实验目的
通过nginx实现反向代理的功能,类似apache反向代理和haproxy反向代理
工作中用nginx做反向代理和负载均衡的也越来越多了
有些公司从web服务器到反向代理,都使用nginx。nginx在1.9版本加入了tcp的反向代理功能
甚至安全策略:nginx+lua 完全可以搞定。
打开nginx官网
nginx做反向代理,安装命令如下,使用www用户运行nginx
1
2
3
4
5
6
7
8
9
useradd
-s
/sbin/noglogin
-M www
wget http:``//nginx``.org``/download/nginx-1``.9.12.``tar``.gz
tar
zxf nginx-1.9.12.``tar``.gz
cd
nginx-1.9.12
.``/configure
--prefix=``/usr/local/nginx-1``.9.12 \
--user=www --group=www --with-http_ssl_module \
--with-http_stub_status_module --with-``file``-aio
make
&&
make
install
ln
-s
/usr/local/nginx-1``.9.12/
/usr/local/nginx
检查语法
1
2
3
4
[root@linux-node2 nginx-1.9.12]``# /usr/local/nginx/sbin/nginx -t
nginx: the configuration
file
/usr/local/nginx-1``.9.12``/conf/nginx``.conf syntax is ok
nginx: configuration
file
/usr/local/nginx-1``.9.12``/conf/nginx``.conf
test
is successful
[root@linux-node2 nginx-1.9.12]``#
检查服务器有无其它服务占用80端口,可以关闭了。
1
[root@linux-node1 ~]``# /usr/local/httpd/bin/apachectl -k stop
配置nginx反向代理,修改主配置文件
gzip是默认关闭的
长连接默认打开的
sendfile 默认打开的
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
[root@linux-node1 conf]``# cat nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 10240;
}
http {
include mime.types;
default_type application``/octet-stream``;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream backend {
server 10.0.1.105:8080 weight=1 max_fails=3 fail_timeout=30s;
server 10.0.1.106:8080 weight=2 max_fails=3 fail_timeout=30s;
}
server {
listen 80;
server_name www.nginx-nmap.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
proxy_pass http:``//backend``;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504
/50x``.html;
location =
/50x``.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
[root@linux-node1 conf]``#
上面设置虚拟主机名www.nginx-nmap.com,以及后端集群组backend,设置了location把任何请求都发给后端backend
上面配置文件里也设置了后端web集群
负载均衡配置时的2个参数:fail_timeout和max_fails
这2个参数一起配合,来控制nginx怎样认为upstream中的某个server是失效的当在fail_timeout的时间内,某个server连接失败了max_fails次,则nginx会认为该server不工作了。
同时,在接下来的 fail_timeout时间内,nginx不再将请求分发给失效的server。
比如失败3次,那么接下来10秒不会之内不会把请求发个这个认为失败的机器。然后过了30秒后,这个机器继续收到探测请求.一般生产中设置为30秒
1
2
3
4
upstream backend {
server 10.0.1.105:8080 weight=1 max_fails=3 fail_timeout=30s;
server 10.0.1.106:8080 weight=2 max_fails=3 fail_timeout=30s;
}
关于nginx反向代理功能由下面模块提供
可以参照下官方个的配置例子
http://nginx.org/en/docs/http/ngx_http_upstream_module.html
官方文档做的挺好
检测语法,启动或者reload。查看监听状态
1
2
3
4
5
6
7
8
[root@linux-node1 conf]``# /usr/local/nginx/sbin/nginx -t
nginx: the configuration
file
/usr/local/nginx-1``.9.12``/conf/nginx``.conf syntax is ok
nginx: configuration
file
/usr/local/nginx-1``.9.12``/conf/nginx``.conf
test
is successful
[root@linux-node1 conf]``# /usr/local/nginx/sbin/nginx -s reload
[root@linux-node1 conf]``# netstat -lntp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 27141``/nginx``: master
tcp6 0 0 :::8080 :::* LISTEN 20130``/httpd
[root@linux-node1 conf]``#
客户端windows的hosts文件里配置如下
10.0.1.105 www.nginx-nmap.com
浏览器测试
停止node2的httpd。nginx会自动把请求发送给node1,前端无感知
1
2
3
[root@linux-node2 nginx-1.9.12]``# systemctl stop httpd
[root@linux-node2 nginx-1.9.12]``# systemctl start httpd
[root@linux-node2 nginx-1.9.12]``#
启动node2的httpd之后,刷30秒,node2才出现,也就是我们设置的fail_timeout=30的缘故
关于会话保持
会话保持,有基于ip的有ip_hash
直接添加这一行即可
重启
1
2
3
4
5
[root@linux-node1 conf]``# /usr/local/nginx/sbin/nginx -t
nginx: the configuration
file
/usr/local/nginx-1``.9.12``/conf/nginx``.conf syntax is ok
nginx: configuration
file
/usr/local/nginx-1``.9.12``/conf/nginx``.conf
test
is successful
[root@linux-node1 conf]``# /usr/local/nginx/sbin/nginx -s reload
[root@linux-node1 conf]``#
再次访问就只有node2了
关于nginx的负载均衡算法有很多,自行百度
手机扫一扫
移动阅读更方便
你可能感兴趣的文章