nginx 内网转发

nginx 内网转发

对外暴露虚假的地址，真实地址限制为内部调用。当对外地址转发到内部服务器，可做拦截、验证等等，校验通过后，再做静态转发。代码如下：

#nginx 配置

#对外暴露的地址
location /public/api {
      proxy_pass http://192.168.0.100:10086;
      index index.html index.htm;
}

#真实服务地址
location /private/api {
    # 限制为内部调用
    internal;
    proxy_pass http://192.168.0.200:10010;
    index index.html index.htm;
}

// 192.168.0.100:10086端口后台服务


import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Slf4j
@RestController
public class TestController {

    
    @RequestMapping(value = "/**")
    public void auth (@RequestBody String body, HttpServletRequest request, HttpServletResponse response) {
        
        String requestURI = request.getRequestURI();
        
        // TODO 完善自己的验证规则
        if(requestURI.startsWith("/public/")){
            response.setStatus(500);
            return;
        }
        
        // TODO 完善自己的路由规则
        String interForwardURL = requestURI.replaceAll("/public/", "/private/");
        response.addHeader("X-Accel-Redirect",interForwardURL);
        response.setStatus(200);
    }
}

// 192.168.0.200:10010 后台服务

@RestController
@RequestMapping("/private")
public class TestController {

    @RequestMapping(value ="/api",method = {RequestMethod.GET,RequestMethod.POST})
    public void testMethod(@RequestBody TestDTO testDTO){
        System.out.println("success");
    }
    
}

http://192.168.0.200:10010/private/api 请求失败（404 Not Found）

http://192.168.0.100:10086/public/api 请求成功（200 OK）