Detailed explanation of the practical record of solving network isolation through Nginx
|
need Recently, we need to migrate Node online services, so we applied for two new online servers; After deploying the server, you need to verify whether the service is normal. The office environment and the online environment network are isolated and cannot be directly accessed; however, the online server can be accessed through the deployment server, and the office network can access the deployment machine; Therefore, you can configure a proxy on the deployment machine, request the deployment machine from the office environment, and then proxy the request to the online service to verify whether the service is normal. The entire network structure is shown in the figure below:
Nginx Installation download Download page: http://nginx.org/en/download.html Select the version and right-click to copy the link address # Download [work@40-10-14 opt]$ wget http://nginx.org/download/nginx-1.18.0.tar.gz # Unzip the file [work@40-10-14 opt]$ tar -xvf nginx-1.18.0.tar.gz Install # 1. Default installation: Enter the unzipped directory with root privileges and execute the following command to install [root@40-10-14 nginx-1.18.0]# ./configure && make && make install # 2. Specify the directory: Install to the specified /opt/nginx directory [work@40-10-14 opt]$ mkdir /opt/nginx [work@40-10-14 nginx-1.18.0]$ ./configure --prefix=/opt/nginx && make && mae install The default installation will report the following error if you do not have root permissions mkdir: cannot create directory `/usr/local/nginx': Permission denied make[1]: *** [install] Error 1 make[1]: Leaving directory `/opt/nginx-1.18.0' make: *** [install] Error 2 After the default installation, check the installation directory of nginx and you can see that it is installed in the /usr/local/nginx directory [root@40-10-14 opt]# whereis nginx nginx: /usr/local/nginx 1. It is recommended to install using the specified directory method. If you switch to root permissions to install, subsequent modifications to the config file also require root permissions Add soft link Add a soft link to make the nginx command globally accessible, so you don't have to switch to the installation directory every time you run it # Add soft link [root@40-10-14 sbin]# ln -s /opt/nginx/sbin/nginx /usr/local/bin/ # Check the version [root@40-10-14 sbin]# nginx -v nginx version: nginx/1.18.0 Common commands
Force stop: # View the Linux process id [root@40-10-14 ~]# ps -ef | grep nginx nobody 45198 1 0 16:12 ? 00:00:00 nginx: worker process root 51261 50692 0 17:00 pts/0 00:00:00 grep nginx # Close the process [root@40-10-14 ~]# kill 45198 # The previous process has been closed [root@40-10-14 ~]# ps -ef | grep nginx root 51277 50692 0 17:00 pts/0 00:00:00 grep nginx Configuring the Proxy To configure request forwarding between the two machines, edit the nginx/conf/nginx.conf file in the nginx installation directory.
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# The request needs to be forwarded to the following two machines, with traffic equally divided; specify the IP and port upstream zpserver {
server xx.xx.xx.22:10001;
server xx.xx.xx.23:10001;
}
server {
# The nginx service port is 80
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
# Only requests to the /user root path are forwarded location /user {
root html;
index index.html index.htm;
proxy_pass http://zpserver;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
#root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
#include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
#root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
#root html;
# index index.html index.htm;
# }
#}
} Note: After modifying the nginx configuration file, you need to run nginx -s reload to make it take effect verify Since many online services require login, you need to use domain name to access them instead of IP, because cookies are bound to domain names. The solution to this problem is very simple. Just configure the local host. #IP is the Nginx server IP xx.xx.xx.14 xxx.daojia.com With the above configuration, you can indirectly access the online service through Nginx on the deployment machine by requesting xxx.daojia.com on the local browser, so as to test whether the service is correct in the intranet; after the service is normal, you can cut the online traffic over. This is the end of this article about the detailed record of network isolation practice through Nginx. For more relevant Nginx network isolation content, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future! You may also be interested in:
|
<<: React method of displaying data in pages
>>: Analysis of MySQL cumulative aggregation principle and usage examples
Recommend
Detailed explanation of how to use Docker to build a simple Java development and compilation environment
There are many versions of the Java language. In ...
Detailed explanation of virtual DOM and diff algorithm in react
The role of virtual DOM First of all, we need to ...
How to configure Linux to use LDAP user authentication
I am using LDAP user management implemented in Ce...
Mybatis mysql delete in operation can only delete the first data method
Bugs As shown in the figure, I started to copy th...
CSS selects the first child element under the parent element (:first-child)
Preface I recently used :first-child in a project...
Native js drag and drop function to create a slider example code
Drag and drop is a common function in the front e...
Detailed usage of Vue timer
This article example shares the specific code of ...
Nginx try_files directive usage examples
Nginx's configuration syntax is flexible and ...
How to implement Ajax concurrent request control based on JS
Table of contents Preface Ajax serial and paralle...
How to solve the abnormal error ERROR: 2002 in mysql
Recently, an error occurred while starting MySQL....
Solution to mysql error code 1064
If the words in the sql statement conflict with t...
Summary of Linux user groups and permissions
User Groups In Linux, every user must belong to a...
How to implement mobile web page size adaptation
I finally finished the project at hand, and the m...
Detailed explanation of referential integrity in SQL (one-to-one, one-to-many, many-to-many)
1. Referential Integrity Referential integrity re...
Detailed explanation of achieving high availability of eureka through docker and docker-compose
Recently, new projects have used springcloud and ...