nginx實現動靜分離

一、簡單配置nginx的動靜分離

假設web1為靜態服務器，web2為動態服務器，node2做代理

1.1 根據目錄分開

web1只處理靜態請求

[root@web1 ~]# mkdir -p /var/www/www/image
[root@web1 ~]# yum -y install lrzsz
[root@web1 ~]# cd /var/www/www/image/
[root@web1 image]# rz
[root@web1 image]# ll
-rw-r--r--. 1 root root 156848 Mar 13 11:31 nhrzyx.png
[root@web2 ~]# vim /etc/httpd/conf/httpd.conf 
 DocumentRoot "/var/www/www"
[root@web2 ~]# systemctl restart httpd

web2只處理動態請求

[root@web2 ~]# mkdir -p /var/www/www/dynamic
[root@web2 ~]# echo dynamic10 > /var/www/www/dynamic/index.html
[root@web2 ~]# vim /etc/httpd/conf/httpd.conf 
 DocumentRoot "/var/www/www"
[root@web2 ~]# systemctl restart httpd

訪問測試

http://172.25.254.134/image/nhrzyx.png

http://172.25.254.135/dynamic/index.html

1.2 通過請求分離

配置代理

[root@lb01 conf]# vim nginx.conf
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
upstream  stack_pools {
        server 172.25.254.134:80 weight=5;
}
upstream  dynamic_pools {
        server 172.25.254.135:80 weight=5;
}
    server {
        listen       80;
        server_name  www.lbtest.com;
        location / {
            root   html;
            index  index.html index.htm;
            proxy_set_header Host $host;
            proxy_pass http://dynamic_pools;
        }
        location /image/ {
            proxy_set_header Host $host;
        proxy_pass http://stack_pools;
        }
        location /dynamic/ {
            proxy_set_header Host $host;
        proxy_pass http://dynamic_pools;
        }
    }
}
[root@lb01 conf]# nginx -s reload

配置hosts ，瀏覽器訪問測試

172.25.254.131  www.lbtest.com

http://www.lbtest.com/image/nhrzyx.png

http://www.lbtest.com/dynamic/

1.3 根據擴展名分離

[root@lb01 conf]# vim nginx.conf

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
upstream  stack_pools {
        server 172.25.254.134:80 weight=5;
}
upstream  dynamic_pools {
        server 172.25.254.135:80 weight=5;
}
    server {
        listen       80;
        server_name  www.lbtest.com;
        location / {
            root   html;
            index  index.html index.htm;
            proxy_set_header Host $host;
            proxy_pass http://dynamic_pools;
        }
        location ~ .*.(jpg|png|gif|css|js|swf|bmp|jsp|php|asp)$ {
        proxy_set_header Host $host;
        proxy_pass http://stack_pools;
        }
    }
}
[root@lb01 conf]# nginx -s reload

http://www.lbtest.com/image/nhrzyx.png 

1.4 根據客戶端標識進行分離

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
upstream  stack_pools {
        server 172.25.254.134:80 weight=5;
}
upstream  dynamic_pools {
        server 172.25.254.135:80 weight=5;
}
    server {
        listen       80;
        server_name  www.lbtest.com;
        location / {
                if ($http_user_agent ~* "MSIE")
                {
                        proxy_pass http://dynamic_pools;
                }
                if ($http_user_agent ~* "firefox")
                {
                        proxy_pass http://stack_pools;
                }
        }
        proxy_set_header Host $host;
        }
}
[root@web1 image]# echo stack_web>> /var/www/www/test.html
[root@web1 image]# systemctl restart httpd

[root@web2 ~]# echo dynamic_web>>/var/www/www/test.html
[root@web2 ~]# systemctl restart httpd

分別使用IE和火狐瀏覽器訪問

http://www.lbtest.com/test.html

1.5 使用客戶端的pc和移動分離

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
upstream  stack_pools {
        server 172.25.254.134:80 weight=5;
}
upstream  dynamic_pools {
        server 172.25.254.135:80 weight=5;
}
    server {
        listen       80;
        server_name  www.lbtest.com;
        location / {
                if ($http_user_agent ~* "iphone")
                {
                        proxy_pass http://dynamic_pools;
                }
                if ($http_user_agent ~* "android")
                {
                        proxy_pass http://stack_pools;
                }
        }
        proxy_set_header Host $host;
        }
}

分別使用安卓和iphone訪問測試

http://www.lbtest.com/test.html

二 、優化

[root@node2 ~]# vim /etc/sysctl.conf

net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time =600
net.ipv4.ip_local_port_range = 4000  65000
net.ipv4.tcp_max_syn_backlog = 16348
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_max_orphans = 16384
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 18364

proxy_next_upstream error timeout  invalid_header http_500 http_502_http_503  http_504;
nginx嘗試連接后端主機失敗的次數你，這個數是配合proxy_next_upstream，fastcgi_next_upstream，和memcached_next_upstream這三個參數來使用的，當nginx接受后端服務器返回這三個數定義的狀態碼的時候，會將這個請求轉發給正常的后端服務器，例如404,502,503.Max_fails默認值是1

[root@node2 ~]# sysctl -p

簡單介紹keepalive和nginx

配置keepalived實現nginx負載均衡的高可用

keepalive更適合於見得IP漂移，如果資源服務有控制，heartbeat更適合，比如存儲方向的高可用

三、 nginx反向代理的健康檢查

nginx做反向代理的時候，當后端就的服務器出現宕機的時候，nginx不能把這台realserver剔除upstream的，所以還會把請求轉發到后端的這台realserve上，雖然nginx可以在localtion中啟用proxy_next_upstream來解決返回給客戶的錯誤頁面，但這個還會會把請求轉發轉給這台服務器，然后再轉發別的服務器，這樣就浪費了一次轉發，借助淘寶團隊開發的nginx模塊nginx_upstream_check_module來檢測后方的realserver的健康狀態，如果后端服務器不可用，則所有的請求不轉發到這台服務器

check interval=5000 rise=1 fall=3 timeout=4000;

3.1 直接添加到配置文件

[root@node2 ~]# vim /usr/local/nginx/conf/nginx.conf

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
upstream  web_pools {
        server 172.25.254.134:80 weight=5;
        server 172.25.254.135:80 weight=5;
#       server 172.25.254.158:80 weight=5  backup;
check interval=5000 rise=1 fall=3 timeout=4000;

}
    server {
        listen       80;
        server_name  www.lbtest.com;
        location / {
           # root   html;
           # index  index.html index.htm;
            proxy_set_header Host $host;
            proxy_pass http://web_pools;
        }
    }
}

[root@node2 ~]# nginx -t

nginx: [emerg] unknown directive "check" in /usr/local/nginx/conf/nginx.conf:14
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed 

檢查失敗

下載nginx的模塊https://github.com/yaoweibin/nginx_upstream_check_module，使用nginx打上模塊的安裝，當做nginx的升級

3.2 下載模塊

[root@node2 nginx-1.12.2]# yum -y install git

[root@node2 nginx-1.12.2]#  git clone https://github.com/yaoweibin/nginx_upstream_check_module.git

[root@node2 nginx-1.12.2]# ll

drwxr-xr-x. 7 root   root     4096 Apr 13 00:57 nginx_upstream_check_module

[root@node2 nginx-1.12.2]# cd nginx_upstream_check_module/

[root@node2 nginx_upstream_check_module]# ll

-rw-r--r--. 1 root root      0 Apr 13 00:57 CHANGES
-rw-r--r--. 1 root root   7921 Apr 13 00:57 check_1.11.1+.patch
-rw-r--r--. 1 root root   8330 Apr 13 00:57 check_1.11.5+.patch
-rw-r--r--. 1 root root   8060 Apr 13 00:57 check_1.12.1+.patch
-rw-r--r--. 1 root root   8054 Apr 13 00:57 check_1.14.0+.patch
-rw-r--r--. 1 root root   5483 Apr 13 00:57 check_1.2.1.patch
-rw-r--r--. 1 root root   7130 Apr 13 00:57 check_1.2.2+.patch
-rw-r--r--. 1 root root   7094 Apr 13 00:57 check_1.2.6+.patch
-rw-r--r--. 1 root root   6791 Apr 13 00:57 check_1.5.12+.patch
-rw-r--r--. 1 root root   8295 Apr 13 00:57 check_1.7.2+.patch
-rw-r--r--. 1 root root   8346 Apr 13 00:57 check_1.7.5+.patch
-rw-r--r--. 1 root root   8509 Apr 13 00:57 check_1.9.2+.patch
-rw-r--r--. 1 root root   6943 Apr 13 00:57 check.patch
-rw-r--r--. 1 root root    749 Apr 13 00:57 config
drwxr-xr-x. 2 root root     43 Apr 13 00:57 doc
-rw-r--r--. 1 root root   1709 Apr 13 00:57 nginx-sticky-module.patch
drwxr-xr-x. 2 root root     29 Apr 13 00:57 nginx-tests
-rw-r--r--. 1 root root 112010 Apr 13 00:57 ngx_http_upstream_check_module.c
-rw-r--r--. 1 root root    529 Apr 13 00:57 ngx_http_upstream_check_module.h
-rw-r--r--. 1 root root   2848 Apr 13 00:57 ngx_http_upstream_jvm_route_module.patch
-rw-r--r--. 1 root root  11509 Apr 13 00:57 README
drwxr-xr-x. 6 root root     79 Apr 13 00:57 test
-rw-r--r--. 1 root root   3342 Apr 13 00:57 upstream_fair.patch
drwxr-xr-x. 2 root root     81 Apr 13 00:57 util

3.3 打補丁

[root@node2 nginx_upstream_check_module]# cd ../

[root@node2 nginx-1.12.2]# yum -y install patch

注：因nginx版本更新，1.12以上版本的nginx，補丁為check_1.11.5+.patch

[root@node2 nginx-1.12.2]# patch -p0 < ./nginx_upstream_check_module/check_1.11.5+.patch

patching file src/http/modules/ngx_http_upstream_hash_module.c
patching file src/http/modules/ngx_http_upstream_ip_hash_module.c
patching file src/http/modules/ngx_http_upstream_least_conn_module.c
patching file src/http/ngx_http_upstream_round_robin.c
patching file src/http/ngx_http_upstream_round_robin.h

3.4 編譯安裝

[root@node2 nginx-1.12.2]# ./configure --prefix=/usr/local/nginx \
> --user=nginx --group=nginx \
> --with-http_ssl_module \
> --with-http_realip_module \
> --with-http_addition_module \
> --with-http_gzip_static_module \
> --with-http_stub_status_module \
> --with-http_sub_module \
> --with-pcre \
> --add-module=./nginx_upstream_check_module

出現一個新的目錄 為objs

[root@node2 nginx-1.12.2]# ll

drwxr-xr-x. 4 root   root      187 Apr 13 01:04 objs

[root@node2 nginx-1.12.2]# make

sed -e "s|%%PREFIX%%|/usr/local/nginx|" \
    -e "s|%%PID_PATH%%|/usr/local/nginx/logs/nginx.pid|" \
    -e "s|%%CONF_PATH%%|/usr/local/nginx/conf/nginx.conf|" \
    -e "s|%%ERROR_LOG_PATH%%|/usr/local/nginx/logs/error.log|" \
    < man/nginx.8 > objs/nginx.8
make[1]: Leaving directory `/usr/local/src/nginx-1.12.2'

[root@node2 nginx-1.12.2]# ll objs/

drwxr-xr-x. 3 root root      41 Apr 13 01:04 addon
-rw-r--r--. 1 root root   16895 Apr 13 01:04 autoconf.err
-rw-r--r--. 1 root root   42396 Apr 13 01:04 Makefile
-rwxr-xr-x. 1 root root 5993600 Apr 13 01:06 nginx   #nginx新的可執行文件
-rw-r--r--. 1 root root    5341 Apr 13 01:06 nginx.8
-rw-r--r--. 1 root root    7202 Apr 13 01:04 ngx_auto_config.h
-rw-r--r--. 1 root root     657 Apr 13 01:03 ngx_auto_headers.h
-rw-r--r--. 1 root root    6412 Apr 13 01:04 ngx_modules.c
-rw-r--r--. 1 root root   87120 Apr 13 01:06 ngx_modules.o
drwxr-xr-x. 9 root root      91 Apr  3 22:38 src

備份就得nginx，並拷貝新的nginx

[root@node2 nginx-1.12.2]# cd /usr/local/nginx/sbin/

[root@node2 sbin]# mv nginx nginx.bak

[root@node2 sbin]# cp /usr/local/src/nginx-1.12.2/objs/nginx /usr/local/nginx/sbin

[root@node2 sbin]# /usr/local/nginx/sbin/nginx -s stop

nginx: [emerg] getpwnam("nginx") failed

[root@node2 sbin]# id nginx

id: nginx: no such user

[root@node2 sbin]# useradd nginx

[root@node2 sbin]# id nginx

uid=1002(nginx) gid=1002(nginx) groups=1002(nginx)

[root@node2 sbin]# /usr/local/nginx/sbin/nginx -s stop

[root@node2 sbin]# /usr/local/nginx/sbin/nginx 

[root@node2 ~]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

成功安裝 

3.5 配置

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
upstream  web_pools {
        server 172.25.254.134:80 weight=5;
        server 172.25.254.135:80 weight=5;
#       server 172.25.254.158:80 weight=5  backup;
check interval=5000 rise=1 fall=3 timeout=4000;

}
    server {
        listen       80;
        server_name  www.lbtest.com;
        location / {
            proxy_set_header Host $host;
            proxy_pass http://web_pools;
        }
        location /nstatus{
        check_status;
        access_log off;
        }
    }
}

 [root@node2 conf]# nginx -s reload

3.6 訪問測試

兩個狀態正常

關掉一個

[root@web1 image]# systemctl stop httpd

 

關掉兩個

[root@web2 ~]# systemctl stop httpd

開啟一個

[root@web1 image]# systemctl start httpd

[root@web2 ~]# systemctl restart httpd

 

成功實現后端檢查功能

參考：老男孩教育視頻公開課https://www.bilibili.com/video/av25869969/?p=1xn