Nginx 反向代理操作案例
Nginx反向代理的組件模塊
upstream模塊介紹->點我<
http_proxy_module模塊介紹->點我<
環境准備
1)四台服務器都需操作如下步驟:
# systemctl stop firewalld //關閉防火牆 # sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux //關閉selinux,重啟生效 # setenforce 0 //關閉selinux,臨時生效 # ntpdate 0.centos.pool.ntp.org //時間同步
2)LB節點源碼安裝nginx:
# yum install openssl openssl-devel pcre pcre-devel gcc gcc-c++ make autoconf automake -y //安裝依賴工具包
//編寫安裝腳本 # cat >installNginx.sh<<EOF mkdir /home/tools cd /home/tools wget -q http://nginx.org/download/nginx-1.12.2.tar.gz ls -l nginx-1.12.2.tar.gz useradd nginx -s /sbin/nologin -M tar xf nginx-1.12.2.tar.gz cd nginx-1.12.2 ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.12.2 --with-http_stub_status_module --with-http_ssl_module make make install ln -s /application/nginx-1.12.2/ /application/nginx EOF
# bash installNginx.sh //執行安裝腳本
說明:上面源碼安裝的nginx,配置文件路徑:/application/nginx/conf/nginx.conf 二進制啟動命令路徑:/application/nginx/sbin/nginx
3)web節點yum安裝nginx及准備測試文件:
# yum install nginx -y //安裝nginx # mkdir /application/nginx/html/{www,bbs,blog} -p //創建web站點目錄 # for dir in www bbs blog; do echo "`hostname` $dir" >/application/nginx/html/$dir/index.html;done //創建站點目錄測試文件
# vim /etc/nginx/nginx.conf //編輯配置文件 user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; server { listen 80; server_name www.etiantian.org; location / { root /application/nginx/html/www; } access_log /var/log/nginx/access_www.log main; } server { listen 80; server_name bbs.etiantian.org; location / { root /application/nginx/html/bbs; } access_log /var/log/nginx/access_bbs.log main; } server { listen 80; server_name blog.etiantian.org; location / { root /application/nginx/html/blog; } access_log /var/log/nginx/access_blog.log main; } }
# systemctl start nginx //啟動nginx # systemctl enable nginx //加入開機自啟動
4)web站點配置hosts解析及測試nginx是否能夠正常訪問
//web1站點編輯后的/etc/hosts文件 [root@centos7-3 ~]# tail -3 /etc/hosts 192.168.3.103 www.etiantian.org 192.168.3.103 bbs.etiantian.org 192.168.3.103 blog.etiantian.org //web2站點編輯后的/etc/hosts文件 [root@centos7-4 ~]# tail -3 /etc/hosts 192.168.3.104 www.etiantian.org 192.168.3.104 bbs.etiantian.org 192.168.3.104 blog.etiantian.org //web1站點測試 [root@centos7-3 ~]# curl www.etiantian.org centos7-3 www [root@centos7-3 ~]# curl bbs.etiantian.org centos7-3 bbs [root@centos7-3 ~]# curl blog.etiantian.org centos7-3 blog //web2站點測試 [root@centos7-4 ~]# curl www.etiantian.org centos7-4 www [root@centos7-4 ~]# curl bbs.etiantian.org centos7-4 bbs [root@centos7-4 ~]# curl blog.etiantian.org centos7-4 blog
案例
完成上面的lb節點的軟件安裝及web節點的測試文件准備后,下面開始配置案例,說明,先配置單節點的lb,也就是先只在(centos7-1)lb1 上面進行配置。
案例一:最基本的負載均衡
編輯lb1(192.168.3.101)配置文件,編輯之前記得將默認配置文件進行備份
# cp /application/nginx/conf/nginx.conf /application/nginx/conf/nginx.conf.default //備份配置文件 # sed -i '/^[ ]*$/d' /application/nginx/conf/nginx.conf //去掉配置文件中的注釋及空行
# vim /application/nginx/conf/nginx.conf //編輯配置文件 worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream myapp1 { #<== upstream 是關鍵字必須要有,后面的myapp1為一個Upstream集群組的名字,可以自定義,調用時就用這個名字。 server 192.168.3.103 weight=1; #<==server 關鍵字是固定的,后面可以接域名或IP,如果不指定端口,默認是80端口。weight 代表權重,數值越大被分配到請求越多,默認值為1,所以此處可寫可不寫。結尾有分號,別忘了; server 192.168.3.104 weight=1; } server { listen 80; server_name localhost; location / { proxy_pass http://myapp1; } } }
# /application/nginx/sbin/nginx -t //檢查語法是否錯誤 # /application/nginx/sbin/nginx -s reload //重新加載配置文件
我們用lb2機器來測試(用任何一台都可以),測試結果可以看出,會輪循調度到后端web節點上
[root@centos7-2 ~]# curl 192.168.3.101 centos7-3 www [root@centos7-2 ~]# curl 192.168.3.101 centos7-4 www [root@centos7-2 ~]# curl 192.168.3.101 centos7-3 www [root@centos7-2 ~]# curl 192.168.3.101 centos7-4 www
案例二:基於權重(wrr)
修改配置文件 upstream 段為以下內容
upstream myapp1 {
server 192.168.3.103 weight=1;
server 192.168.3.104 weight=2;
}
同樣使用lb2機器來進行測試,可以發現調度后端節點編程了1:2,調度到web2節點上面總是會多一次。
[root@centos7-2 ~]# curl 192.168.3.101 centos7-3 www [root@centos7-2 ~]# curl 192.168.3.101 centos7-4 www [root@centos7-2 ~]# curl 192.168.3.101 centos7-4 www [root@centos7-2 ~]# curl 192.168.3.101 centos7-3 www [root@centos7-2 ~]# curl 192.168.3.101 centos7-4 www [root@centos7-2 ~]# curl 192.168.3.101 centos7-4 www
案例三:較完整的 upstream 配置案例
修改配置文件 upstream 段為以下內容
upstream myapp1 { server 192.168.3.103 weight=1 max_fails=3 fail_timeout=20s; server 192.168.3.104 weight=1 max_fails=3 fail_timeout=20s; } //max_fails 嘗試連接后端主機失敗的次數; fail_timeout 在max_fails定義的失敗次數后,距離下次檢查的間隔時間。
同樣使用lb2機器來進行測試,在測試過程中,關閉其中一個web節點,會發現只是調度到另外一個節點上面,然后再重啟關閉的節點,觀察測試輸出內容,會發現嘗試的時間。
[root@centos7-2 ~]# for n in {1..100}; do curl 192.168.3.101 ; date +%T; sleep 1; done
案例四:基於域名的負載
修改配置文件為以下內容
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream myapp1 { server 192.168.3.103 weight=1 max_fails=3 fail_timeout=20s; server 192.168.3.104 weight=1 max_fails=3 fail_timeout=20s; } server { listen 80; server_name www.etiantian.org; location / { proxy_pass http://myapp1; proxy_set_header Host $host; } } server { listen 80; server_name bbs.etiantian.org; location / { proxy_pass http://myapp1; proxy_set_header Host $host; } } server { listen 80; server_name blog.etiantian.org; location / { proxy_pass http://myapp1; proxy_set_header Host $host; } } }
編輯/etc/hosts文件,進行域名解析,此處為了方便,直接在lb1節點上面編輯並測試(如果需要在別的節點進行測試,那么進行域名解析即可)
# vim /etc/hosts 192.168.3.101 www.etiantian.org bbs.etiantian.org blog.etiantian.org
測試發現基於域名ok,因為上面配置的權重都為1,所以不論我們訪問哪一個域名,都會輪循去調度后端web節點。
[root@centos7-1 ~]# curl www.etiantian.org centos7-4 www [root@centos7-1 ~]# curl www.etiantian.org centos7-3 www [root@centos7-1 ~]# curl bbs.etiantian.org centos7-4 bbs [root@centos7-1 ~]# curl bbs.etiantian.org centos7-3 bbs [root@centos7-1 ~]# curl blog.etiantian.org centos7-4 blog [root@centos7-1 ~]# curl blog.etiantian.org centos7-3 blog
案例五:記錄客戶端真實IP
先到web節點上面查看訪問日志
[root@centos7-3 ~]# tailf /var/log/nginx/access_www.log 192.168.3.101 - - [08/Apr/2019:00:18:14 +0800] "GET / HTTP/1.0" 200 14 "-" "curl/7.29.0" "-" 192.168.3.101 - - [08/Apr/2019:00:18:16 +0800] "GET / HTTP/1.0" 200 14 "-" "curl/7.29.0" “-"
通過觀察日志發現,記錄的都負載均衡器節點的IP,實際生產環境中都是記錄真實客戶端IP。
進行修改配置文件(lb節點)將location 段加上 proxy_set_header X-Forwarded-For $remote_addr;
location / { proxy_pass http://myapp1; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; }
使用lb2節點進行測試(我們將lb2當做一個客戶端訪問),然后我們再去查看日志就可以發現,記錄了客戶端的真實IP地址。
[root@centos7-3 ~]# tailf /var/log/nginx/access_www.log 192.168.3.101 - - [08/Apr/2019:00:36:06 +0800] "GET / HTTP/1.0" 200 14 "-" "curl/7.29.0" "192.168.3.102" 192.168.3.101 - - [08/Apr/2019:00:36:07 +0800] "GET / HTTP/1.0" 200 14 "-" "curl/7.29.0" "192.168.3.102"
案例六:根據不同的URI 調度到不同的服務器
常見架構圖
梳理:1、當用戶請求 www.etiantian.org/upload/xx 地址時,實現由upload上傳服務器池處理請求;2、當用戶請求 www.etiantian.org/static/xx 地址時,實現由靜態服務器池處理請求;3、除此之外,對於其它訪問請求,全部由默認的動態服務器池處理請求。如下圖:
在wab服務器上面准備測試文件
//准備測試文件web1的80 upload [root@centos7-3 ~]# mkdir /application/nginx/html/www/upload [root@centos7-3 ~]# echo "upload web01 192.168.3.103 " > /application/nginx/html/www/upload/index.html //准備測試文件web2的80 static [root@centos7-4 ~]# mkdir /application/nginx/html/www/static [root@centos7-4 ~]# echo "static web02 192.168.3.104 " > /application/nginx/html/www/static/index.html //准備測試文件web2的8080 default [root@centos7-4 ~]# mkdir /application/nginx/www_8080 [root@centos7-4 ~]# vim /etc/nginx/conf.d/www_8080.conf server { listen 80; server_name localhost; access_log /var/log/nginx/access.log main; location / { root /application/nginx/www_8080; index index.html index.htm; } } [root@centos7-4 ~]# echo "default web02 192.168.3.104 " > /application/nginx/www_8080/index.html //在lb1服務器測試后端web服務器是否能夠正常訪問 [root@centos7-1 ~]#curl 192.168.3.103/upload/index.html upload web01 192.168.3.103 [root@centos7-1 ~]# curl 192.168.3.104/static/index.html static web02 192.168.3.104 [root@centos7-1 ~]# curl 192.168.3.104:8080/index.html default web02 192.168.3.104
配置LB,修改lb1配置文件進行配置
sendfile on; keepalive_timeout 65; upstream upload_pools { server 192.168.3.103:80; } upstream static_pools { server 192.168.3.104:80; } upstream default_pools { server 192.168.3.104:8080; } server { listen 80; server_name www.etiantian.org; location / { proxy_pass http://default_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } location /upload { proxy_pass http://upload_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } location /static { proxy_pass http://static_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } }
在lb2(模擬客戶端)節點上面進行測試,結果可以看到根據不同的url調度到不同的服務器上面了。
[root@centos7-2 ~]# curl 192.168.3.101 default web02 192.168.3.104 [root@centos7-2 ~]# curl 192.168.3.101/upload/index.html upload web01 192.168.3.103 [root@centos7-2 ~]# curl 192.168.3.101/static/index.html static web02 192.168.3.104