Nginx反向代理
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Nginx反向代理相关的知识,希望对你有一定的参考价值。
作者:Georgekai 归档:学习笔记 2018/2/7
|
nginx反向代理
1.1 集群介绍
集群概念:一群干相同事情的服务器,称为集群
1.1.1 集群作用
01. 处理高性能(Performance)
02. 价格有效性(Cost-effectiveness)
03. 可伸缩性(Scalability)
04. 高可用性(Availability)
集群概念的特点说明:高可用 高性能
1.1.2 负载均衡的作用
1. 实现用户访问数据的调度
2. 实现压力分担
1.1.3 负载均衡实现方法
1. 硬件实现负载均衡
1)F5
2)Netscaler
3)Radware
4)A10
2. 软件实现负载均衡
1)Nginx+Hearttbeat(高可用)
支持7层(http https )1.9以后也支持4层
2)LVS+keepalived(高可用)
只支持4层(端口)
3)haproxy
3. 方向代理概念说明
反向代理和数据转发的区别:
反向代理:把客户端请求发给给服务端
正向代理:把服务端的请求发给客户端
数据转发:接收到数据后不作处理直接转发
1.2 部署nginx反向代理负载均衡服务
1.2.1 部署nginx网站集群服务器
第一部分:准备环境:部署nginx网站集群服务器(web01 web02 web03)
server {
listen 80;
server_name bbs.etiantian.org;
root html/bbs;
index index.html index.htm;
}
server {
listen 80;
server_name www.etiantian.org;
root html/www;
index index.html index.htm;
}
说明:将以上虚拟主机配置统一放置到web01 web02 web03服务器中
==========================================================================================
# 在站点目录下创建测试文件
for name in www bbs;do echo "$(hostname -i) $(hostname) $name" >>/application/nginx/html/$name/george.html;done
for name in www bbs;do cat /application/nginx/html/$name/george.html;done
==========================================================================================
1.2.2 部署nginx反向代理服务器
1. 在db01服务器上——测试所有web服务节点是否能够正常访问(在命令行解析,不用添加到hosts文件)
[[email protected] ~]# for name in www bbs;do curl -H host:${name}.etiantian.org 172.16.1.7/george.html;done
172.16.1.7 web01 www
172.16.1.7 web01 bbs
[[email protected] ~]# for name in www bbs;do curl -H host:${name}.etiantian.org 172.16.1.8/george.html;done
172.16.1.8 web02 www
172.16.1.8 web02 bbs
[[email protected] ~]# for name in www bbs;do curl -H host:${name}.etiantian.org 172.16.1.9/george.html;done
172.16.1.9 web03 www
172.16.1.9 web03 bbs
PS:curl -H host:www.etiantian.org 172.16.1.7/george.html 在命令行解析,不用添加到hosts文件
2. 配置nginx主配置文件编写
① upstream
② proxy_pass
类似于ansible:
ansible: hosts nginx
[georgekai] upstream georgekai {
172.16.1.31 server 172.16.1.31:80;
172.16.1.32 server 172.16.1.32:80;
172.16.1.33 server 172.16.1.33:80;
}
ansible georgekai proxy_pass http://georgekai
===============================================================================================
[[email protected] ~]# cat /application/nginx/conf/nginx.conf
worker_processes 1;
error_log /tmp/error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
keepalive_timeout 65;
upstream georgekai{
server 172.16.1.7:80;
server 172.16.1.8:80;
server 172.16.1.9:80;
}
server {
listen 80;
server_name bbs.etiantian.org;
root html/bbs;
index index.html index.htm;
location / {
proxy_pass http://georgekai;
}
}
}
3. 进行负载均衡测试
[[email protected] ~]# curl -H host:bbs.etiantian.org 10.0.0.5/george.htmlf
172.16.1.7 web01 bbs
[[email protected] ~]# curl -H host:bbs.etiantian.org 10.0.0.5/george.html
172.16.1.8 web02 bbs
[[email protected] ~]# curl -H host:bbs.etiantian.org 10.0.0.5/george.html
172.16.1.9 web03 bbs
1.2.3 负载均衡模块常用功能
weight #实现权重负载访问功能(能者多劳)
max_fails #定义后端访问的失败次数
fail_timeout #定义后端失败重试的间隔(单位是秒)
backup #定义后端服务的热备节点(其他负载节点服务器都挂了,使用备份)
配置:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/blog.conf;
upstream oldboy {
server 10.0.0.7:80 weight=3 max_fails=3 fail_timeout=10s;
server 10.0.0.8:80 weight=1;
server 10.0.0.9:80 weight=1 backup;
}
server {
listen 80;
server_name bbs.etiantian.org;
root html/bbs;
index index.html index.htm;
location / {
proxy_pass http://oldboy;
}
}
}
1.2.4 模块调度算法:
1. 定义轮询调度算法-rr(默认调度算法)
2. 定义权重调度算法-wrr
3. 定义静态调度算法-ip_hash(访问多的话,会负载不均)
PS:根据用户源地址算出一个范围,那么下次这个用户再次访问,会根据这个范围还分配给那个对应的固定web 服务器
配置方法:
upstream george {
ip_hash ——
server 172.16.1.7:80 weight=3 max_fails=3 fail_timeout=10s;
server 172.16.1.8:80 weight=1;
server 172.16.1.9:80 weight=1 backup;
}
4. 定义最小的连接数-least_conn
哪个服务器连接数少,分配给它(谁闲着给谁)
5. fair(动态调度算法)
会根据后端服务端的实际情况来分配,灵活分配
1.2.5 实现反向代理服务器根据用户请求的虚拟主机信息 而显示页面内容(可查看请求报文)
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/blog.conf;
upstream george {
#ip_hash;
server 10.0.0.7:80 weight=3 max_fails=3 fail_timeout=10s;
server 10.0.0.8:80 weight=1;
server 10.0.0.9:80 weight=1;
}
server {
listen 80;
server_name bbs.etiantian.org;
root html/bbs;
index index.html index.htm;
location / {
proxy_pass http://oldboy;
proxy_set_header Host $host; --- 修改请求头里面host参数信息(curl -v可以查看请求头信息)
#不加这一条,默认只会访问第一个虚拟主机的站点信息
}
}
server {
listen 80;
server_name www.etiantian.org;
root html/www;
index index.html index.htm;
location / {
proxy_pass http://oldboy;
proxy_set_header Host $host;
}
}
}
1.2.6 实现用户经过反向代理访问后端web服务显示真实用户IP地址信息
就是在web服务部上用fail -f /application/nginx/logs/access.log ,会在后面显示出用户的真是IP地址
1. web服务器配置
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
2. 反向代理服务器配置
[[email protected] ~]# cat /application/nginx/conf/nginx.conf
worker_processes 1;
error_log /tmp/error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
keepalive_timeout 65;
upstream oldboy{
server 10.0.0.7:80;
server 10.0.0.8:80;
server 10.0.0.9:80;
}
server {
listen 80;
server_name bbs.etiantian.org;
location / {
proxy_pass http://oldboy;;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; S ——$remote_addr就是客户访客的IP
}
}
server {
listen 80;
server_name www.etiantian.org;
location / {
proxy_pass http://georgekai;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; ——$remote_addr就是客户访客的IP
}
}
}
3. 测试
tail -f logs/access.log
172.16.1.6 - - [09/Feb/2018:00:13:49 +0800] "GET /george.html HTTP/1.0" 200 17 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36" "10.0.0.1"
1.2.7 nginx反向代理常见问题:
1. DNS域名解析,应该将域名解析为代理服务器地址
2. 区分nginx服务,lb01上部署的是nginx代理服务器,在web服务器上进行查看访问情况(日志信息)
3. 访问测试异常(浏览器软件造成测试效果不正确,建议用谷歌)
1.2.8 复制均衡反向代理根据请求地址分配 (/static)
需求信息
www.etiantian.org/static 10.0.0.7:80 html/www/static static静态服务器
www.etiantian.org/upload 10.0.0.8:80 html/www/upload upload服务器
www.etiantian.org/ 10.0.0.9:80 html/www 默认
部署web服务器测试环境:
1. 配置web01服务器环境:
cd /application/nginx
mkdir html/www/static
echo "10.0.0.7 web01 static" >>html/www/static/nana.html
cat html/www/static/nana.html
2. 配置web02服务器环境:
cd /application/nginx
mkdir html/www/upload
echo "10.0.0.8 web02 upload" >>html/www/upload/nana.html
cat html/www/upload/nana.html
3. 配置web03服务器环境:
cd /application/nginx
echo "10.0.0.9 web03 default" >>html/www/nana.html
cat html/www/nana.html
4. 利用nginx反向代理服务器进行测试访问
curl -H host:www.etiantian.org 10.0.0.7/static/nana.html
curl -H host:www.etiantian.org 10.0.0.8/upload/nana.html
curl -H host:www.etiantian.org 10.0.0.9/nana.html
5. 编写nginx反向代理配置文件
第一个部分:upstream配置
upstream static {
server 10.0.0.7:80;
}
upstream upload {
server 10.0.0.8:80;
}
upstream default {
server 10.0.0.9:80;
}
第二个部分:proxy_pass配置
location ~* /static {
proxy_pass http://static;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location ~* /upload {
proxy_pass http://upload;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location / {
proxy_pass http://default;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
worker_processes 1;
error_log /tmp/error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
keepalive_timeout 65;
upstream static {
server 10.0.0.7:80;
}
upstream upload {
server 10.0.0.8:80;
}
upstream default {
server 10.0.0.9:80;
}
server {
listen 80;
server_name www.etiantian.org;
location /static/ {
proxy_pass http://static;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /upload/ {
proxy_pass http://upload;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location / {
proxy_pass http://default;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
3. 进行客户端访问测试
windows上测试:
http://www.etiantian.org/static/nana.html
http://www.etiantian.org/upload/nana.html
http://www.etiantian.org/nana.html
linux上测试:
[[email protected] nginx]# curl -H host:www.etiantian.org 10.0.0.7/static/nana.html
10.0.0.7 web01 static
[[email protected] nginx]# curl -H host:www.etiantian.org 10.0.0.8/upload/nana.html
10.0.0.8 web02 upload
[[email protected] nginx]# curl -H host:www.etiantian.org 10.0.0.9/nana.html
10.0.0.9 web03 default
1.2.9 根据客户端的设备(user_agent)转发实践
1. 部署web服务器测试环境
配置web01服务器环境:
cd /application/nginx
echo "10.0.0.7 web01 mobile" >>html/www/nana.html ---手机端访问
cat html/www/nana.html ——检查
配置web02服务器环境:
cd /application/nginx
echo "10.0.0.8 web02 chrom" >>html/www/nana.html --- 谷歌浏览器访问
cat html/www/upload/nana.html ——检查
配置web03服务器环境:
cd /application/nginx
echo "10.0.0.9 web03 default" >>html/www/nana.html --- 其他浏览器客户端访问
cat html/www/nana.html ——检查
2. 利用nginx反向代理服务器进行测试访问
curl -H host:www.etiantian.org 10.0.0.7/nana.html
curl -H host:www.etiantian.org 10.0.0.8/nana.html
curl -H host:www.etiantian.org 10.0.0.9/nana.html
3. 编写nginx反向代理配置文件
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
upstream mobile {
server 10.0.0.7:80 ;
}
upstream PC {
server 10.0.0.8:80 ;
}
upstream default {
server 10.0.0.9:80 ;
}
server {
listen 80;
server_name www.etiantian.org ;
location / {
if ($http_user_agent ~* "iphone")
{
proxy_pass http://mobile ;
}
if ($http_user_agent ~* "Chrome")
{
proxy_pass http://PC ;
}
proxy_pass http://default ;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
access_log logs/access_www.log
main;
}
}
4. 进行客户端访问测试
PS:-A:表示客户端设备类型
[[email protected] nginx]# curl -A iphone www.etiantian.org/nana.html
10.0.0.7 web01 mobile
[[email protected] nginx]# curl -A chrome www.etiantian.org/nana.html
10.0.0.8 web02 chrom
[[email protected] nginx]# curl -A oldboy www.etiantian.org/nana.html
10.0.0.9 web03 default
以上是关于Nginx反向代理的主要内容,如果未能解决你的问题,请参考以下文章