2. 使用交流
  3. 关于FRP 内网穿透与Nginx 反向代理做缓存服务器的问题

关于FRP 内网穿透与Nginx 反向代理做缓存服务器的问题

kavid 2018-4-4 1873
本帖最后由 kavid 于 2018-4-4 10:57 编辑

关于FRP 内网穿透与Nginx 反向代理做缓存服务器的问题
nginx.conf 如下 

proxy_cache_path  /data/mystack/sites/www.91wii.com/proxy_cache levels=1:2 keys_zone=appnode_proxy_cache_zone_of_site_www.91wii.com:5m max_size=5g inactive=24h;

server {
    listen              80;
    server_name         *.91wii.com;
    keepalive_timeout   75s;
    keepalive_requests  100;
    access_log          /data/mystack/sites/www.91wii.com/log/nginx/access.log;
    error_log           /data/mystack/sites/www.91wii.com/log/nginx/error.log;

    location / {
        resolver                  114.114.114.114 8.8.8.8;
        proxy_pass                $scheme://$host:$server_port;
        proxy_set_header          X-Real-IP $remote_addr;
        proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header          Upgrade $http_upgrade;
        proxy_set_header          Connection $connection_upgrade;
        client_max_body_size      60m;
        proxy_cache_key           $scheme$host$request_uri;
        proxy_cache               appnode_proxy_cache_zone_of_site_www.91wii.com;
        proxy_cache_valid         200 301 302 24h;
        proxy_cache_valid         any 1m;
        proxy_cache_min_uses      1;
        proxy_cache_methods       GET HEAD;
        proxy_cache_use_stale     error timeout invalid_header updating http_500 http_502 http_503 http_504;
        proxy_cache_revalidate    on;
        proxy_cache_lock          on;
        proxy_cache_lock_timeout  5s;
    }


但是访问的试试出现404错误

nginx的日志如下: 
<font color="#000"> 3060 2018/04/03 07:19:27 [error] 22998#22998: *17165 upstream timed out (110: Conne    3060 ction timed out) while reading response header from upstream, client: 213.180.    3060 203.42, server: *.91wii.com, request: "GET /attachment/forum/month_1003/100315    3060 1053c0420097ed17ab23.png HTTP/1.1", upstream: "http://222.186.153.116:80/attac    3060 hment/forum/month_1003/1003151053c0420097ed17ab23.png", host: "img.91wii.com"</font>
 3061 2018/04/03 07:22:00 [error] 23033#23033: *17509 recv() failed (104: Connection    3061  reset by peer) while reading response header from upstream, client: 36.102.20    3061 8.156, server: *.91wii.com, request: "GET /uc_server/avatar.php?uid=78973&size    3061 =middle HTTP/1.1", upstream: "http://133.18.171.191:80/uc_server/avatar.php?ui    3061 d=78973&size=middle", host: "www.91wii.com", referrer: "http://www.91wii.com/t    3061 hread-75944-1-1.html"    3060 2018/04/03 07:19:27 [error] 22998#22998: *17165 upstream timed out (110: Conne    3060 ction timed out) while reading response header from upstream, client: 213.180.    3060 203.42, server: *.91wii.com, request: "GET /attachment/forum/month_1003/100315    3060 1053c0420097ed17ab23.png HTTP/1.1", upstream: "http://222.186.153.116:80/attac    3060 hment/forum/month_1003/1003151053c0420097ed17ab23.png", host: "img.91wii.com"    3061 2018/04/03 07:22:00 [error] 23033#23033: *17509 recv() failed (104: Connection    3061  reset by peer) while reading response header from upstream, client: 36.102.20    3061 8.156, server: *.91wii.com, request: "GET /uc_server/avatar.php?uid=78973&size    3061 =middle HTTP/1.1", upstream: "http://133.18.171.191:80/uc_server/avatar.php?ui    3061 d=78973&size=middle", host: "www.91wii.com", referrer: "http://www.91wii.com/t    3061 hread-75944-1-1.html"
    3060 2018/04/03 07:19:27 [error] 22998#22998: *17165 upstream timed out (110: Conne    3060 ction timed out) while reading response header from upstream, client: 213.180.    3060 203.42, server: *.91wii.com, request: "GET /attachment/forum/month_1003/100315    3060 1053c0420097ed17ab23.png HTTP/1.1", upstream: "http://222.186.153.116:80/attac    3060 hment/forum/month_1003/1003151053c0420097ed17ab23.png", host: "img.91wii.com"    3061 2018/04/03 07:22:00 [error] 23033#23033: *17509 recv() failed (104: Connection    3061  reset by peer) while reading response header from upstream, client: 36.102.20    3061 8.156, server: *.91wii.com, request: "GET /uc_server/avatar.php?uid=78973&size    3061 =middle HTTP/1.1", upstream: "http://133.18.171.191:80/uc_server/avatar.php?ui    3061 d=78973&size=middle", host: "www.91wii.com", referrer: "http://www.91wii.com/t    3061 hread-75944-1-1.html"

始终没有生效。

然后我用了
Quote
由于frp的http和https,都是从用户的服务中完整输出数据的,这对于一些使用frp的用户,网络比较差/上传低,打开自己的这些服务,要加载大半天的。
我们可以使用nginx的反代缓存,把frp用户的http和https中的静态资源缓存到服务器本地,从而减少frp用户本身的网络资源请求访问,直接略过大部分,从而在服务器加速。
效果是拔群的!

新建缓存目录
mkdir -pv /home/nginx/cache
赋予权限
chmod -R 777 /home/nginx/cache

在nginx.conf中http{}里添加以下参数

proxy_cache_path /home/nginx/cache levels=1:2 keys_zone=frp_cache:50m max_size=5g inactive=3d;

server {
listen 80;
server_name *.nat.ee;
location / {
proxy_redirect http://$host/ http://$http_host/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
location ~* \.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|woff|woff2|ttf|otf|eot)$ {
proxy_redirect http://$host/ http://$http_host/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_cache frp_cache;
proxy_cache_key $uri$is_args$args;
proxy_cache_valid 200 206 301 302 304 3d;
expires 3d;
}
}

server{
listen 443;
server_name *.nat.ee;
location / {
proxy_redirect https://$host/ https://$http_host/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-proto https;
}
location ~* \.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|woff|woff2|ttf|otf|eot)$ {
proxy_redirect https://$host/ https://$http_host/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-proto https;
proxy_cache frp_cache;
proxy_cache_key $uri$is_args$args;
proxy_cache_valid 200 206 301 302 304 3d;
expires 3d;
}
}

(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|woff|woff2|ttf|otf|eot)为需要进行缓存的静态资源,你可以添加或者修改。

proxy_cache_valid为服务器缓存,其中200 206 301 302 304为HTTP状态码(http://tool.chinaz.com/pagestatus/)针对状态码缓存,而最后面的 3d 为缓存过期时间,当用户没有在这个有效时间内访问到这个资源,则会过期清除,直到用户重新访问到这个资源则重新
缓存。
expires 为访问用户本地缓存
d 天数 h 小时 m 分钟 s 秒

http://127.0.0.1:8080;的8080端口为你frp.ini配置文件vhost_http_port = 8080端口
http://127.0.0.1:8443;的8443端口为你frp.ini配置文件vhost_https_port = 8443端口

配置成功后,并且访问目标网站,让其进行缓存,在/home/nginx/cache目录里会生成多个缓存目录和文件。


后来我使用这个配置,没有部署配置,直接选择nginx 重新加载,也是不行。
顺便附上昨天的nginx的错误日志

上传的附件:
收藏的用户(0 X
正在加载信息~
最新回复 (4)
  • 虚竹 2018-4-4
    引用 2
    工单收费服务中已为你处理了。
  • kavid 2018-4-4
    引用 3
    嗯,弄了这个代理之后,页面打开速度果然快多了
    还有从frp客户端传送的文件也是全速了,而不是两者同步

    具体说一下,比如访问者下载论坛的30m的附件

    公网服务器只有上行20m 带宽 下行100m,穿透的服务器有对称50m

    下载附件的时候,会一口气把30m的附件,用最快的速度50m的带宽传完,
    而发送还没有完成。

    这个时候frp从远程获取文件已经结束了,有效的降低了frp的使用时间。
  • kavid 2018-4-4
    引用 4
    以上言论纯属无责任猜想
  • 虚竹 2018-4-5
    引用 5
    如果开启了nginx反代缓存,要注意在源页面内容变化时,缓存会不会自动过期。
返回
发新帖