目錄
1. nginx實現反向代理功能
1.1 nginx代理功能概述
代理分為正向代理和反向代理兩種:
-
正向代理
正向代理一般指的是在客戶端側代替客戶端向服務器發送請求,主要使用的場景為:
- **上網(FQ)
- 客戶端提速(游戲加速器)
- 客戶端緩存,由代理服務器提供緩存功能,客戶端請求時如果代理有緩存,則直接返回給客戶端。
- 客戶端管控,一般由防火牆充當代理服務器,對客戶端上網進行管控
正向代理示意圖如下:
-
反向代理
指的是代理外部用戶的請求到內部指定的WEB服務器,並將數據返回給客戶端的一種方式。主要使用的場景為:
- 路由功能:根據用戶請求的URL調度到不同的功能的服務器進行處理
- 負載均衡
- 動靜分離:將客戶端請求的動態資源和靜態資源調度至不同的服務器進行處理
- 數據緩存:將后端服務器返回的數據緩存在代理服務器上,加速用戶獲取資源
反向代理的示意圖如下:
nginx作為反向代理服務器主要使用下面的模塊完成不同的功能:
-
ngx_http_proxy_module:
將客戶端的請求以http協議轉發至指定服務器進行處理。
-
ngx_stream_proxy_module:
將客戶端的請求以tcp協議轉發至指定服務器處理。
-
ngx_http_fastcgi_module:
將客戶端對php的請求以fastcgi協議轉發至指定服務器助理。
-
ngx_http_uwsgi_module:
將客戶端對Python的請求以uwsgi協議轉發至指定服務器處理。
1.2 NGINX實現HTTP反向代理
使用nginx做代理服務器不需要開啟ip_forword轉發,后端服務器接收到的請求報文ip為代理服務器Ip。
此場景的環境如下:
- 客戶端:192.16820.17
- NGINX代理服務器:192.168.20.20
- WEB服務器:使用apache充當,192.168.20.21
1.2.1 HTTP反向代理基本功能
1.2.1.1 反向代理配置參數
以下指令來自於ngx_http_proxy_module模塊。
-
proxy_pass URL;
支持環境:location, if in location, limit_except
用來設置將客戶端請求轉發給的后端服務器的主機,可以是主機名、IP地址:端口的方式,也可以代理到預先設置的主機群組,需要模塊ngx_http_upstream_module支持。
注意:使用proxy_pass指令時,反代的地址最后有沒有/的意義是不同的,請看下面的示例:
#http://192.168.20.21:8080最后沒有/表示:客戶端端最終訪問的是后端服務器的http://192.168.20.21:8080/test/index.html頁面 location /test { proxy_pass http://192.168.20.21:8080; } #http://192.168.20.21:80最后有/表示:客戶端端最終訪問的是后端服務器的http://192.168.20.21:80/index.html頁面 location /test { proxy_pass http://192.168.20.21:80/; } -
proxy_set_header field value;
支持環境:http, server, location
可以更改或添加客戶端的請求頭部信息內容並轉發至后端服務器,比如在后端服務器想要獲取客戶端的真實IP的時候,就要更改每一個報文的頭部。即添加HOST到報文頭部,如果客戶端為NAT上網那么其值為客戶端的公網IP地址。
#用於向后端服務器傳遞客戶端請求的HOST值,即服務器域名 proxy_set_header Host $http_host; #將$remote_addr的值放入變量X-Real-IP中傳遞給后端服務器。 proxy_set_header X-Real-IP $remote_addr; #添加HOST到報文頭部,用於在后端服務器日志中記錄客戶端真實IP地址 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -
proxy_hide_header field;
支持環境:http, server, location
用於nginx作為反向代理的時候,在返回給客戶端http響應的時候,隱藏后端服務器特定的響應首部。
-
proxy_pass_hrader field;
默認nginx在給客戶的的響應報文中不傳遞后端服務器的首部字段Date, Server, XPad,X-Accel等,如果需要向客戶端傳遞,使用proxy_pass_header 指令指定需要傳遞的字段。
-
proxy_pass_request_body
是否向后端服務器發送HTTP包體部分,可以設置在http / server或location塊,默認即為開啟。
-
proxy_pass_request_headers
是否將客戶端的請求頭部轉發給后端服務器,可以設置在http / server或location塊,默認即為開啟。
-
proxy_connect_timeout
支持環境:http, server, location
配置nginx服務器與后端服務器嘗試建立連接的超時時間,默認為60秒。超時會給客戶端返回502錯誤。
-
proxy_send_timeout
支持環境:http, server, location
將請求發送給后端服務器的超時時長,即向后端服務器發送write請求的超時時間;默認為60s。
-
proxy_read_timeout
支持環境:http, server, location
等待后端服務器發送響應報文的超時時長,即向后端服務器發起read請求的超時時間,默認為60s。
-
proxy_http_version 1.0|1.1
用於設置nginx提供代理服務向后端服務器請求時使用的HTTP協議的版本,若需要使用長連接,建議修改為1.1版本。
-
proxy_ignore_client_abort
當客戶端網絡中斷請求時,nginx服務器中斷其對后端服務器的請求。即如果此項設置為on開啟,則服務器會忽略客戶端中斷並一直等着代理服務執行返回,如果設置為off,則客戶端中斷后Nginx也會中斷客戶端請求並立即記錄499日志,默認為off。
-
proxy_headers_hash_bucket_size
當配置了 proxy_hide_header和proxy_set_header的時候,用於設置nginx保存HTTP報文頭的hash表的上限。
-
proxy_headers_hash_max_size
設置proxy_headers_hash_bucket_size的最大可用空間,設置服務器名稱的hash表上限大小。
1.2.1.2 apache部署
#1.安裝apache軟件:
[root@apache01 ~]# yum install httpd -y
[root@apache01 ~]# rpm -q httpd
httpd-2.4.6-93.el7.centos.x86_64
#2.apache新增配置文件:
[root@apache01 ~]# cat /etc/httpd/conf.d/vhost.conf
<VirtualHost 192.168.20.21:80>
ServerName apache.xuzhichao.com
DocumentRoot "/data/apache/xuzhichao"
CustomLog "logs/apache.xuzhichao.log" combined
<Directory "/data/apache/xuzhichao">
options none
allowoverride none
Require all granted
</Directory>
</VirtualHost>
#3.啟動httpd服務
[root@apache01 ~]# systemctl start httpd.service
[root@apache01 ~]# systemctl enable httpd.service
#4.新建相關工作目錄
[root@apache01 ~]# mkdir /data/apache/xuzhichao -p
[root@apache01 ~]# chown apache:apache -R /data/apache/
[root@apache01 ~]# echo "<h1>apache.xuzhichao.com</h1>" > /data/apache/xuzhichao/index.html
[root@apache01 ~]# mkdir /data/apache/xuzhichao/www
[root@apache01 ~]# echo "<h1>apache.xuzhichao.com</h1>\n <h2>www dir</h2>" > /data/apache/xuzhichao/www/index.html
#5.客戶端訪問測試
[root@nginx01 ~]# curl http://192.168.20.21/
<h1>apache.xuzhichao.com</h1>
[root@nginx01 ~]# curl http://192.168.20.21/www/
<h1>apache.xuzhichao.com</h1>\n <h2>www dir</h2>
1.2.1.3 nginx反向代理配置
#示例一:
#1.nginx的配置文件如下:
[root@nginx01 ~]# cat /etc/nginx/conf.d/proxy_pass.conf
server {
listen 80;
server_name proxy.xuzhichao.com;
access_log /var/log/nginx/access.proxy.xuzhichao.log;
location / {
root /data/nginx/html/proxy_xuzhichao;
index index.html index.php;
}
location /www {
proxy_pass http://192.168.20.21:80; <==沒有以/結尾
#proxy_pass http://192.168.20.21:80/;
}
}
#2.新建nginx工作目錄
[root@nginx01 ~]# mkdir /data/nginx/html/proxy_xuzhichao
[root@nginx01 ~]# echo "proxy.xuzhichao.com" > /data/nginx/html/proxy_xuzhichao/index.html
#3.重啟nginx服務
[root@nginx01 ~]# systemctl reload nginx.service
#4.客戶端測試
[root@xuzhichao ~]# curl http://proxy.xuzhichao.com
proxy.xuzhichao.com
[root@xuzhichao ~]# curl http://proxy.xuzhichao.com/www/
<h1>apache.xuzhichao.com</h1>\n <h2>www dir</h2>
#示例二:
#若把nginx的配置文件變為:
[root@nginx01 ~]# cat /etc/nginx/conf.d/proxy_pass.conf
server {
listen 80;
server_name proxy.xuzhichao.com;
access_log /var/log/nginx/access.proxy.xuzhichao.log;
location / {
root /data/nginx/html/proxy_xuzhichao;
index index.html index.php;
}
location /www {
#proxy_pass http://192.168.20.21:80;
proxy_pass http://192.168.20.21:80/; <==以/結尾
}
}
#2.重啟nginx服務
[root@nginx01 ~]# systemctl reload nginx.service
#3.客戶端測試
[root@xuzhichao ~]# curl http://proxy.xuzhichao.com
proxy.xuzhichao.com
[root@xuzhichao ~]# curl http://proxy.xuzhichao.com/www/
<h1>apache.xuzhichao.com</h1>
#查看apache服務器上的訪問日志:
#可以看到記錄的客戶端的IP地址都是nginx服務器的地址,不是真實的客戶端地址
[root@apache01 ~]# tail /var/log/httpd/apache.xuzhichao.log
192.168.20.20 - - [24/Jun/2021:00:05:19 +0800] "GET / HTTP/1.1" 200 30 "-" "curl/7.29.0"
192.168.20.20 - - [24/Jun/2021:16:02:58 +0800] "GET / HTTP/1.1" 200 30 "-" "curl/7.29.0"
192.168.20.20 - - [24/Jun/2021:16:05:02 +0800] "GET /www/ HTTP/1.1" 200 49 "-" "curl/7.29.0"
192.168.20.20 - - [24/Jun/2021:16:18:19 +0800] "GET /www/ HTTP/1.0" 200 49 "-" "curl/7.29.0"
192.168.20.20 - - [24/Jun/2021:16:19:58 +0800] "GET // HTTP/1.0" 200 30 "-" "curl/7.29.0"
1.2.1.4 后端服務器顯示客戶端真實IP
在上一節中apache服務器的訪問日志無法記錄客戶端真實IP,在日志分析時存在問題,可以使用如下方式讓后端服務器記錄客戶端真實IP。
方法一:使用$remote_addr變量方式:
#1.nginx的配置文件如下:
[root@nginx01 ~]# cat /etc/nginx/conf.d/proxy_pass.conf
server {
listen 80;
server_name proxy.xuzhichao.com;
access_log /var/log/nginx/access.proxy.xuzhichao.log;
location / {
root /data/nginx/html/proxy_xuzhichao;
index index.html index.php;
}
location /www {
#proxy_pass http://192.168.20.21:80;
proxy_pass http://192.168.20.21:80/;
proxy_http_version 1.1;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_set_header X-Real-IP $remote_addr;
}
}
#2.重啟nginx服務:
[root@nginx01 ~]# systemctl reload nginx.service
#3.apache服務器修改訪問日志格式:
[root@apache01 ~]# cat /etc/httpd/conf.d/vhost.conf
<VirtualHost 192.168.20.21:80>
ServerName apache.xuzhichao.com
DocumentRoot "/data/apache/xuzhichao"
LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined1
#CustomLog "logs/apache.xuzhichao.log" combined
CustomLog "logs/apache.xuzhichao.log" combined1
<Directory "/data/apache/xuzhichao">
options none
allowoverride none
Require all granted
</Directory>
</VirtualHost>
#4.重啟httpd服務:
[root@apache01 ~]# systemctl reload httpd.service
#5.客戶端訪問,在apache上查看日志,可以看到客戶端訪問的真實IP
[root@xuzhichao ~]# curl http://proxy.xuzhichao.com/www/
<h1>apache.xuzhichao.com</h1>
[root@apache01 ~]# tail -f /var/log/httpd/apache.xuzhichao.log
192.168.20.17 - - [24/Jun/2021:22:20:23 +0800] "GET // HTTP/1.1" 200 30 "-" "curl/7.29.0"
方法二:也可以使用$proxy_add_x_forwarded_for變量的方式:
#1.nginx的配置文件如下:
[root@nginx01 ~]# cat /etc/nginx/conf.d/proxy_pass.conf
server {
listen 80;
server_name proxy.xuzhichao.com;
access_log /var/log/nginx/access.proxy.xuzhichao.log;
location / {
root /data/nginx/html/proxy_xuzhichao;
index index.html index.php;
}
location /www {
#proxy_pass http://192.168.20.21:80;
proxy_pass http://192.168.20.21:80/;
proxy_http_version 1.1;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#2.重啟nginx服務:
[root@nginx01 ~]# systemctl reload nginx.service
#3.apache服務器修改訪問日志格式:
[root@apache01 ~]# cat /etc/httpd/conf.d/vhost.conf
<VirtualHost 192.168.20.21:80>
ServerName apache.xuzhichao.com
DocumentRoot "/data/apache/xuzhichao"
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined1
#CustomLog "logs/apache.xuzhichao.log" combined
CustomLog "logs/apache.xuzhichao.log" combined1
<Directory "/data/apache/xuzhichao">
options none
allowoverride none
Require all granted
</Directory>
</VirtualHost>
#4.重啟httpd服務:
[root@apache01 ~]# systemctl reload httpd.service
#5.客戶端訪問,在apache上查看日志,可以看到客戶端訪問的真實IP
[root@xuzhichao ~]# curl http://proxy.xuzhichao.com/www/
<h1>apache.xuzhichao.com</h1>
[root@apache01 ~]# tail -f /var/log/httpd/apache.xuzhichao.log
192.168.20.17 - - [24/Jun/2021:22:31:17 +0800] "GET // HTTP/1.1" 200 30 "-" "curl/7.29.0"
1.2.1.5 nginx反代實現虛擬主機
在代理服務器上配置策略,將不同的請求發送到不同的虛擬主機上,默認情況代理服務器轉發用戶請求時,只會保留下目標IP地址,后端服務器就會認為訪問的是IP地址,返回默認地址;
需要在代理服務器上增加新的頭部信息讓后端服務器識別FQDN,使用系統內建變量$host,可以在每個虛擬機中設置,也可以在http語句塊中統一設置。
場景:在后端apache服務器上設置兩個虛擬主機apache.xuzhichao.com和apache.xuzhichao.net,為客戶端提供不同的服務。
#1.nginx的配置文件如下:
[root@nginx01 ~]# cat /etc/nginx/conf.d/proxy_pass.conf
server {
listen 80;
server_name apache.xuzhichao.com;
access_log /var/log/nginx/access.proxy.xuzhichao.log;
location /www {
proxy_pass http://192.168.20.21:80/;
proxy_http_version 1.1;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host; <==把客戶端請求的$host賦值給host變量傳遞給后端虛擬主機
}
}
server {
listen 80;
server_name apache.xuzhichao.net;
access_log /var/log/nginx/access.proxy.xuzhichao.log;
location /www {
proxy_pass http://192.168.20.21:80/;
proxy_http_version 1.1;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host; <==把客戶端請求的$host賦值給host變量傳遞給后端虛擬主機
}
}
#2.重啟ngxin服務:
[root@nginx01 ~]# systemctl reload nginx.service
#3.httpd的配置文件如下:
[root@apache01 ~]# vim /etc/httpd/conf.d/vhost.conf
<VirtualHost 192.168.20.21:80>
ServerName apache.xuzhichao.com
DocumentRoot "/data/apache/xuzhichao"
#LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined1
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined1
#CustomLog "logs/apache.xuzhichao.log" combined
CustomLog "logs/apache.xuzhichao.log" combined1
<Directory "/data/apache/xuzhichao">
options none
allowoverride none
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.20.21:80>
ServerName apache.xuzhichao.net
DocumentRoot "/data/apache/xuzhichao.net"
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined1
CustomLog "logs/apache.xuzhichao.net.log" combined1
<Directory "/data/apache/xuzhichao.net">
options none
allowoverride none
Require all granted
</Directory>
</VirtualHost>
#4.apache服務器上新建虛擬主機的工作目錄
[root@apache01 ~]# mkdir /data/apache/xuzhichao.net
[root@apache01 ~]# echo "<h1>apache.xuzhichao.net</h1>" > /data/apache/xuzhichao.net/index.html
#5.重啟apache服務
[root@apache01 ~]# systemctl reload httpd.service
#6.客戶端配置/etc/hosts文件,訪問測試:
root@xuzhichao ~]# cat /etc/hosts
192.168.20.20 www.nginx01.com www.nginx02.com www.xuzhichao.com www.xuzhichao.net www.xuzhichao.com.cn www.xuzhichao.com.us proxy.xuzhichao.com apache.xuzhichao.com apache.xuzhichao.net
[root@xuzhichao ~]# curl http://apache.xuzhichao.net/www/
<h1>apache.xuzhichao.net</h1>
[root@xuzhichao ~]# curl http://apache.xuzhichao.com/www/
<h1>apache.xuzhichao.com</h1>
1.2.1.6 nginx反代實現隱藏后端服務器響應頭部
nginx作為反向代理的時候,在返回給客戶端http響應的時候,隱藏后端服務器特定的響應首部,使用proxy_hide_header field指令實現。
場景:隱藏后端服務器的ETag字段。
#依然使用上面的環境,沒有變化的不再單獨說明。
#1.nginx的配置文件如下:
[root@nginx01 ~]# cat /etc/nginx/conf.d/proxy_pass.conf
server {
listen 80;
server_name apache.xuzhichao.com;
access_log /var/log/nginx/access.proxy.xuzhichao.log;
location /www {
proxy_pass http://192.168.20.21:80/;
proxy_http_version 1.1;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
proxy_hide_header ETag; <==隱藏后端服務器響應報文頭部的ETag字段信息。
}
}
server {
listen 80;
server_name apache.xuzhichao.net;
access_log /var/log/nginx/access.proxy.xuzhichao.log;
location /www {
proxy_pass http://192.168.20.21:80/;
proxy_http_version 1.1;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header host $host;
}
}
#2.重啟ngxin服務:
[root@nginx01 ~]# systemctl reload nginx.service
#3.客戶端訪問測試:
[root@xuzhichao ~]# curl -i http://apache.xuzhichao.net/www/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Jun 2021 15:07:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 30
Connection: keep-alive
Last-Modified: Thu, 24 Jun 2021 14:40:16 GMT
ETag: "1e-5c584006604d3" <==訪問這個虛擬主機有ETag信息
Accept-Ranges: bytes
<h1>apache.xuzhichao.net</h1>
#訪問這個虛擬主機客戶端沒有收到ETag字段信息
[root@xuzhichao ~]# curl -i http://apache.xuzhichao.com/www/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Jun 2021 15:08:01 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 30
Connection: keep-alive
Last-Modified: Wed, 23 Jun 2021 16:04:28 GMT
Accept-Ranges: bytes
<h1>apache.xuzhichao.com</h1>
1.2.2 NGINX反向代理的緩存功能
1.2.2.1 緩存功能配置參數
以下指令來自於ngx_http_proxy_module模塊。
-
proxy_cache_path
支持環境:http
定義可用於proxy功能的緩存;nginx接受到被代理服務器的數據后,通過proxybuffer機制將數據傳遞給客戶端,通過proxycache將數據緩存到本地硬盤。
而open_file_cache則為nginx作為web服務器時對本地文件元數據的緩存。
配置語法:
proxy_cache_path path [levels=levels] [use_temp_path=on|off] keys_zone=name:size [inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];參數說明:
- path:定義緩存文件在磁盤的保存路徑,該文件會自動創建;
- [levels=levels]:levels=1:2:2,定義緩存目錄結構層次。緩存數據經過哈希運算,取多少級作為目錄名,1:2:2可以生成2^4*2^8*2^8=1048576個目錄;
- keys_zone=name:size:表示被調用時所使用的名字,同時設定緩存占用的內存大小 (將用戶請求的URI做哈希運算作為key放在內存中,對應的請求數據作為value放在磁盤中);
- inactive=10m: 指定緩存有效時間,若超出該時間的緩存文件會被刪除;
- max_size=1g:最大磁盤占用空間,磁盤存入文件內容的緩存空間最大值;
-
proxy_cache zonename | off
支持環境:http, server, location
指明調用的緩存名稱,或關閉緩存機制,默認關閉緩存。
-
proxy_cache_key
支持環境:http, server, location
設置nginx服務器在內存中為緩存數據建立索引時使用的關鍵字,即key包含的信息。
默認值:proxy_cache_key $scheme$proxy_host$request_uri;
-
proxy_cache_valid
支持環境:http, server, location
配置格式:proxy_cache_valid [code …] time;
定義對特定響應碼的響應內容的緩存時長。
例如,為代碼200和302的響應設置10分鍾的緩存,為代碼404的響應設置1分鍾的緩存:
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
-
proxy_cache_use_stale
支持環境:http, server, location
配置格式
proxy_cache_use_stale error | timeout | invalid_header | updating | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | off ...
默認值
proxy_cache_use_stale off;
在被代理的后端服務器出現哪種情況下,可直接使用過期的緩存響應客戶端。
-
proxy_cache_methods
支持環境:http, server, location
配置語法
proxy_cache_methods GET | HEAD | POST ...;
默認值
proxy_cache_methods GET HEAD;
對哪些客戶端請求方法對應的響應進行緩存,GET和HEAD方法總是被緩存。
1.2.2.2 緩存場景示例
首先在沒有配置緩存的情況下做nginx做壓測,測試其性能。配置文件使用前一節的配置文件。
#1.客戶端安裝壓測工具ab
[root@xuzhichao ~]# yum install http-tools -y
#2.對服務器進行壓力測試
#一般進行壓測時需要測試多次,然后去掉其中的最大和最小值,取平均值作為壓測值。
#對服務器共發送100000次請求,每次並發1000個。
[root@xuzhichao ~]# ab -n 100000 -c 1000 http://proxy.xuzhichao.com/www/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking proxy.xuzhichao.com (be patient)
Completed 10000 requests
Completed 20000 requests
Completed 30000 requests
Completed 40000 requests
Completed 50000 requests
Completed 60000 requests
Completed 70000 requests
Completed 80000 requests
Completed 90000 requests
Completed 100000 requests
Finished 100000 requests
Server Software: nginx
Server Hostname: proxy.xuzhichao.com
Server Port: 80
Document Path: /www/
Document Length: 30 bytes
Concurrency Level: 1000
Time taken for tests: 69.420 seconds
Complete requests: 100000
Failed requests: 5277
(Connect: 0, Receive: 0, Length: 5277, Exceptions: 0)
Write errors: 0
Non-2xx responses: 5277
Total transferred: 27664987 bytes
HTML transferred: 3736020 bytes
Requests per second: 1440.50 [#/sec] (mean) <==每秒完成的請求數,以此值作為參照進行對比;
Time per request: 694.201 [ms] (mean)
Time per request: 0.694 [ms] (mean, across all concurrent requests)
Transfer rate: 389.18 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 5 61.3 0 1006
Processing: 0 481 2942.1 65 54449
Waiting: 0 480 2942.1 65 54449
Total: 0 485 2948.5 66 54497
Percentage of the requests served within a certain time (ms)
50% 66
66% 71
75% 81
80% 257
90% 1063
95% 1270
98% 3215
99% 7020
100% 54497 (longest request)
#測試5次,5次的結果如下:
#第一次:
Requests per second: 1440.50 [#/sec] (mean)
#第二次:
Requests per second: 1306.69 [#/sec] (mean)
#第三次:
Requests per second: 1558.03 [#/sec] (mean)
#第四次:
Requests per second: 1258.68 [#/sec] (mean)
#第五次:
Requests per second: 1415.28 [#/sec] (mean)
#去掉最大值和最小值,平均值為:
1387.49
在nginx配置緩存的情況下再進行壓測比對。
#1.nginx的配置文件如下:
#在nginx主配置文件中增加代理緩存配置:
root@nginx01 ~]# vim /etc/nginx/nginx.conf
http {
......
proxy_cache_path /data/nginx/proxy_cache levels=1:1:1 keys_zone=proxycache:256m inactive=10m max_size=1g;
}
#在nginx子配置文件中增加代理緩存配置:
server {
listen 80;
server_name proxy.xuzhichao.com;
access_log /var/log/nginx/access.proxy.xuzhichao.log;
location / {
root /data/nginx/html/proxy_xuzhichao;
index index.html index.php;
}
location /www {
#proxy_pass http://192.168.20.21:80;
proxy_pass http://192.168.20.21:80/;
proxy_http_version 1.1;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 1h;
proxy_cache_valid any 5m;
}
}
#2.重啟nginx服務:
[root@nginx01 ~]# systemctl reload nginx.service
#3.客戶端進行壓測:
[root@xuzhichao ~]# ab -n 100000 -c 1000 http://proxy.xuzhichao.com/www/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking proxy.xuzhichao.com (be patient)
Completed 10000 requests
Completed 20000 requests
Completed 30000 requests
Completed 40000 requests
Completed 50000 requests
Completed 60000 requests
Completed 70000 requests
Completed 80000 requests
Completed 90000 requests
Completed 100000 requests
Finished 100000 requests
Server Software: nginx
Server Hostname: proxy.xuzhichao.com
Server Port: 80
Document Path: /www/
Document Length: 30 bytes
Concurrency Level: 1000
Time taken for tests: 20.026 seconds
Complete requests: 100000
Failed requests: 0
Write errors: 0
Total transferred: 27400000 bytes
HTML transferred: 3000000 bytes
Requests per second: 4993.53 [#/sec] (mean)
Time per request: 200.259 [ms] (mean)
Time per request: 0.200 [ms] (mean, across all concurrent requests)
Transfer rate: 1336.16 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 1 115 223.6 74 3101
Processing: 16 84 27.8 88 300
Waiting: 6 66 24.7 67 291
Total: 30 199 228.5 167 3192
Percentage of the requests served within a certain time (ms)
50% 167
66% 184
75% 190
80% 194
90% 222
95% 328
98% 1152
99% 1171
100% 3192 (longest request)
#測試5次,5次的結果如下:
#第一次:
Requests per second: 4993.53 [#/sec] (mean)
#第二次:
Requests per second: 5021.55 [#/sec] (mean)
#第三次:
Requests per second: 4985.95 [#/sec] (mean)
#第四次:
Requests per second: 4660.08 [#/sec] (mean)
#第五次:
Requests per second: 4688.35 [#/sec] (mean)
#去掉最大值和最小值,平均值為:
4889.19
比沒有啟用緩存提升了71.62% [(4889.19-1387.49)%4889.19*100] 的性能。
查看nginx緩存的內容如下:
#查看緩存生成的目錄:
[root@nginx01 ~]# ll /data/nginx/proxy_cache/
total 0
drwx------ 3 nginx nginx 15 Jun 25 22:09 5
[root@nginx01 ~]# ll /data/nginx/proxy_cache/ -d
drwx------ 3 nginx root 15 Jun 25 22:09 /data/nginx/proxy_cache/
[root@nginx01 ~]# tree /data/nginx/proxy_cache/
/data/nginx/proxy_cache/
└── 5
└── c
└── 9
└── 8b9f15be8cfeee67883bac9aa91899c5
3 directories, 1 file
#查看緩存的頁面內容:
[root@nginx01 ~]# head -n 100 /data/nginx/proxy_cache/5/c/9/8b9f15be8cfeee67883bac9aa91899c5
°[Ҡ 䔠P{J蟻`"1e-5c5710faa6ed2"
KEY: /www/ <==可以看到key是我們定義的$request_uri;
HTTP/1.1 200 OK
Date: Fri, 25 Jun 2021 14:09:36 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Wed, 23 Jun 2021 16:04:28 GMT
ETag: "1e-5c5710faa6ed2"
Accept-Ranges: bytes
Content-Length: 30
Connection: close
Content-Type: text/html; charset=UTF-8
<h1>apache.xuzhichao.com</h1>
1.2.3 NGINX反向代理——添加頭部報文信息
nginx作為反向代理服務器時可以給客戶端的響應報文添加自定義的首部,或修改指定首部的值。
該功能由ngx_http_headers_module模塊提供,使用的指令如下:
-
add_header name value [always];
支持環境:http, server, location, if in location
添加一個指定的字段到響應頭部中,當響應碼為200, 201 (1.3.10), 204, 206, 301, 302, 303, 304, 307 (1.1.16, 1.0.13), or 308 (1.13.0),此添加頭部為自定義項,字段名和值都由自己自定,值可以為變量;如果指定參數always,則不管響應碼如何,都添加指定字段。
例如:
#為客戶端的響應報文添加如下字段。 add_header X-via $server_addr; (nginx服務器地址) add_header X-Cache $upstream_cache_status; ( nginx內部變量,用來顯示緩存命中狀態) add_header X-Accel $server_name;(請求的server_name)
使用示例如下:
#1.nginx的配置文件如下:
[root@nginx01 ~]# cat /etc/nginx/conf.d/proxy_pass.conf
server {
listen 80;
server_name proxy.xuzhichao.com;
access_log /var/log/nginx/access.proxy.xuzhichao.log;
location /www {
#proxy_pass http://192.168.20.21:80;
proxy_pass http://192.168.20.21:80/;
proxy_http_version 1.1;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 1h;
proxy_cache_valid any 5m;
add_header X-via $server_addr;
add_header X-cache $upstream_cache_status;
add_header X-Accel $server_name;
}
}
#2.重啟nginx服務:
[root@nginx01 ~]# systemctl reload nginx.service
#3.客戶端訪問測試:
[root@xuzhichao ~]# curl -i http://proxy.xuzhichao.com/www/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Jun 2021 09:13:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 30
Connection: keep-alive
Last-Modified: Wed, 23 Jun 2021 16:04:28 GMT
ETag: "1e-5c5710faa6ed2"
X-via: 192.168.20.20 <==增加的頭部信息
X-cache: MISS <== 第一次訪問未命中緩存
X-Accel: proxy.xuzhichao.com <==增加的頭部信息
Accept-Ranges: bytes
<h1>apache.xuzhichao.com</h1>
[root@xuzhichao ~]# curl -i http://proxy.xuzhichao.com/www/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Jun 2021 09:13:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 30
Connection: keep-alive
Last-Modified: Wed, 23 Jun 2021 16:04:28 GMT
ETag: "1e-5c5710faa6ed2"
X-via: 192.168.20.20
X-cache: HIT <== 第二次訪問命中緩存
X-Accel: proxy.xuzhichao.com
Accept-Ranges: bytes
<h1>apache.xuzhichao.com</h1>