- A+
由于本人建站一直使用的是LNMP的环境,所以,反代的一些也是选择参考的是Nginx的内容。
假设网站A1.com反代A2.com的例子:
server
{
listen 80;
server_name A1.com www.A1.com;if ( $scheme = http ){
return 301 https://$server_name$request_uri;
}if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) {
return 403;
}location /
{
proxy_pass http://A2.com;
proxy_set_header Host A2.com;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_key A2.com$request_uri$is_args$args;
proxy_cache_valid 200 304 301 302 1h;
add_header X-Cache $upstream_cache_status;
proxy_set_header Accept-Encoding "";
sub_filter "A2.com" "A1.com";
sub_filter_once off;
expires 12h;
}location ~ .*\.(php|jsp|cgi|asp|aspx|flv|swf|xml)?$
{
proxy_set_header Host A2.com;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://A2.com;
proxy_set_header Accept-Encoding "";
sub_filter "A2.com" "A1.com";
sub_filter_once off;
}access_log /root/log/1.com.log;
}
其它反代:
server {
listen 80;
server_name a.com www.a.com;
index index.html index.htm index.php;
access_log off;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer http://www.a.com;
proxy_set_header Host $host;
proxy_set_header Cookie $http_cookie;
proxy_pass http://1.1.1.1;
}
}
(其中a.com替换成你的网站域名, 1.1.1.1换成你的后端服务器ip)
然后 :wq回车 保存退出,service nginx restart 重启nginx
结束
应用这个策略,还可以灵活的应付ddos攻击,你只要注意保护后端ip不要泄露,攻击者只能打你的前端,而你要做的只是适时的换一个前端就行了。
如果是要镜像别人的网站,那么第二步的设置是这样:
server {
listen 80;
server_name a.com www.a.com;
index index.html index.htm index.php;
access_log off;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer http://www.hostlic.com;
proxy_set_header Host www.hostloc.com;
proxy_set_header Cookie $http_cookie;
proxy_pass http://23.225.155.85;
proxy_redirect off;
subs_filter_types text/html text/css text/xml;
subs_filter www.hostloc.com a.com;
subs_filter hostloc.com a.com;
}
}
另外的一种反代:
upstream remote #这里的remote是可以随便取的名称
{
keepalive 30; #这里指定保持连接,时间为30秒
server www.2.com; #这个www.2.com是目标网站的IP
}
server {
listen 80; #这个是中转机绑定的端口
server_name www.1.com; #这里是中转机绑定的域名proxy_buffering off; #这两行是指关闭传输缓冲区,降低内存占用,提高响应速度
proxy_request_buffering off;location /
{
proxy_set_header X-Real-IP $remote_addr; #将用户的真实IP传递给目标服务器
proxy_set_header Host www.2.com; #设置Host为www.2.com,因为目标服务器的网站绑定了域名www.2.com
proxy_set_header Connection Keep-Alive; #设置保持长连接,时间为上面upstream里的keepalive的30秒
proxy_pass http://remote; #这里的remote对应upstream设置的名称
sub_filter "2.com" "1.com"; #这里表示将目标网站的字符串“2.com”全部替换成“1.com”
sub_filter "哈哈" "你好"; #这里表示将目标网站的字符串“哈哈”全部替换成“你好”
sub_filter_once off; #这里表示上面的替换是替换全部匹配成功的内容,而不是只替换一次
}
}
关于ssl:
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
proxy_connect_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
gzip on;
gzip_disable "msie6";
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
