Brief introduction to Nginx reverse proxy

Nginx is an asynchronous framework Web server that can also be used as a reverse proxy, load balancer, and HTTP cache. Today we’ll talk about reverse proxies.

What is a reverse proxy?

In Reverse Proxy mode, a Proxy server receives Internet connection requests, forwards the requests to the Intranet server, and returns the results to the Internet client. In this case, the proxy server acts as a reverse proxy server.

Change the way we understand, is when external to internal network can’t directly access, through a proxy server can be accessed, and external network, see is a proxy server, feedback is returned by the proxy server, external network for the proxy server and the specific situation of the internal network directly is not visible.

What is the difference between a forward proxy and a reverse proxy?

A forward proxy is a server that sits between the client and the origin server. In order to get content from the origin server, the client sends a request to the proxy and specifies the destination (the origin server). The proxy then forwards the request to the origin server and returns the content to the client. The client can use the forward proxy.

Here’s one of the most striking differences :(see the graphic below to feel it.)

In a forward proxy, the client knows where the destination server is and accesses the destination server that the client cannot access directly through the proxy server. However, the destination server does not know how the client accesses the destination server.
In reverse proxy, the external network is invisible to the internal network, the proxy server proxies the internal network to return the desired data (of course, static files can be stored in Nginx, this is separate), and the server knows the source of the request and the dataA reverse proxy represents the server 。

Benefits of reverse proxy

The real Web server is protected. The Web server is invisible to the outside world, and only the reverse proxy server can be viewed from the outside world. However, no real data exists on the reverse proxy server, ensuring resource security of the Web server.
Reverse proxy is based on dynamic and dynamic resource separation and load balancing, reducing the burden on web servers and speeding up access to web sites (dynamic and dynamic resource separation and load balancing will be discussed later)
Saving limited IP address resources, all the websites in the enterprise share an IP address registered in the Internet, these servers allocate private addresses, using the virtual host way to provide services externally;

Simple configuration of reverse proxy in nginx.conf

server { listen 8182; server_name localhost; . location / { proxy_pass http://localhost:8082; . }}Copy the code

The server block can be understood as a virtual host, and if we call http://localhost:8182, the request will be forwarded to http://localhost:8082, so it is http://localhost:8082 that actually processes the request

How does the Web server get the real user IP after using Nginx

Question:

When Nginx is used, request.getremoteaddr () on the Web server returns the Nginx IP, not the IP of the real user

Solution:

Add some assignment operations to location in nginx.conf

server {
        ...
        location / {
            ...
            proxy_set_header    Host $host;
            proxy_set_header    X-real-ip $remote_addr;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for; }}Copy the code

GetHeader (“X-Forwarded-For”); To get the real user IP

Introduction:

proxy_set_header X-real-ip $remote_addr; If this parameter is Forwarded to x-Forwarded-for, the value is forwarded-to x-Forwarded-for. If this parameter is forwarded-to x-Forwarded-for, the value is forwarded-to x-Forwarded-for. If this parameter is forwarded-to x-Forwarded-for, it is forwarded-to x-Forwarded-for. This will be explained below
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

First of all, what is X-Forwarded-For?

X-forwarded-for: This header represents the real IP address of the client. This header is added only to an HTTP proxy or load balancer. A non-RFC standard for identifying a client address connected to a Web server via HTTP proxy or load balancer raw IP,

If Nginx sets this parameter to x-Forwarded-for, each forwarder Forwarded by the proxy is set to client1, Proxy1, and proxy2, separated by commas. If Nginx sets this parameter to x-Forwarded-For, each forwarder Forwarded by the proxy is set to client1, Proxy1, and proxy2. GetHeader (” X-Forwarded-for “) is Forwarded to the server by Proxy. If this forwarder is Forwarded to the server by Proxy, the remote IP address is Forwarded to the server by Proxy. If this forwarder is Forwarded to the server by Proxy, the remote IP address is Forwarded to the server by Proxy.

At this point, you need to add it in the Location block of the Nginx configuration

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
Copy the code

Forwarded-for: Client1, Forwarded-for:…. client1, Forwarded-for: client1, Forwarded-for:…. If you have two NginXes configured with this command, each of them receives “THE IP address of the first Nginx” from the web server’s request.getHeader(“X-Forwarded-For”). Each corresponds to the previous format.

Proxy_add_forwarded_for contains two formats: the first part of the request header is X-Forwarded-for, and the second part is $remote_ADDR, which is the IP address of the remote user

Let’s take a simple picture to explain:

Forwarded-for x-Forwarded-FOR X-Forwarded-FOR

X-real-ip is an overlay, and X-Forwarded-For is an add-on

For example, the request is sent from 1.1.1.1 and passes through a three-layer proxy. The first layer is 2.2.2.2 and the second layer is 3.3.3.3. The source of this request, IP4.4.4.4, is the third-layer proxy.

For x-real-IP, there is no standard. In the example above, if x-read-IP is configured, there are two possible scenarios
```
The last hop is a forward proxy, which may retain the Real client IP address: x-real-IP: 1.1.1.1// The last hop is a reverse proxy, such as Nginx, which is usually directly connected to the client IP address: x-real-IP: 3.3.3.3Copy the code
```
X-Forwarded-For
```
X - Forwarded - For: 1.1.1.1 2.2.2.2, 3.3.3.3Copy the code
```
So if there is only one layer of proxy, the two values are the same

The resources

Nginx is easy to understand
Nginx Reverse proxy Nginx
Understand the application scenarios of Nginx
Nginx proxy_set_header Sets custom headers
What’s the difference between X-Forwarded-For and X-Real-IP?