Nginx可以作为一个反向代理服务器，就像一个项目经理。当它得到一个请求时，它会分析它并将请求转发给上游(项目成员)或处理它自己。Nginx有两种处理请求的方式。

服务请求 将请求转发到另一个服务器 服务器{ server_name mydomain。示例sub.mydomain.example; 位置/ { proxy_pass http://127.0.0.1:8000; 主机$ Host; proxy_pass_request_headers; ｝ 位置/静态/ { 别名/我/静态/文件/路径; ｝ ｝

服务器请求

使用此配置，当请求URL为 Mydomain.example /static/myjs.js返回myjs.js文件 / /静态/文件/文件夹路径。当你配置Nginx服务时 静态文件，它处理请求本身。

将请求转发到另一个服务器

当请求URL是mydomain时。Nginx将转发 请求到http://127.0.0.1:8000。上运行的服务 Localhost 8000端口将接收请求并返回响应 Nginx返回客户端的响应。

当你在8000端口上运行node.js服务器时，Nginx将把请求转发给node.js。编写node.js逻辑并处理请求。你让你的nodejs服务器在Nginx服务器后面运行。

如果你想运行nodejs之外的其他服务，只需要在不同的端口上运行另一个服务，比如Django, flask, PHP，然后在Nginx中配置它。

你也可以使用node.js生成静态文件到nginx提供的目录中。当然，站点的一些动态部分可以由node提供，而另一些则由nginx提供(静态)。

使用nginx提供的一些服务可以提高你的性能。

我们可以通过Nginx作为反向代理来轻松地设置一个Nodejs应用程序。 以下配置假设NodeJS应用程序运行在127.0.0.1:8080上，

  server{
     server_name domain.example sub.domain.example; # multiple domains

     location /{
      proxy_pass http://127.0.0.1:8080;
      proxy_set_header Host $host;
      proxy_pass_request_headers on;
     }

     location /static/{
       alias /absolute/path/to/static/files; # nginx will handle js/css
     }
   }

在上面的设置中，你的Nodejs应用程序将

get HTTP_HOST头，在那里你可以应用域特定的逻辑来服务响应。 你的应用程序必须由一个进程管理器管理，比如pm2或supervisor来处理情况/重用套接字或资源等。 设置一个错误报告服务来获取生产错误，如哨兵或滚动条

注意:你可以设置处理域特定请求路由的逻辑，为expressjs应用程序创建一个中间件

Nginx可以作为一个反向代理服务器，就像一个项目经理。当它得到一个请求时，它会分析它并将请求转发给上游(项目成员)或处理它自己。Nginx有两种处理请求的方式。

服务请求 将请求转发到另一个服务器 服务器{ server_name mydomain。示例sub.mydomain.example; 位置/ { proxy_pass http://127.0.0.1:8000; 主机$ Host; proxy_pass_request_headers; ｝ 位置/静态/ { 别名/我/静态/文件/路径; ｝ ｝

服务器请求

使用此配置，当请求URL为 Mydomain.example /static/myjs.js返回myjs.js文件 / /静态/文件/文件夹路径。当你配置Nginx服务时 静态文件，它处理请求本身。

将请求转发到另一个服务器

当请求URL是mydomain时。Nginx将转发 请求到http://127.0.0.1:8000。上运行的服务 Localhost 8000端口将接收请求并返回响应 Nginx返回客户端的响应。

当你在8000端口上运行node.js服务器时，Nginx将把请求转发给node.js。编写node.js逻辑并处理请求。你让你的nodejs服务器在Nginx服务器后面运行。

如果你想运行nodejs之外的其他服务，只需要在不同的端口上运行另一个服务，比如Django, flask, PHP，然后在Nginx中配置它。

我通过Nginx代理独立的Node Express应用程序。

因此，新的应用程序可以很容易地安装，我也可以在同一服务器上的不同位置运行其他东西。

以下是关于我的Nginx配置示例设置的更多详细信息:

Deploy multiple Node applications on one web server in subfolders with Nginx Things get tricky with Node when you need to move your application from from localhost to the internet. There is no common approach for Node deployment. Google can find tons of articles on this topic, but I was struggling to find the proper solution for the setup I need. Basically, I have a web server and I want Node applications to be mounted to subfolders (i.e. http://myhost/demo/pet-project/) without introducing any configuration dependency to the application code. At the same time I want other stuff like blog to run on the same web server. Sounds simple huh? Apparently not. In many examples on the web Node applications either run on port 80 or proxied by Nginx to the root. Even though both approaches are valid for certain use cases, they do not meet my simple yet a little bit exotic criteria. That is why I created my own Nginx configuration and here is an extract: upstream pet_project { server localhost:3000; } server { listen 80; listen [::]:80; server_name frontend; location /demo/pet-project { alias /opt/demo/pet-project/public/; try_files $uri $uri/ @pet-project; } location @pet-project { rewrite /demo/pet-project(.*) $1 break; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $proxy_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://pet_project; proxy_redirect http://pet_project/ /demo/pet-project/; } } From this example you can notice that I mount my Pet Project Node application running on port 3000 to http://myhost/demo/pet-project. First Nginx checks if whether the requested resource is a static file available at /opt/demo/pet-project/public/ and if so it serves it as is that is highly efficient, so we do not need to have a redundant layer like Connect static middleware. Then all other requests are overwritten and proxied to Pet Project Node application, so the Node application does not need to know where it is actually mounted and thus can be moved anywhere purely by configuration. proxy_redirect is a must to handle Location header properly. This is extremely important if you use res.redirect() in your Node application. You can easily replicate this setup for multiple Node applications running on different ports and add more location handlers for other purposes.

来自:http://skovalyov.blogspot.dk/2012/07/deploy-multiple-node-applications-on.html

Nginx和Nodejs的最佳和最简单的设置是使用Nginx作为启用proxy_protocol的HTTP和TCP负载均衡器。在这种情况下，Nginx将能够将传入的请求代理到nodejs，并终止到后端Nginx服务器的SSL连接，而不是代理服务器本身。(SSL-PassThrough)

在我看来，没有必要给出非ssl的例子，因为所有的web应用都(或应该)使用安全的环境。

示例:代理服务器的配置，在/etc/nginx/nginx.conf中

user  nginx;
worker_processes  1;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
  upstream webserver-http {
    server 192.168.1.4; #use a host port instead if using docker
    server 192.168.1.5; #use a host port instead if using docker
  }
  upstream nodejs-http {
    server 192.168.1.4:8080; #nodejs listening port
    server 192.168.1.5:8080; #nodejs listening port
  }
  server {
    server_name example.com;
    location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $server_name;
      proxy_set_header Connection "";
      add_header       X-Upstream $upstream_addr;
      proxy_redirect     off;
      proxy_connect_timeout  300;
      proxy_http_version 1.1;
      proxy_buffers 16 16k;
      proxy_buffer_size 16k;
      proxy_cache_background_update on;
      proxy_pass http://webserver-http$request_uri;
    }
  }
  server {
    server_name node.example.com;
    location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $server_name;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      add_header       X-Upstream $upstream_addr;
      proxy_redirect     off;
      proxy_connect_timeout  300;
      proxy_http_version 1.1;
      proxy_buffers 16 16k;
      proxy_buffer_size 16k;
      proxy_cache_background_update on;
      proxy_pass http://nodejs-http$request_uri;
    }
  }
}
stream {
  upstream webserver-https {
    server 192.168.1.4:443; #use a host port instead if using docker
    server 192.168.1.5:443; #use a host port instead if using docker
  }

  server {
    proxy_protocol on;
    tcp_nodelay on;
    listen 443;
    proxy_pass webserver-https;
  }
  log_format proxy 'Protocol: $protocol - $status $bytes_sent $bytes_received $session_time';
  access_log  /var/log/nginx/access.log proxy;
  error_log /var/log/nginx/error.log debug;
}

现在，让我们处理后端web服务器。 /etc/nginx/nginx.conf:

user  nginx;
worker_processes  1;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
load_module /etc/nginx/modules/ngx_http_geoip2_module.so; # GeoIP2
events {
    worker_connections  1024;
}
http {
    variables_hash_bucket_size 64;
    variables_hash_max_size 2048;
    server_tokens off;
    sendfile    on;
    tcp_nopush  on;
    tcp_nodelay on;
    autoindex off;
    keepalive_timeout  30;
    types_hash_bucket_size 256;
    client_max_body_size 100m;
    server_names_hash_bucket_size 256;
    include         mime.types;
    default_type    application/octet-stream;
    index  index.php index.html index.htm;
    # GeoIP2
    log_format  main    'Proxy Protocol Address: [$proxy_protocol_addr] '
                        '"$request" $remote_addr - $remote_user [$time_local] "$request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';

    # GeoIP2
    log_format  main_geo    'Original Client Address: [$realip_remote_addr]- Proxy Protocol Address: [$proxy_protocol_addr] '
                            'Proxy Protocol Server Address:$proxy_protocol_server_addr - '
                            '"$request" $remote_addr - $remote_user [$time_local] "$request" '
                            '$status $body_bytes_sent "$http_referer" '
                            '$geoip2_data_country_iso $geoip2_data_country_name';

    access_log  /var/log/nginx/access.log  main_geo; # GeoIP2
#===================== GEOIP2 =====================#
    geoip2 /usr/share/geoip/GeoLite2-Country.mmdb {
        $geoip2_metadata_country_build  metadata build_epoch;
        $geoip2_data_country_geonameid  country geoname_id;
        $geoip2_data_country_iso        country iso_code;
        $geoip2_data_country_name       country names en;
        $geoip2_data_country_is_eu      country is_in_european_union;
    }
    #geoip2 /usr/share/geoip/GeoLite2-City.mmdb {
    #   $geoip2_data_city_name city names en;
    #   $geoip2_data_city_geonameid city geoname_id;
    #   $geoip2_data_continent_code continent code;
    #   $geoip2_data_continent_geonameid continent geoname_id;
    #   $geoip2_data_continent_name continent names en;
    #   $geoip2_data_location_accuracyradius location accuracy_radius;
    #   $geoip2_data_location_latitude location latitude;
    #   $geoip2_data_location_longitude location longitude;
    #   $geoip2_data_location_metrocode location metro_code;
    #   $geoip2_data_location_timezone location time_zone;
    #   $geoip2_data_postal_code postal code;
    #   $geoip2_data_rcountry_geonameid registered_country geoname_id;
    #   $geoip2_data_rcountry_iso registered_country iso_code;
    #   $geoip2_data_rcountry_name registered_country names en;
    #   $geoip2_data_rcountry_is_eu registered_country is_in_european_union;
    #   $geoip2_data_region_geonameid subdivisions 0 geoname_id;
    #   $geoip2_data_region_iso subdivisions 0 iso_code;
    #   $geoip2_data_region_name subdivisions 0 names en;
   #}

#=================Basic Compression=================#
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/css text/xml text/plain application/javascript image/jpeg image/png image/gif image/x-icon image/svg+xml image/webp application/font-woff application/json application/vnd.ms-fontobject application/vnd.ms-powerpoint;
    gzip_static on;

    include /etc/nginx/sites-enabled/example.com-https.conf;
}

现在，让我们在/etc/nginx/sites-available/example.com-https.conf配置虚拟主机，启用SSL和proxy_protocol:

server {
    real_ip_header proxy_protocol;
    set_real_ip_from 192.168.1.1; #proxy server ip address
    #set_real_ip_from proxy; #proxy container hostname if you are using docker
    server_name 192.168.1.4; #Your current server ip address. It will redirect to the domain name.
    listen 80;
    listen 443 ssl http2;
    listen [::]:80;
    listen [::]:443 ssl http2;
    ssl_certificate     /etc/nginx/certs/example.com.crt;
    ssl_certificate_key /etc/nginx/certs/example.com.key;
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
    return 301 https://example.com$request_uri;
}
server {
    real_ip_header proxy_protocol;
    set_real_ip_from 192.168.1.1; #proxy server ip address
    #set_real_ip_from proxy; #proxy container hostname if you are using docker
    server_name  example.com;
    listen       *:80;
    return 301   https://example.com$request_uri;
}
server {
    real_ip_header proxy_protocol;
    set_real_ip_from 192.168.1.1; #proxy server ip address
    #set_real_ip_from proxy; #proxy container hostname if you are using docker
    server_name www.example.com;
    listen 80;
    listen 443 http2;
    listen [::]:80;
    listen [::]:443 ssl http2 ;
    ssl_certificate     /etc/nginx/certs/example.com.crt;
    ssl_certificate_key /etc/nginx/certs/example.com.key;
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
    return 301 https://example.com$request_uri;
}
server {
    real_ip_header proxy_protocol;
    set_real_ip_from 192.168.1.1; #proxy server ip address
    #set_real_ip_from proxy; #proxy container hostname if you are using docker
    server_name example.com;
    listen 443 proxy_protocol ssl http2;
    listen [::]:443 proxy_protocol ssl http2;
    root /var/www/html;
    charset UTF-8;
    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Referrer-Policy no-referrer;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    keepalive_timeout   70;
    ssl_buffer_size 1400;
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=86400;
    resolver_timeout 10;
    ssl_certificate     /etc/nginx/certs/example.com.crt;
    ssl_certificate_key /etc/nginx/certs/example.com.key;
    ssl_trusted_certificate /etc/nginx/certs/example.com.crt;
location ~* \.(jpg|jpe?g|gif|png|ico|cur|gz|svgz|mp4|ogg|ogv|webm|htc|css|js|otf|eot|svg|ttf|woff|woff2)(\?ver=[0-9.]+)?$ {
    expires modified 1M;
    add_header Access-Control-Allow-Origin '*';
    add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    }
    location ~ /.well-known { #For issuing LetsEncrypt Certificates
        allow all;
    }
location / {
    index index.php;
    try_files $uri $uri/ /index.php?$args;
    }
error_page  404    /404.php;

location ~ \.php$ {
    try_files       $uri =404;
    fastcgi_index   index.php;
    fastcgi_pass    unix:/tmp/php7-fpm.sock;
    #fastcgi_pass    php-container-hostname:9000; (if using docker)
    fastcgi_pass_request_headers on;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_intercept_errors on;
    fastcgi_ignore_client_abort off;
    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_request_buffering on;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 4 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    include fastcgi_params;
}
location = /robots.txt {
    access_log off;
    log_not_found off;
    }
location ~ /\. {
    deny  all;
    access_log off;
    log_not_found off;
    }
}

最后，2个nodejs web服务器的示例: 第一个服务器:

var http = require('http');

http.createServer(function (req, res) {
    res.writeHead(200, {'Content-Type': 'text/plain'});
    res.end('Hello From Nodejs\n');
}).listen(8080, "192.168.1.4");
console.log('Server running at http://192.168.1.4:8080/');

第二个服务器:

var http = require('http');

http.createServer(function (req, res) {
    res.writeHead(200, {'Content-Type': 'text/plain'});
    res.end('Hello From Nodejs\n');
}).listen(8080, "192.168.1.5");
console.log('Server running at http://192.168.1.5:8080/');

现在一切都应该完美地工作并且负载平衡了。

前段时间我写了一篇关于如何在Docker中设置Nginx作为TCP负载均衡器的文章。如果您正在使用Docker，请查看它。