FAQ

Page Discussion Edit History

ChsHttpProxyModule

Revision as of 06:18, 26 October 2010 by Zhijianpeng (Talk)

(diff) 鈫 Older revision | Latest revision (diff) | Newer revision 鈫 (diff)

Contents

[edit] 姒傝

姝ゆā鍧楄兘浠g悊璇锋眰鍒板叾瀹冩湇鍔″櫒.

杩欐槸 HTTP/1.0 鐗堟湰鐨勪唬鐞,鏆傛椂鏃犳硶淇濇寔 keep-alive 鐨勮姹.(鍥犳,鍒板悗绔殑閾炬帴姣忔璇锋眰閮戒細鍒涘缓鍜屽叧闂)

Nginx 鍜屾祻瑙堝櫒浣跨敤 HTTP/1.1 杩涜瀵硅瘽锛岃岃窡鍚庡彴鏈嶅姟鍣ㄤ娇鐢 HTTP/1.0,鎵浠ュ畠鑳藉鐞嗘祻瑙堝櫒keep-alive鐨勮姹

Example:

location / {
  proxy_pass        http://localhost:8000;
  proxy_set_header  X-Real-IP  $remote_addr;
}

娉ㄦ剰涓鐐,褰撲娇鐢℉TTP PROXY 妯″潡鏃(鎴栬呯敋鑷虫槸浣跨敤FastCGI鏃),鐢ㄦ埛鐨勬暣涓姹備細鍦╪ginx涓紦鍐茬洿鑷充紶閫佺粰鍚庣琚唬鐞嗙殑鏈嶅姟鍣.鍥犳,涓婁紶杩涘害鐨勬祴绠楀氨浼氳繍浣滃緱涓嶆纭,濡傛灉瀹冧滑閫氳繃娴嬬畻鍚庣鏈嶅姟鍣ㄦ敹鍒扮殑鏁版嵁鏉ュ伐浣滅殑璇

[edit] 鎸囦护

[edit] proxy_buffer_size

syntax: proxy_buffer_size the_size

default: proxy_buffer_size 4k/8k

context: http, server, location

璇ユ寚浠よ缃紦鍐插尯澶у皬,浠庝唬鐞嗗悗绔湇鍔″櫒鍙栧緱鐨勭涓閮ㄥ垎鐨勫搷搴斿唴瀹,浼氭斁鍒拌繖閲.

灏忕殑鍝嶅簲header閫氬父浣嶄簬杩欓儴鍒嗗搷搴斿唴瀹归噷杈.

榛樿鏉ヨ,璇ョ紦鍐插尯澶у皬绛変簬鎸囦护 proxy_buffers鎵璁剧疆鐨;浣嗘槸,浣犲彲浠ユ妸瀹冭缃緱鏇村皬.

[edit] proxy_buffering

syntax: proxy_buffering on|off

default: proxy_buffering on

context: http, server, location

璇ユ寚浠ゅ紑鍚粠鍚庣琚唬鐞嗘湇鍔″櫒鐨勫搷搴斿唴瀹圭紦鍐.

濡傛灉缂撳啿鍖哄紑鍚,nginx鍋囧畾琚唬鐞嗙殑鍚庣鏈嶅姟鍣ㄤ細浠ユ渶蹇熷害鍝嶅簲,骞舵妸鍐呭淇濆瓨鍦ㄧ敱鎸囦护proxy_buffer_sizeproxy_buffers鎸囧畾鐨勭紦鍐插尯閲岃竟.

濡傛灉鍝嶅簲鍐呭鏃犳硶鏀惧湪鍐呭瓨閲岃竟,閭d箞閮ㄥ垎鍐呭浼氳鍐欏埌纾佺洏涓.

濡傛灉缂撳啿鍖鸿鍏抽棴浜,閭d箞鍝嶅簲鍐呭浼氭寜鐓ц幏鍙栧唴瀹圭殑澶氬皯绔嬪埢鍚屾浼犻佸埌瀹㈡埛绔

nginx涓嶅皾璇曡绠楄浠g悊鏈嶅姟鍣ㄦ暣涓搷搴斿唴瀹圭殑澶у皬,nginx鑳戒粠鏈嶅姟鍣ㄦ帴鍙楃殑鏈澶ф暟鎹,鏄敱鎸囦护proxy_buffer_size鎸囧畾鐨.

瀵逛簬鍩轰簬闀胯疆璇(long-polling)鐨凜omet 搴旂敤鏉ヨ,鍏抽棴 proxy_buffering 鏄噸瑕佺殑,涓嶇劧寮傛鍝嶅簲灏嗚缂撳瓨瀵艰嚧Comet鏃犳硶宸ヤ綔


Template:Anchor

[edit] proxy_buffers

璇硶: proxy_buffers the_number is_size;

榛樿鍊: proxy_buffers 8 4k/8k;

涓婁笅鏂: http, server, location

璇ユ寚浠よ缃紦鍐插尯鐨勫ぇ灏忓拰鏁伴噺,浠庤浠g悊鐨勫悗绔湇鍔″櫒鍙栧緱鐨勫搷搴斿唴瀹,浼氭斁缃埌杩欓噷. 榛樿鎯呭喌涓,涓涓紦鍐插尯鐨勫ぇ灏忕瓑浜庡唴瀛橀〉闈㈠ぇ灏,鍙兘鏄4K涔熷彲鑳芥槸8K,杩欏彇鍐充簬骞冲彴

Template:Anchor

[edit] proxy_busy_buffers_size

璇硶: proxy_busy_buffers_size size;

榛樿鍊: proxy_busy_buffers_size proxy_buffer_size * 2;

涓婁笅鏂: http, server, location, if

TODO: Description.

[edit] proxy_cache

syntax: proxy_cache zone_name;

default: None

context: http, server, location 璇ユ寚浠よ缃紦瀛樺尯鐨勫悕瀛,涓涓紦瀛樺尯鑳界敤鍦ㄤ笉鍚岀殑浣嶇疆.

0.7.48鐗堟湰寮濮嬮伒浠庡悗绔湇鍔″櫒鐨 "Expires", "Cache-Control: no-cache", and "Cache-Control: max-age=XXX" 鍝嶅簲header 0.7.66鐗堟湰寮濮嬮伒浠"private" 鍜 "no-store" 鍝嶅簲header nginx 缂撳瓨涓嶅鐞 "Vary" headers.

涓轰繚璇佺浜轰俊鎭笉浼氭棤鎰忎腑琚紦瀛樺苟鍙戠粰鎵鏈夌敤鎴,鍚庣鏈嶅姟鍣ㄥ彲浠ヨ缃 "no-cache" 鎴栬 "max-age=0",鎴栬卲roxy_cache_key涓繀椤诲寘鍚敤鎴疯瘑鍒俊鎭(姣斿$cookie_xxx).浣嗘槸,鍦╬roxy_cache_key涓娇鐢╟ookie浼氶檷浣庡叕鍏辩紦瀛樺璞$殑鍛戒腑鐜,鎵浠ヤ笉鍚岀殑location浣跨敤涓嶅悓鐨 proxy_cache_key鍊,鍦ㄥ尯鍒嗙浜哄拰鍏叡缂撳瓨瀵硅薄鏃舵槸蹇呰鐨

缂撳瓨鍙栧喅浜 proxy buffers,濡傛灉proxy_buffers 璁句负off,灏嗘棤娉曚娇鐢╬roxy_cache.

[edit] proxy_cache_key

syntax: proxy_cache_key line;

default: $scheme$proxy_host$request_uri;

context: http, server, location 璇ユ寚浠ゆ寚瀹氫簡灏嗗寘鍚紦瀛樼殑鍝簺淇℃伅,姣斿

  proxy_cache_key "$host$request_uri$cookie_user";

娉ㄦ剰鍦ㄩ粯璁ょ殑鎯呭喌涓,hostname灏嗕笉鍖呭惈鍦╟ache key閲岃竟,濡傛灉浣犵殑绔欑偣浣跨敤涓嶅悓鐨刲ocation鏈嶅姟瀛愬煙鍚,浣犻渶瑕佸寘鍚玥ostname 姣斿,淇敼cache key褰㈠:

  proxy_cache_key "$scheme$host$request_uri";

[edit] proxy_cache_path

syntax: proxy_cache_path path [levels=number] keys_zone=zone_name:zone_size [inactive=time] [max_size=size];

default: None

context: http 璇ユ寚浠よ缃紦瀛樼殑璺緞鍜屽叾浠栫紦瀛樺弬鏁.缂撳瓨鐨勬暟鎹繚瀛樺湪鏂囦欢閲岃竟.缂撳啿涓殑key 鏄唬鐞 URL鐨凪D5鍊,瀹冧笌鏂囦欢鍚嶅搴 Levels 璁剧疆浜嗗瓙鐩綍鐨勪釜鏁,姣斿:

  proxy_cache_path  /data/nginx/cache  levels=1:2   keys_zone=one:10m;

鏂囦欢鍚嶈濡: /data/nginx/cache/c/29/b7f54b2df7773722d382f4809d65029c

浣犺兘浣跨敤1鍜2鐨勪换浣曠粍鍚堟潵琛ㄧずlevel鐨勬牸寮:X, X:X, or X:X:X e.g.: "2", "2:2", "1:1:2".鏈澶3灞

鎵鏈塧ctive鐨刱ey鍜屽厓鏁版嵁閮戒繚瀛樺湪鍏变韩鍐呭瓨涓-缂撳瓨鍖哄煙(zone),鍦keys_zone涓畾涔夎缂撳瓨鍖哄煙鐨勫悕瀛楀拰澶у皬.

娉ㄦ剰:姣忎釜瀹氫箟鐨刏ONE閮介渶瑕佹湁鍞竴鐨勮矾寰,姣斿:

proxy_cache_path  /data/nginx/cache/one    levels=1      keys_zone=one:10m;
proxy_cache_path  /data/nginx/cache/two    levels=2:2    keys_zone=two:100m;
proxy_cache_path  /data/nginx/cache/three  levels=1:1:2  keys_zone=three:1000m;

濡傛灉缂撳瓨涓殑鏁版嵁鍦inactive涓畾涔夌殑鏃堕棿鍐呮病鏈夎璁块棶,灏嗚鍒犻櫎.榛樿璁剧疆inactive鏄10鍒嗛挓

鐗规畩杩涚▼"cache manager"鎺у埗浜嗙鐩樼紦瀛樼殑澶у皬,璇ュ弬鏁板湪max_size瀹氫箟,褰撹秴鍑哄ぇ灏忓悗鏈灏戜娇鐢ㄧ殑鏁版嵁灏嗚鍒犻櫎

ZONE蹇呴』鏍规嵁椤甸潰鐨勫灏戞潵璁剧疆鍚堥傜殑澶у皬.涓涓〉闈(鏂囦欢)鐨勫厓鏁版嵁澶у皬鍙栧喅浜庢搷浣滅郴缁,褰撳墠 FreeBSD/i386 鏄64 bytes, FreeBSD/amd64鏄128 bytes 褰揨ONE婊′簡浠ュ悗,key灏嗘寜鐓RU绠楁硶鏉ユ浛鎹

proxy_cache_path 鍜 proxy_temp_path 浣嶄簬鐩稿悓鐨勬枃浠剁郴缁(same filesyetem,not mount piont).

[edit] proxy_cache_methods

syntax: proxy_cache_methods [GET HEAD POST];

default: proxy_cache_methods GET HEAD;

context: http, server, location

GET/HEAD is syntax sugar,浣鏃犳硶閫氳繃濡備笅璁剧疆鏉ョ鐢℅ET/HEAD璇锋眰

[edit] proxy_cache_min_uses

syntax: proxy_cache_min_uses the_number;

default: proxy_cache_min_uses 1;

context: http, server, location

璇锋眰鐨勬渶灏忔鏁,瓒呰繃杩欎釜娆℃暟鍚庣鍝嶅簲鎵嶅皢琚紦瀛樿捣鏉


[edit] proxy_cache_valid

syntax: proxy_cache_valid reply_code [reply_code ...] time;

default: None

context: http, server, location 璇ユ寚浠よ缃笉鍚屽搷搴旂殑缂撳瓨鏃堕棿,渚嬪:

  proxy_cache_valid  200 302  10m;
  proxy_cache_valid  404      1m;

涓200鍜302鍝嶅簲璁剧疆10鍒嗛挓鐨勭紦瀛樻椂闂,404涓1鍒嗛挓

濡傛灉浠呰缃湁鏁堟椂闂

閭d箞鍙湁200 301 302鍝嶅簲浼氳缂撳瓨

褰撶劧,浣犺兘浣跨敤鍙傛暟"any"鏉ヨ缃紦瀛樻墍鏈夌殑鍝嶅簲

Note: you must set this option for any persistent caching to occur.

[edit] proxy_cache_use_stale

syntax: proxy_cache_use_stale [error|timeout|updating|invalid_header|http_500|http_502|http_503|http_504|http_404|off] [...];

default: proxy_cache_use_stale off;

context: http, server, location

璇ユ寚浠ゅ憡璇塶ginx浠涔堟椂鍊欐彁渚涙棫鐨勭紦瀛.璇ユ寚浠ょ殑鍙傛暟绫讳技浜巔roxy_next_upstream鍜'updating缁撳悎'鐨勬儏鍐

浣犺兘璁剧疆'updating'鍙傛暟鏉ラ槻姝ache stampedes (褰撳涓繘绋嬪皾璇曞悓鏃舵洿鏂板悓涓涓紦瀛)鐨勬儏鍐.杩欏皢浣垮悓涓涓紦瀛樺彧鏈変竴涓繘绋嬭兘鏇存柊.

Template:Anchor

[edit] proxy_connect_timeout

璇硶: proxy_connect_timeout timeout_in_seconds

涓婁笅鏂: http, server, location 璇ュ弬鏁板畾涔変簡璺熶唬鐞嗘湇鍔″櫒杩炴帴鐨勮秴鏃舵椂闂,蹇呴』鐣欐剰杩欎釜time out鏃堕棿涓嶈兘瓒呰繃75绉. 杩欏苟涓嶆槸鏈嶅姟鍣ㄥ紑濮嬭繑鍥為〉闈㈢殑鏃堕棿(杩欐槸proxy_read_timeout鐨勫畾涔).濡傛灉upstream鏈嶅姟鍣ㄥ湪绾,浣嗘槸鎸傛(姣斿,瀹冩殏鏃舵病鏈夎冻澶熺殑杩涚▼鍘诲鐞嗕綘鐨勮姹,鍏堟斁鍦ㄨ繛鎺ユ睜閲岃竟绛夊緟澶勭悊),杩欐椂杩欎釜鍙傛暟鏃犳硶甯姪浣,鍥犱负璺熸湇鍔″櫒鐨勮繛鎺ュ凡缁忓缓绔嬩簡.

Template:Anchor

[edit] proxy_headers_hash_bucket_size

璇硶: proxy_headers_hash_bucket_size size;

榛樿鍊: proxy_headers_hash_bucket_size 64;

涓婁笅鏂: http, server, location, if

This directive sets the bucket size of the hashtable.
杩欏彇鍐充簬浣爃eader鍚嶇О鐨勯暱搴,濡傛灉浣犵殑header鍚嶇О瓒呰繃64涓瓧绗,璇峰鍔犺鍙傛暟


Template:Anchor

[edit] proxy_headers_hash_max_size

璇硶: proxy_headers_hash_max_size size;

榛樿鍊: proxy_headers_hash_max_size 512;

涓婁笅鏂: http, server, location, if

This directive sets the maximum size of the hashtable.
瀹冧笉鑳芥瘮浣犲悗绔湇鍔″櫒鐨刪eader鎬绘暟灏.


Template:Anchor

[edit] proxy_hide_header

璇硶: proxy_hide_header the_header

涓婁笅鏂: http, server, location

nginx does not transfer the "Date", "Server", "X-Pad" and "X-Accel-..." header lines from the proxied server response. The proxy_hide_header directive allows to hide some additional header lines. But if on the contrary the header lines must be passed, then the proxy_pass_header should be used. For example if you want to hide the MS-OfficeWebserver and the AspNet-Version:

location / {
: proxy_hide_header X-AspNet-Version;
: proxy_hide_header MicrosoftOfficeWebServer;
}

This directive can also be very helpful when using X-Accel-Redirect. For example, you may have one set of backend servers which return the headers for a file download, which includes X-Accel-Redirect to the actual file, as well as the correct Content-Type. However, the Redirect URL points to a filleserver which hosts the actual file you wish to serve, and that server sends its own Content-Type header, which might be incorrect, and overrides the header sent by the original backend servers. You can avoid this by adding the proxy_hide_header directive to the fileserver. Example:

location / {
: proxy_pass http://backend_servers;
}

location /files/ {
: proxy_pass http://fileserver;
: proxy_hide_header Content-Type;
}

Template:Anchor

[edit] proxy_ignore_client_abort

璇硶: proxy_ignore_client_abort [ on|off ]

榛樿鍊: proxy_ignore_client_abort off

涓婁笅鏂: http, server, location

Available since: 0.3.36
濡傛灉瀹㈡埛绔柇寮璇锋眰,涔熶繚鎸佸悗绔殑涓嬭浇


Template:Anchor

[edit] proxy_intercept_errors

璇硶: proxy_intercept_errors [ on|off ]

榛樿鍊: proxy_intercept_errors off

涓婁笅鏂: http, server, location

This directive decides if nginx will intercept responses with HTTP status codes of 400 and higher.

By default all responses will be sent as-is from the proxied server.

If you set this to on then nginx will intercept status codes that are explicitly handled by an error_page directive. Responses with status codes that do not match an error_page directive will be sent as-is from the proxied server.

Template:Anchor

[edit] proxy_max_temp_file_size

璇硶: proxy_max_temp_file_size size;

榛樿鍊: proxy_max_temp_file_size 1G;

涓婁笅鏂: http, server, location, if

Available since: 0.1.8
TODO: Description.

Template:Anchor

[edit] proxy_method

璇硶: proxy_method [method]

榛樿鍊: None

涓婁笅鏂: http, server, location

Used to allow the proxying of additional HTTP methods.

Note: at this time, Nginx only appears to allow a single instance of this directive and it only accepts a single argument (method) so it's not clear how useful this might be for proxying to things like Subversion.

Example:

: proxy_method PROPFIND;


Template:Anchor

[edit] proxy_next_upstream

璇硶: proxy_next_upstream [error|timeout|invalid_header|http_500|http_503|http_404|off]

榛樿鍊: proxy_next_upstream error timeout

涓婁笅鏂: http, server, location

Directive determines, in what cases the request will be transmitted to the next server:

  • error 鈥 an error has occurred while connecting to the server, sending a request to it, or reading its response;
  • timeout 鈥 occurred timeout during the connection with the server, transfer the requst or while reading response from the server;
  • invalid_header 鈥 server returned a empty or incorrect answer;
  • http_500 鈥 server returned answer with code 500
  • http_503 鈥 server returned answer with code 503
  • http_404 鈥 server returned answer with code 404
  • off 鈥 it forbids the request transfer to the next server

Transferring the request to the next server is only possible when nothing has been transferred to the client -- that is, if an error or timeout arises in the middle of the transfer of the request, then it is not possible to retry the current request on a different server.


Template:Anchor

[edit] proxy_pass

璇硶: proxy_pass URL

榛樿鍊: no

涓婁笅鏂: location, if in location

This directive sets the port or socket, on which listens to the proxied server, and the URI, to which will be reflected location.

Port can be indicated in the form of the name of hostname or address and port, for example,

proxy_pass http://localhost:8000/uri /;

and socket -- in the form of unix of socket:

proxy_pass http://unix:/tmp/backend.socket:/uri /;

Path is indicated after the word unix and is concluded between two colons.

With the transfer of request to server part URI, which corresponds to location, is substituted to URI, indicated in directive proxy_pass.

But there are two exceptions to this rule, when it is not possible to determine that replaced location:

  • if the location is assigned by regular expression;
  • if inside proxied location with the help of directive rewrite changes URI and with this configuration will be precisely processed request (break):
location  /name/ {
: rewrite      /name/([^/] +)  /users?name=$1  break;
: proxy_pass   http://127.0.0.1;
}

For these cases of URI it is transferred without the mapping.

Furthermore, it is possible to indicate so that URI demand it would be transferred in the same form, as it sent client, but not v in the processed form.

During the working:

  • two or by more slashes are converted into one slash: "//" -- "/";
  • references to the current directory are removed: "/./" -- "/";
  • references to the previous catalog are removed: "/dir /../" -- "/".

If on server it is necessary to transmit URI in the unprocessed form, then for this in directive proxy_pass it is necessary to indicate URL server without URI:

location  /some/path/ {
: proxy_pass   http://127.0.0.1;
}


Template:Anchor

[edit] proxy_pass_header

璇硶: proxy_pass_header the_name

涓婁笅鏂: http, server, location

This directive allows transferring header-lines forbidden for response.

For example:

location / {
: proxy_pass_header Server;
: proxy_pass_header X-MyHeader;
}

Template:Anchor

[edit] proxy_pass_request_body

璇硶: proxy_pass_request_body [ on | off ] ;

榛樿鍊: proxy_pass_request_body on;

涓婁笅鏂: http, server, location

Available since: 0.1.29
TODO: Description.

Template:Anchor

[edit] proxy_pass_request_headers

璇硶: proxy_pass_request_headers [ on | off ] ;

榛樿鍊: proxy_pass_request_headers on;

涓婁笅鏂: http, server, location

Available since: 0.1.29
TODO: Description.


Template:Anchor

[edit] proxy_redirect

璇硶: proxy_redirect [ default|off|redirect replacement ]

榛樿鍊: proxy_redirect default

涓婁笅鏂: http, server, location

This directive sets the text, which must be changed in response-header "Location" and "Refresh" in the response of the proxied server.

Let us suppose the proxied server returned line Location: http://localhost:8000/two/some/uri/.

The directive

    
proxy_redirect   http://localhost:8000/two/   http://frontend/one/;

will rewrite this line in the form Location: http://frontend/one/some/uri/.

In the replaceable line it is possible not to indicate the name of the server:

proxy_redirect http://localhost:8000/two/ /;

then the basic name of server and port is set, if it is different from 80.

The change by default, given by the parameter "default", uses the parameters of directives location and proxy_pass.

Therefore two following configurations are equivalent:

location /one/ {
: proxy_pass       http://upstream:port/two/;
: proxy_redirect   default;
}

location /one/ {
: proxy_pass       http://upstream:port/two/;
: proxy_redirect   http://upstream:port/two/   /one/;
}

In the replace line, it is possible to use some variables:

proxy_redirect   http://localhost:8000/    http://$host:$server_port/;

This directive repeated some times:

: proxy_redirect   default;
: proxy_redirect   http://localhost:8000/    /;
: proxy_redirect   http://www.example.com/   /;

The parameter off forbids all proxy_redirect directives at this level:

: proxy_redirect   off;
: proxy_redirect   default;
: proxy_redirect   http://localhost:8000/    /;
: proxy_redirect   http://www.example.com/   /;

With the help of this directive it is possible to add the name of host for relative redirect, issued by the proxied server:

proxy_redirect   /   /;

Template:Anchor

[edit] proxy_read_timeout

璇硶: proxy_read_timeout the_time

榛樿鍊: proxy_read_timeout 60

涓婁笅鏂: http, server, location

This directive sets the read timeout for the response of the proxied server. It determines how long NGINX will wait to get the response to a request. The timeout is established not for entire response, but only between two operations of reading.

In contrast to [#proxy_connect_timeout proxy_connect_timeout] , this timeout will catch a server that puts you in it's connection pool but does not respond to you with anything beyond that. Be careful though not to set this too low, as your proxyserver might take a longer time to respond to requests on purpose (e.g. when serving you a report page that takes some time to compute). You are able though to have a different setting per location, which enables you to have a higher proxy_read_timeout for the report page's location.

If the proxied server nothing will communicate after this time, then nginx is shut connection.


Template:Anchor

[edit] proxy_redirect_errors

Deprecated. Use proxy_intercept_errors.

Template:Anchor

[edit] proxy_send_lowat

璇硶: proxy_send_lowat [ on | off ]

榛樿鍊: proxy_send_lowat off;

涓婁笅鏂: http, server, location, if

This directive set SO_SNDLOWAT.
This directive is only available on FreeBSD

Template:Anchor

[edit] proxy_send_timeout

璇硶: proxy_send_timeout time_in_seconds

榛樿鍊: proxy_send_timeout 60

涓婁笅鏂: http, server, location

This directive assigns timeout with the transfer of request to the proxy server. Time out is established not on entire transfer of request, but only between two operations of record. If after this time the proxy server will not take new data, then nginx is shut the connection

Template:Anchor

[edit] proxy_send_lowat

璇硶: proxy_set_body [ on | off ]

榛樿鍊: proxy_set_body off;

涓婁笅鏂: http, server, location, if

Available since: 0.3.10
TODO: Description.


Template:Anchor

[edit] proxy_set_header

璇硶: proxy_set_header header value

榛樿鍊: Host and Connection

涓婁笅鏂: http, server, location

This directive allows to redefine and to add some request header lines which will be transferred to the proxied server.

As the value it is possible to use a text, variables and their combination.

This directive is inherited from the previous level when at this level are not described their directives proxy_set_header.

By default only two lines will be redefined:

proxy_set_header Host $proxy_host;
proxy_set_header Connection Close;

The unchanged request-header "Host" can be transmitted like this:

proxy_set_header Host $http_host;

However, if this line is absent from the client request, then nothing will be transferred.

In this case it is better to use variable $host, it's value is equal to the name of server in the request-header "Host" or to the basic name of server, if there is no line:

proxy_set_header Host $host;

Furthermore, it is possible to transmit the name of server together with the port of the proxied server:

proxy_set_header Host $host:$proxy_port;

Template:Anchor

[edit] proxy_store

璇硶: proxy_store [on | off | path]

榛樿鍊: proxy_store off

涓婁笅鏂: http, server, location

This directive sets the path in which upstream files are stored. The parameter "on" preserves files in accordance with path specified in directives alias or root. The parameter "off" forbids storing. Furthermore, the name of the path can be clearly assigned with the aid of the line with the variables:

proxy_store   /data/www$original_uri;

The time of modification for the file will be set to the date of "Last-Modified" header in the response. To be able to safe files in this directory it is necessary that the path is under the directory with temporary files, given by directive proxy_temp_path for the data location.

This directive can be used for creating the local copies for dynamic output of the backend which is not very often changed, for example:

location /images/ {
: root                 /data/www;
: error_page           404 = /fetch$uri;
}

location /fetch {
: internal;

: proxy_pass           http://backend;
: proxy_store          on;
: proxy_store_access   user:rw  group:rw  all:r;
: proxy_temp_path      /data/temp;

: alias                /data/www;
}

To be clear proxy_store is not a cache, it's rather mirror on demand.

Template:Anchor

[edit] proxy_store_access

璇硶: proxy_store_access users:permissions [users:permission ...]

榛樿鍊: proxy_store_access user:rw

涓婁笅鏂: http, server, location

This directive assigns the permissions for the created files and directories, for example:

proxy_store_access  user:rw  group:rw  all:r;

If any rights for groups or all are assigned, then it is not necessary to assign rights for user:

proxy_store_access  group:rw  all:r;

Template:Anchor

[edit] proxy_temp_file_write_size

璇硶: proxy_temp_file_write_size size;

榛樿鍊: proxy_temp_file_write_size proxy_buffer_size * 2;

涓婁笅鏂: http, server, location, if

TODO: Description.

Template:Anchor

[edit] proxy_temp_path

璇硶: proxy_temp_path dir-path [ level1 [ level2 [ level3 ]  ;

榛樿鍊: $NGX_PREFIX/proxy_temp controlled by --http-proxy-temp-path at ./configure stage

涓婁笅鏂: http, server, location

This directive works like client_body_temp_path to specify a location to buffer large proxied requests to the filesystem.

Template:Anchor

[edit] proxy_upstream_fail_timeout

Changed in 0.5.0 to deprecated.
Please use the fail_timeout parameter of server Directive from the upstream module.

Template:Anchor

[edit] proxy_upstream_max_fails

Changed in 0.5.0 to deprecated.
Please use the max_fails parameter of server Directive from the upstream module.

[edit] Variables

In module ngx_http_proxy_module there are some built-in variables, which can be used for the creation of headers with the help of the proxy_set_header directive:

Template:Anchor $proxy_host:: the name of proxied host and port;

Template:Anchor $proxy_port:: the port of proxied host;

Template:Anchor $proxy_add_x_forwarded_for:: equivalent to client request-header "X-Forwarded-For" and to variable added to it through the comma

Template:Anchor $remote_addr:: But if there is no line "X-Forwarded-For" in the client request, then variable $proxy_add_x_forwarded_for is equal to variable $remote_addr.


[edit] References

Original Documentation

[edit] Questions

  • Is it possible to have the proxy use a client SSL certificate to communicate with the server being proxied? I am in the situation where I want to secure the proxy <-> application server connection. Another solution could be to use SSL only with a custom header checked at each connection in the application server, but doing it at the protocol level would be nicer.

  • NginxHttpProxyModule#preview 鍘熸枃