AgentSkillsCN

reverse-proxy

将nginx与Traefik配置为反向代理,实施SSL终止与路由转发功能。在搭建应用网关时加以运用。

SKILL.md
--- frontmatter
name: reverse-proxy
description: Configure nginx and Traefik as reverse proxies. Implement SSL termination and routing. Use when setting up application gateways.
license: MIT
metadata:
  author: devops-skills
  version: "1.0"

Reverse Proxy

Configure reverse proxies for application routing.

nginx

nginx
server {
    listen 80;
    server_name api.example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name api.example.com;
    
    ssl_certificate /etc/ssl/certs/api.crt;
    ssl_certificate_key /etc/ssl/private/api.key;
    
    location / {
        proxy_pass http://backend:8080;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    
    location /ws {
        proxy_pass http://backend:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Traefik

yaml
# traefik.yml
entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

providers:
  docker:
    exposedByDefault: false

Best Practices

  • Implement SSL termination
  • Set proper headers
  • Configure timeouts
  • Enable gzip compression