a timeout for reading a response from the proxied server. The timeout is set max time of only between two successive(连续的) read operations, not for the transmission of the whole response. If the proxied server does not transmit anything within this time, the connection is closed.

1.10. proxy_send_timeout

  • Directives

    1. Syntax: proxy_send_timeout time;
    2. Default: proxy_read_timeout 60s;
    3. Context: http, server, location
  • Instroduction

Defines a timeout for send a request to the proxied server. The timeout is set max time only between two successive send operations, not for the transmission of the whole request. If the proxied server does not transmit anything within this time, the connection is closed.

1.11. proxy_intercept_errors

  • Directives

    1. Syntax: proxy_intercept_errors on|off ;
    2. Default: proxy_intercept_errors off ;
    3. Context: http, server, location
  • Instroduction

When proxied server reponse header code equeal to or greate than 300,the server return error page by self or use proxied server error page.

2. Type Of Proxy

2.1. Forward Proxy

An ordinary forward proxy is an intermediate server that sits between the client and the orign server.In order to get content from origin server,the client sends a request to the proxy naming the origin server as the target.
The proxy server then requests the content from the origin server and returns it to the client.The client must be specially configured to use the forward proxy to access other sites.
In forward proxy,client know oragin server address,but it can’t access to oragin server,because it maybe restricted by a firewall.
Forward proxy is like VPN,so the client need specifies forward proxy server.

2.2. Reverse Proxy

The client makes ordinary requests for content in the namespace of the reverse proxy.The reverse proxy then decides where to send those requrests and returns the content as if it were itself the origin server.
Such as apache proxy active request to tomcat by httpd.

3. Example

3.1. Forward Proxy

Client Can’t connect baidu.com.

Server

Allow to connect baidu.com.

3.1.1. http proxy server

[root@centos-81 ~]# cat /etc/nginx/conf.d/localhost.conf

  1. server {
  2. listen 80;
  3. server_name localhost;
  4. resolver 114.114.114.114 223.5.5.5 ;
  5. location / {
  6. proxy_pass $scheme://$http_host$request_uri ;
  7. }
  8. error_page 500 502 503 504 /50x.html;
  9. location = /50x.html {
  10. root /usr/share/nginx/html;
  11. }
  12. }

[root@centos-50 ~]# curl -I -x “http://192.168.11.129:80http://www.baidu.com

  1. HTTP/1.1 200 OK
  2. Server: nginx/1.14.2
  3. Date: Fri, 04 Jan 2019 13:37:37 GMT
  4. Content-Type: text/html
  5. Content-Length: 277
  6. Connection: keep-alive
  7. Accept-Ranges: bytes
  8. Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
  9. Etag: "575e1f60-115"
  10. Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT
  11. Pragma: no-cache

[root@centos-50 ~]# curl -I -x “http://192.168.11.129:80https://www.baidu.com

  1. HTTP/1.1 400 Bad Request
  2. Server: nginx/1.14.2
  3. Date: Fri, 04 Jan 2019 13:37:31 GMT
  4. Content-Type: text/html
  5. Content-Length: 173
  6. Connection: close
  7. curl: (56) Received HTTP code 400 from proxy after CONNECT

3.1.1. https proxy server

Coming soon.

3.2. Reverse Proxy

3.2.1. Nginx Configuration

[root@centos-81 ~]# cat /etc/nginx/conf.d/localhost.conf

  1. server {
  2. listen 80;
  3. server_name localhost;
  4. location / {
  5. root /usr/share/nginx/html ;
  6. index index.html index.htm ;
  7. }
  8. location /reverse {
  9. proxy_pass http://192.168.1.50 ;
  10. # proxy_buffering on ;
  11. proxy_buffers 16 4k ;
  12. # proxy_buffer_size 4k ;
  13. # proxy_busy_buffers_size 8k ;
  14. # proxy_max_temp_file_size 2048 ;
  15. # proxy_temp_file_write_size 8k ;
  16. proxy_connect_timeout 15 ;
  17. proxy_read_timeout 30 ;
  18. proxy_send_timeout 20 ;
  19. # proxy_set_header Host $proxy_host ;
  20. # proxy_set_header Connection close ;
  21. proxy_set_header X-Real-IP $remote_addr ;
  22. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
  23. }
  24. error_page 500 502 503 504 /50x.html;
  25. location = /50x.html {
  26. root /usr/share/nginx/html;
  27. }
  28. }

[root@centos-50 ~]# vim /etc/nginx/nginx.conf

  1. ......
  2. log_format main '$http_x_real_ip - $remote_user [$time_local] "$request" '
  3. '$status $body_bytes_sent "$http_referer" '
  4. '"$http_user_agent" "$http_x_forwarded_for"';
  5. access_log /var/log/nginx/access.log main;
  6. ......

3.2.2. Test

Access http://192.168.1.81/reverse by chrome browser(192.168.1.1).
[root@centos-50 html]# tail -f /var/log/nginx/access.log

  1. ......
  2. 192.168.1.1 - - [21/Nov/2018:07:41:54 +0800] "GET /reverse/ HTTP/1.0" 200 158 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "192.168.1.1"
  3. 192.168.1.1 - - [21/Nov/2018:07:41:59 +0800] "GET /reverse/ HTTP/1.0" 200 158 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" "192.168.1.1"