nginx reverse proxy 설정 해보기

2021. 8. 26. 11:35Was

반응형

환경 : CentOS7 / nginX 1.18.0 기준

  • root 권한이 필요
    • sudo -i
    • or 명령어 수행 시 sudo를 붙여서 처리.
  • 최신 nginx 설치를 하기 위해 별도의 repo를 지정.
    • vi /etc/yum.repos.d/nginx.repo
      아래의 내용을 추가
      [nginx]
      name=nginx repo
      baseurl=https://nginx.org/packages/centos/$releasever/$basearch/
      gpgcheck=0
      enabled=1​
    • 회사 내에 프록시를 사용하고 있다면 아래처럼 설정.
      • vi /etc/yum.conf
        proxy=http://proxy url​
    • yum update
      yum update
      Loaded plugins: fastestmirror, langpacks, versionlock
      Determining fastest mirrors
      EPEL7                                                                                                                 | 4.7 kB  00:00:00
      base                                                                                                                  | 3.6 kB  00:00:00
      centosplus                                                                                                            | 2.9 kB  00:00:00
      extras                                                                                                                | 2.9 kB  00:00:00
      nginx                                                                                                                 | 2.9 kB  00:00:00
      update                                                                                                                | 2.9 kB  00:00:00
      (1/5): EPEL7/7/x86_64/updateinfo                                                                                      | 1.0 MB  00:00:00
      (2/5): centosplus/7/x86_64/primary_db                                                                                 | 4.1 MB  00:00:00
      (3/5): EPEL7/7/x86_64/primary_db                                                                                      | 6.9 MB  00:00:00
      (4/5): update/7/x86_64/primary_db                                                                                     | 9.6 MB  00:00:00
      (5/5): nginx/7/x86_64/primary_db                                                                                      |  67 kB  00:00:01
      Resolving Dependencies
      --> Running transaction check
      ---> Package microcode_ctl.x86_64 2:2.1-73.9.el7_9 will be updated
      ---> Package microcode_ctl.x86_64 2:2.1-73.11.el7_9 will be an update
      --> Finished Dependency Resolution
      
      Dependencies Resolved
      
      =============================================================================================================================================
       Package                             Arch                         Version                                 Repository                    Size
      =============================================================================================================================================
      Updating:
       microcode_ctl                       x86_64                       2:2.1-73.11.el7_9                       update                       4.2 M
      
      Transaction Summary
      =============================================================================================================================================
      Upgrade  1 Package
      
      Total download size: 4.2 M
      Is this ok [y/d/N]: y
      Downloading packages:
      Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
      microcode_ctl-2.1-73.11.el7_9.x86_64.rpm                                                                              | 4.2 MB  00:00:00
      Running transaction check
      Running transaction test
      Transaction test succeeded
      Running transaction
      Warning: RPMDB altered outside of yum.
        Updating   : 2:microcode_ctl-2.1-73.11.el7_9.x86_64                                                                                    1/2
      
        Cleanup    : 2:microcode_ctl-2.1-73.9.el7_9.x86_64                                                                                     2/2
        Verifying  : 2:microcode_ctl-2.1-73.11.el7_9.x86_64                                                                                    1/2
        Verifying  : 2:microcode_ctl-2.1-73.9.el7_9.x86_64                                                                                     2/2
      
      Updated:
        microcode_ctl.x86_64 2:2.1-73.11.el7_9
      
      Complete!
    • nginx 설치가능한 버전 확인
      • yum list nginx --showduplicates
        Loaded plugins: fastestmirror, langpacks, versionlock
        Loading mirror speeds from cached hostfile
        Available Packages
        nginx.x86_64                                                    1:1.8.0-1.el7.ngx                                                       nginx
        nginx.x86_64                                                    1:1.8.1-1.el7.ngx                                                       nginx
        nginx.x86_64                                                    1:1.10.0-1.el7.ngx                                                      nginx
        nginx.x86_64                                                    1:1.10.1-1.el7.ngx                                                      nginx
        nginx.x86_64                                                    1:1.10.2-1.el7.ngx                                                      nginx
        nginx.x86_64                                                    1:1.10.3-1.el7.ngx                                                      nginx
        nginx.x86_64                                                    1:1.12.0-1.el7.ngx                                                      nginx
        nginx.x86_64                                                    1:1.12.1-1.el7.ngx                                                      nginx
        nginx.x86_64                                                    1:1.12.2-1.el7_4.ngx                                                    nginx
        nginx.x86_64                                                    1:1.14.0-1.el7_4.ngx                                                    nginx
        nginx.x86_64                                                    1:1.14.1-1.el7_4.ngx                                                    nginx
        nginx.x86_64                                                    1:1.14.2-1.el7_4.ngx                                                    nginx
        nginx.x86_64                                                    1:1.16.0-1.el7.ngx                                                      nginx
        nginx.x86_64                                                    1:1.16.1-1.el7.ngx                                                      nginx
        nginx.x86_64                                                    1:1.18.0-1.el7.ngx                                                      nginx
        nginx.x86_64                                                    1:1.18.0-2.el7.ngx                                                      nginx
        nginx.x86_64                                                    1:1.20.0-1.el7.ngx                                                      nginx
        nginx.x86_64                                                    1:1.20.1-1.el7.ngx                                                      nginx
        nginx.x86_64                                                    1:1.20.1-2.el7                                                          EPEL7​
    • nginx 설치
      • yum install nginx 1.18.0 -y
        Loaded plugins: fastestmirror, langpacks, versionlock
        Loading mirror speeds from cached hostfile
        No package 1.18.0 available.
        Resolving Dependencies
        --> Running transaction check
        ---> Package nginx.x86_64 1:1.20.1-2.el7 will be installed
        --> Processing Dependency: nginx-filesystem = 1:1.20.1-2.el7 for package: 1:nginx-1.20.1-2.el7.x86_64
        --> Processing Dependency: libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
        --> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
        --> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_1)(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
        --> Processing Dependency: nginx-filesystem for package: 1:nginx-1.20.1-2.el7.x86_64
        --> Processing Dependency: libcrypto.so.1.1()(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
        --> Processing Dependency: libssl.so.1.1()(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
        --> Running transaction check
        ---> Package nginx-filesystem.noarch 1:1.20.1-2.el7 will be installed
        ---> Package openssl11-libs.x86_64 1:1.1.1g-3.el7 will be installed
        --> Finished Dependency Resolution
        
        Dependencies Resolved
        
        =============================================================================================================================================
         Package                                Arch                         Version                               Repository                   Size
        =============================================================================================================================================
        Installing:
         nginx                                  x86_64                       1:1.20.1-2.el7                        EPEL7                       586 k
        Installing for dependencies:
         nginx-filesystem                       noarch                       1:1.20.1-2.el7                        EPEL7                        23 k
         openssl11-libs                         x86_64                       1:1.1.1g-3.el7                        EPEL7                       1.5 M
        
        Transaction Summary
        =============================================================================================================================================
        Install  1 Package (+2 Dependent packages)
        
        Total download size: 2.0 M
        Installed size: 5.2 M
        Downloading packages:
        (1/3): nginx-filesystem-1.20.1-2.el7.noarch.rpm                                                                       |  23 kB  00:00:00
        (2/3): nginx-1.20.1-2.el7.x86_64.rpm                                                                                  | 586 kB  00:00:00
        (3/3): openssl11-libs-1.1.1g-3.el7.x86_64.rpm                                                                         | 1.5 MB  00:00:00
        ---------------------------------------------------------------------------------------------------------------------------------------------
        Total                                                                                                        9.4 MB/s | 2.0 MB  00:00:00
        Running transaction check
        Running transaction test
        Transaction test succeeded
        Running transaction
          Installing : 1:openssl11-libs-1.1.1g-3.el7.x86_64                                                                                      1/3
          Installing : 1:nginx-filesystem-1.20.1-2.el7.noarch                                                                                    2/3
          Installing : 1:nginx-1.20.1-2.el7.x86_64                                                                                               3/3
          Verifying  : 1:nginx-1.20.1-2.el7.x86_64                                                                                               1/3
          Verifying  : 1:nginx-filesystem-1.20.1-2.el7.noarch                                                                                    2/3
          Verifying  : 1:openssl11-libs-1.1.1g-3.el7.x86_64                                                                                      3/3
        
        Installed:
          nginx.x86_64 1:1.20.1-2.el7
        
        Dependency Installed:
          nginx-filesystem.noarch 1:1.20.1-2.el7                                 openssl11-libs.x86_64 1:1.1.1g-3.el7
        
        Complete!​
  • reverse proxy 설정 후 실행
    • 수정 하기 전 백업은 센스!
      • cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
    • 수정
      • vi /etc/nginx/nginx.conf
        • 주석처리 : #include /etc/nginx/conf.d/*.conf;
        • 8080 -> 80 port forwarding server쪽에 추가
           
          • nginx.conf 전체 
            include /usr/share/nginx/modules/*.conf;
            
            events {
                worker_connections 1024;
            }
            
            http {
                log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                                  '$status $body_bytes_sent "$http_referer" '
                                  '"$http_user_agent" "$http_x_forwarded_for"';
            
                access_log  /var/log/nginx/access.log  main;
            
                sendfile            on;
                tcp_nopush          on;
                tcp_nodelay         on;
                keepalive_timeout   65;
                types_hash_max_size 4096;
            
                include             /etc/nginx/mime.types;
                default_type        application/octet-stream;
            
            #   For more information on configuration, see:
            #   * Official English Documentation: http://nginx.org/en/docs/
            #   * Official Russian Documentation: http://nginx.org/ru/docs/
            
            user nginx;
            worker_processes auto;
            error_log /var/log/nginx/error.log;
            pid /run/nginx.pid;
                # Load modular configuration files from the /etc/nginx/conf.d directory.
                # See http://nginx.org/en/docs/ngx_core_module.html#include
                # for more information.
                # include /etc/nginx/conf.d/*.conf;
            
                server {
                    listen       80;
                    listen       [::]:80;
                    server_name  _;
                    root         /usr/share/nginx/html;
            
                    # Load configuration files for the default server block.
                    include /etc/nginx/default.d/*.conf;
            
                    # 8080 -> 80 port forwarding
                    location / {
                         proxy_pass              http://localhost:8080;
                         proxy_set_header        X-Real-IP $remote_addr;
                         proxy_set_header        X-Powarded-For $proxy_add_x_forwarded_for;
                         proxy_set_header        Host $http_host;
                    }
            
                    error_page 404 /404.html;
                    location = /404.html {
                    }
            
                    error_page 500 502 503 504 /50x.html;
                    location = /50x.html {
                    }
                }
            
            # Settings for a TLS enabled server.
            #
            #    server {
            #        listen       443 ssl http2;
            #        listen       [::]:443 ssl http2;
            #        server_name  _;
            #        root         /usr/share/nginx/html;
            #
            #        ssl_certificate "/etc/pki/nginx/server.crt";
            #        ssl_certificate_key "/etc/pki/nginx/private/server.key";
            #        ssl_session_cache shared:SSL:1m;
            #        ssl_session_timeout  10m;
            #        ssl_ciphers HIGH:!aNULL:!MD5;
            #        ssl_prefer_server_ciphers on;
            #
            #        # Load configuration files for the default server block.
            #        include /etc/nginx/default.d/*.conf;
            #
            #        error_page 404 /404.html;
            #            location = /40x.html {
            #        }
            #
            #        error_page 500 502 503 504 /50x.html;
            #            location = /50x.html {
            #        }
            #    }
            
            }
        • 수정 후 문법 체크
          • nginx -t
            nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
            nginx: configuration file /etc/nginx/nginx.conf test is successful
        • nginx 가동
          • service nginx start
            Redirecting to /bin/systemctl start nginx.service
        • nginx reload
          • service nginx -s reload
        • 잘 동작하는지 테스트 curl
          • curl -XGET "http://localhost:80" -v
            * About to connect() to localhost port 80 (#0)
            *   Trying 127.0.0.1...
            * Connected to localhost (127.0.0.1) port 80 (#0)
            > GET / HTTP/1.1
            > User-Agent: curl/7.29.0
            > Host: localhost
            > Accept: */*
            >
            < HTTP/1.1 302
            < Server: nginx/1.20.1
            < Date: Thu, 26 Aug 2021 02:29:38 GMT
            < Content-Length: 0
            < Connection: keep-alive
            < X-Content-Type-Options: nosniff
            < X-XSS-Protection: 1; mode=block
            < Cache-Control: no-cache, no-store, max-age=0, must-revalidate
            < Pragma: no-cache
            < Expires: 0
            < X-Frame-Options: DENY
            < Set-Cookie: SESSION=ZDViYjRjOTAtZGEyNC00N2U5LThlMzYtYmMwOGQzN2M2YTMz; Path=/; HttpOnly; SameSite=Lax
            < Location: http://localhost/login
            <
            * Connection #0 to host localhost left intact​
        • 실제로 8080port 빼고 붙었을 때 사이트가 잘 뜨면 OK!

 

 

 

 

반응형