Nginx 配置端口转发

本文介绍如何为 Nginx 配置端口转发。经常在 CentOS 系统中搭建各种网站，为了满足各种不同的网站共用 80/443 端口，我们可以采用 Nginx 的端口转发功能，将 80/443 端口通过域名映射到后端的多个端口。

配置端口转发

进入/etc/nginx/conf.d目录下，默认文件如下：

[root@xiexianbin_cn ~]# cd /etc/nginx/conf.d
[root@xiexianbin_cn conf.d]# ll
total 12
-rw-r--r-- 1 root root 1290 Jun 17 05:34 default.conf
-rw-r--r-- 1 root root  466 Jun 17 05:34 ssl.conf
-rw-r--r-- 1 root root  283 Jun 17 05:34 virtual.conf
[root@xiexianbin_cn conf.d]#

在/etc/nginx/conf.d目录下创建proxy.conf文件，文件内容如下：

proxy_redirect          off;
proxy_set_header        Host $host;
proxy_set_header        X-Real-IP $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffer_size       4k;
proxy_buffers           4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
source repo / download raw

在/etc/nginx/conf.d中，创建nginx.conf文件，配置信息如下：

#user nobody;
worker_processes 1;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid        logs/nginx.pid;
events {
    worker_connections 64;
}

http {
    include       mime.types;
    default_type application/octet-stream;
    log_format main '$remote_addr - $remote_user [$time_local] $request '
    #                  '"$status" $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    access_log logs/access.log main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout 0;
    keepalive_timeout 100;
    # set request cache
    client_header_buffer_size    2k;
    large_client_header_buffers 4 4k;
    # open gzip model
    gzip on;
    gzip_min_length 1100;
    gzip_buffers     4 8k;
    gzip_types       text/plain;
    output_buffers   1 32k;
    postpone_output 1460;

    upstream www.qikemi.com {
        server 127.0.0.1:8085;
    }

    upstream www.xiexianbin.cn {
        server 127.0.0.1:8086;
    }

    upstream www.xiaohua.asia {
        server 127.0.0.1:8087;
    }

    server {
        listen       80;
        server_name www.qikemi.com;
        #charset koi8-r;
        access_log logs/hostqikemi.access.log main;
        location / {
            #root   html;
            #index index.html index.htm;
            proxy_pass http://www.qikemi.com;
            include proxy.conf;
        }
    }

    server {
        listen       80;
        server_name www.xiexianbin.cn;
        #charset koi8-r;
        access_log logs/host166801.access.log main;
        location / {
            #root   html;
            #index index.html index.htm;
            proxy_pass http://www.xiexianbin.cn;
            include proxy.conf;
            expires 30d;
        }
    }

    server {
        listen       80;
        server_name www.xiaohua.asia;
        #charset koi8-r;
        access_log logs/hostxiaohua.access.log main;
        location / {
            #root   html;
            #index index.html index.htm;
            proxy_pass http://www.xiaohua.asia;
            include proxy.conf;
            expires 30d;
        }
    }
}
source repo / download raw

或者在/etc/nginx/conf.d中直接添加自己需要配置，如下：

[root@xiexianbin_cn conf.d]# cat cas.qikemi.com.conf
upstream cas.qikemi.com {
    server 127.0.0.1:8084;
}

server {
    listen       80;
    server_name  cas.qikemi.com;
    #ssl          on;
    #charset koi8-r;
    access_log logs/cas.qikemi.com.access.log main;

    ### SSL cert files ###
    #ssl_certificate      /var/local/github/ssl/qikemi.com/1_www.qikemi.com_bundle.crt;
    #ssl_certificate_key  /var/local/github/ssl/qikemi.com/2_www.qikemi.com.key;
    ### Add SSL specific settings here ###
    #keepalive_timeout    60;

    location / {
        #root   html;
        #index index.html index.htm;
        proxy_pass http://cas.qikemi.com;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
        include /etc/nginx/conf.d/proxy.conf;
        proxy_set_header X-Forwarded-Proto https;
    }
}

[root@xiexianbin_cn conf.d]# cat shop.qikemi.com.conf
upstream shop.qikemi.com {
    server 127.0.0.1:8082;
    #server xiexianbin.github.io;
}

server {
    listen       80;
    server_name  shop.qikemi.com;
    #ssl          on;
    #charset koi8-r;
    access_log logs/shop.qikemi.com.access.log main;

    ### SSL cert files ###
    #ssl_certificate      /var/local/github/ssl/qikemi.com/1_shop.qikemi.com_bundle.crt;
    #ssl_certificate_key  /var/local/github/ssl/qikemi.com/2_shop.qikemi.com.key;
    ### Add SSL specific settings here ###
    #keepalive_timeout    60;


    location / {
        #root   html;
        #index index.html index.htm;
        proxy_pass http://shop.qikemi.com;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
        include /etc/nginx/conf.d/proxy.conf;
        proxy_set_header X-Forwarded-Proto https;
    }
}

• xiexianbin_cn.conf

upstream www.xiexianbin.cn {
    server 127.0.0.1:8081;
    #server xiexianbin.github.io;
}

server {
    listen 80;
    server_name www.xiexianbin.cn;
    rewrite ^(.*) https://$server_name$1 permanent;
}

server {
    listen 80;
    server_name xiexianbin.cn;
    rewrite ^(.*) https://www.xiexianbin.cn permanent;
}

server {
    listen       443;
    server_name  www.xiexianbin.cn;
    ssl          on;
    #charset koi8-r;
    access_log logs/www.xiexianbin.cn.access.log main;

    ### SSL cert files ###
    ssl_certificate      /var/local/github/ssl/xiexianbin_cn/1_www.xiexianbin.cn_bundle.crt;
    ssl_certificate_key  /var/local/github/ssl/xiexianbin_cn/2_www.xiexianbin.cn.key;
    ### Add SSL specific settings here ###
    keepalive_timeout    60;


    location / {
        #root   html;
        #index index.html index.htm;
        proxy_pass http://www.xiexianbin.cn;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
        include /etc/nginx/conf.d/proxy.conf;
        proxy_set_header X-Forwarded-Proto https;
    }
}
source repo / download raw