Detailed explanation of the practical record of solving network isolation through Nginx

need

Recently, we need to migrate Node online services, so we applied for two new online servers;

After deploying the server, you need to verify whether the service is normal. The office environment and the online environment network are isolated and cannot be directly accessed; however, the online server can be accessed through the deployment server, and the office network can access the deployment machine;

Therefore, you can configure a proxy on the deployment machine, request the deployment machine from the office environment, and then proxy the request to the online service to verify whether the service is normal.

The entire network structure is shown in the figure below:

Nginx Installation

download

Download page: http://nginx.org/en/download.html Select the version and right-click to copy the link address

# Download [work@40-10-14 opt]$ wget http://nginx.org/download/nginx-1.18.0.tar.gz
# Unzip the file [work@40-10-14 opt]$ tar -xvf nginx-1.18.0.tar.gz

Install

# 1. Default installation: Enter the unzipped directory with root privileges and execute the following command to install [root@40-10-14 nginx-1.18.0]# ./configure && make && make install

# 2. Specify the directory: Install to the specified /opt/nginx directory [work@40-10-14 opt]$ mkdir /opt/nginx
[work@40-10-14 nginx-1.18.0]$ ./configure --prefix=/opt/nginx && make && mae install

The default installation will report the following error if you do not have root permissions

mkdir: cannot create directory `/usr/local/nginx': Permission denied
make[1]: *** [install] Error 1
make[1]: Leaving directory `/opt/nginx-1.18.0'
make: *** [install] Error 2

After the default installation, check the installation directory of nginx and you can see that it is installed in the /usr/local/nginx directory

[root@40-10-14 opt]# whereis nginx
nginx: /usr/local/nginx

1. It is recommended to install using the specified directory method. If you switch to root permissions to install, subsequent modifications to the config file also require root permissions
2. Or after root installation, modify the permissions to allow ordinary users to operate

Add soft link

Add a soft link to make the nginx command globally accessible, so you don't have to switch to the installation directory every time you run it

# Add soft link [root@40-10-14 sbin]# ln -s /opt/nginx/sbin/nginx /usr/local/bin/
# Check the version [root@40-10-14 sbin]# nginx -v
nginx version: nginx/1.18.0

Common commands

Start: nginx
Stop: nginx -s stop
Restart: nginx -s reload
Help command: nginx -h

Force stop:

# View the Linux process id
[root@40-10-14 ~]# ps -ef | grep nginx
nobody 45198 1 0 16:12 ? 00:00:00 nginx: worker process
root 51261 50692 0 17:00 pts/0 00:00:00 grep nginx
# Close the process [root@40-10-14 ~]# kill 45198
# The previous process has been closed [root@40-10-14 ~]# ps -ef | grep nginx
root 51277 50692 0 17:00 pts/0 00:00:00 grep nginx

Configuring the Proxy

To configure request forwarding between the two machines, edit the nginx/conf/nginx.conf file in the nginx installation directory.

#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;


events {
  worker_connections 1024;
}


http {
  include mime.types;
  default_type application/octet-stream;

  #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  # '$status $body_bytes_sent "$http_referer" '
  # '"$http_user_agent" "$http_x_forwarded_for"';

  #access_log logs/access.log main;

  sendfile on;
  #tcp_nopush on;

  #keepalive_timeout 0;
  keepalive_timeout 65;

  #gzip on;

  # The request needs to be forwarded to the following two machines, with traffic equally divided; specify the IP and port upstream zpserver {
       server xx.xx.xx.22:10001;
       server xx.xx.xx.23:10001;
  }

  server {
    # The nginx service port is 80
    listen 80;
    server_name localhost;

    #charset koi8-r;

    #access_log logs/host.access.log main;

    # Only requests to the /user root path are forwarded location /user {
      root html;
      index index.html index.htm;
      proxy_pass http://zpserver;
    }

    #error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
      root html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    # proxy_pass http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #root html;
    # fastcgi_pass 127.0.0.1:9000;
    # fastcgi_index index.php;
    # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
    #include fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    # deny all;
    #}
  }


  # another virtual host using mix of IP-, name-, and port-based configuration
  #
  #server {
  # listen 8000;
  # listen somename:8080;
  # server_name somename alias another.alias;

  # location / {
  #root html;
  # index index.html index.htm;
  # }
  #}


  # HTTPS server
  #
  #server {
  # listen 443 ssl;
  # server_name localhost;

  # ssl_certificate cert.pem;
  # ssl_certificate_key cert.key;

  # ssl_session_cache shared:SSL:1m;
  #ssl_session_timeout 5m;

  # ssl_ciphers HIGH:!aNULL:!MD5;
  # ssl_prefer_server_ciphers on;

  # location / {
  #root html;
  # index index.html index.htm;
  # }
  #}

}

Note: After modifying the nginx configuration file, you need to run nginx -s reload to make it take effect

verify

Since many online services require login, you need to use domain name to access them instead of IP, because cookies are bound to domain names.

The solution to this problem is very simple. Just configure the local host.

#IP is the Nginx server IP
xx.xx.xx.14 xxx.daojia.com

With the above configuration, you can indirectly access the online service through Nginx on the deployment machine by requesting xxx.daojia.com on the local browser, so as to test whether the service is correct in the intranet; after the service is normal, you can cut the online traffic over.

This is the end of this article about the detailed record of network isolation practice through Nginx. For more relevant Nginx network isolation content, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:

Detailed explanation and isolation of nginx built-in variables for simple interception

<<: React method of displaying data in pages

>>: Analysis of MySQL cumulative aggregation principle and usage examples

Several methods and advantages and disadvantages of implementing three-column layout with CSS

Detailed explanation of the practical record of solving network isolation through Nginx

Several methods and advantages and disadvantages of implementing three-column layout with CSS

The complete usage of setup, ref, and reactive in Vue3 combination API

Detailed explanation of dynamically generated tables using javascript

How to fix abnormal startup of mysql5.7.21

Example test MySQL enum type

Vue shopping cart case study

mysql5.6.8 source code installation process

MySQL's method of dealing with duplicate data (preventing and deleting)

MySQL data duplicate checking and deduplication implementation statements

A brief discussion of the interesting box model of CSS3 box-sizing property

Recommend

Analyze the difference between computed and watch in Vue

Detailed explanation of how Vue returns values to dynamically generate forms and submit data

Introduction to general_log log knowledge points in MySQL

Solve the problem of Docker starting Elasticsearch7.x and reporting an error

Several ways to remove the dotted box that appears when clicking a link

CSS--overflow:hidden in project examples

How to redirect nginx directory path

Docker binding fixed IP/cross-host container mutual access operation

MySQL 8.0.19 installation and configuration method graphic tutorial

Detailed explanation of the reasons and solutions for floating elements to collapse the height of their parent elements

Javascript operation mechanism Event Loop

Introduction to MySQL role functions

Example code of vue + element ui to realize player function

CSS style to center the HTML tag in the browser

Causes and solutions for front-end exception 502 bad gateway