Linux nginx代理介绍
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux nginx代理介绍相关的知识,希望对你有一定的参考价值。
nginx作为web服务器一个重要的功能就是反向代理。nginx反向代理的指令不需要新增额外的模块,默认自带proxy_pass指令,只需要修改配置文件就可以实现反向代理。
proxy_pass
http://www.proxy.develop/admin/a/index.html
location /admin {
proxy_pass http://192.168.1.201:80/;
}
访问的是真实服务器 http://192.168.1.201:80/a/index.htmlhttp://www.proxy.develop/admin/a/index.html
location /admin {
proxy_pass http://192.168.1.201:80;
}
访问的是真实服务器 http://192.168.1.201:80/admin/a/index.htmlproxy_set_header
proxy_set_header ? 设置代理服务到真实服务器的header
没设置代理header前:
location / {
proxy_pass http://192.168.1.201:80;
proxy_set_header X-Real-IP $remote_addr; #如果仅仅是一级代理,这个就可以了,key可以随意修改
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #这种方式比较优雅,会自动修改多级代理中的客户端ip,这里的key是固定的
}
set_header
设置代理服务器到客户端的header, set_header,需要ngx_http_headers_module模块实现
location / {
proxy_pass http://192.168.1.201:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header X-Via $server_addr;
add_header X-Accel $server_name;
}
缓存
缓存一定要注意使用,动态数据有时候被缓存很蛮烦。
http{
proxy_cache_path /data/nginx/cache levels=1:1:2 keys_zone=one:10m inactive=10m max_size=2g; #设置缓存结构
}
server{
proxy_cache one;
proxy_cache_key $request_uri;
proxy_cache_methods GET HEAD;
proxy_cache_min_uses 2; #指定时间内访问2次以上的叫有效
proxy_cache_valid 200 302 304 10m; #这项必须要
proxy_cache_valid 404 1m;
proxy_cache_use_stale off; #后台挂了,不给予缓存
}
levels 缓存目录结构
keys_zone hash键名 键名空间大小 pcache:10mb
max_size 缓存目录大小 2G
inactive 不活跃时间 10分钟http://www.proxy.develop/
[[email protected] conf.d]# cat /data/nginx/cache/9/d/c7/6666cd76f96956469e7be39d750cc7d9
"5b0f9065-2f"?
KEY: /
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Thu, 31 May 2018 06:23:13 GMT
Content-Type: text/html
Content-Length: 47
Last-Modified: Thu, 31 May 2018 06:04:21 GMT
Connection: close
ETag: "5b0f9065-2f"
Accept-Ranges: bytes
<h1>node2 -------------------------------</h1>代理php-fpm
#这两个文件就差一个SCRIPT_FILENAME执行脚本路径,如果是本地的php-fpm就调用 fastcgi.conf 因为$document_root$fastcgi_script_name这是就是脚本所在路径,如果是远程调用就用fastcgi_params,SCRIPT_FILENAME需要自己定义
[[email protected] conf]# diff fastcgi_params fastcgi.conf
1a2
> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#分析下变量意义
[[email protected] conf]# cat fastcgi.conf
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; /mydata/code/php/yii-test.dev/web/a/index2.php
fastcgi_param QUERY_STRING $query_string; a=pp
fastcgi_param REQUEST_METHOD $request_method; 请求方法
fastcgi_param CONTENT_TYPE $content_type; 内容类型
fastcgi_param CONTENT_LENGTH $content_length; 长度
fastcgi_param SCRIPT_NAME $fastcgi_script_name; /a/index2.php
fastcgi_param REQUEST_URI $request_uri; /a/index2.php?a=pp
fastcgi_param DOCUMENT_URI $document_uri; /a/index2.php
fastcgi_param DOCUMENT_ROOT $document_root; /www/server/source/nginx1.14.0/html
fastcgi_param SERVER_PROTOCOL $server_protocol; HTTP/1.1
fastcgi_param REQUEST_SCHEME $scheme; http
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1; CGI/1.1
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; nginx/1.14.0
fastcgi_param REMOTE_ADDR $remote_addr; 客户端地址
fastcgi_param REMOTE_PORT $remote_port; 客户端端口
fastcgi_param SERVER_ADDR $server_addr; 服务器ip
fastcgi_param SERVER_PORT $server_port; 80
fastcgi_param SERVER_NAME $server_name; hostname www.proxy.develop
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
##################
http://www.proxy.develop/index2.php?a=pp
以上参数是php的 $_SERVER,入下图所示
tcp/ip通信模式
server {
listen 80;
server_name www.proxy.develop;
index index.php;
location / {
# try_files $uri $uri /index.php?$args;
if (!-e $request_filename) {
rewrite ^/(.*) /index.php?r=$1 last;
}
}
location ~* .php$ {
fastcgi_pass 192.168.1.201:9000; #php-fpm listen外部ip
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /mydata/code/php/yii-test.dev/web$fastcgi_script_name;
}
}测稳定性
marvindeMacBook-Pro:webbench-1.5 marvin$ webbench -c 1000 -t 30 http://www.proxy.develop/index2.php
Webbench - Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.
Benchmarking: GET http://www.proxy.develop/index2.php
1000 clients, running 30 sec.
Speed=12794 pages/min, 15557740 bytes/sec.
Requests: 6397 susceed, 0 failed.
[[email protected] conf]# cat /www/data/nginx/test/access.log |grep 200 | grep WebBench |wc -l
5906
[[email protected] conf]# cat /www/data/nginx/test/access.log |grep -v 200 | grep WebBench |wc -l
1491
200状态 5906条
非200状态 1491条unix通信模式
[[email protected] conf]# vim /www/server/php-fpm/etc/php-fpm.d/www.conf
listen = /dev/shm/php-cgi.sock
[[email protected] conf]# chmod 777 /dev/shm/php-cgi.sock #粗暴
nginx:
server {
listen 80;
server_name www.proxy.develop;
index index.php;
location / {
if (!-e $request_filename) {
rewrite ^/(.*) /index.php?r=$1 last;
}
}
location ~* .php$ {
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /mydata/code/php/yii-test.dev/web$fastcgi_script_name;
}
}测稳定性
marvindeMacBook-Pro:webbench-1.5 marvin$ webbench -c 1000 -t 30 http://www.proxy.develop/index2.php
Webbench - Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.
Benchmarking: GET http://www.proxy.develop/index2.php
1000 clients, running 30 sec.
Speed=121714 pages/min, 16476704 bytes/sec.
Requests: 60854 susceed, 3 failed.
[[email protected] conf]# cat /www/data/nginx/test/access.log |grep 200 | grep WebBench |wc -l
6033
[[email protected] conf]# cat /www/data/nginx/test/access.log |grep -v 200 | grep WebBench | wc -l
54914
200状态: 6033
非200状态:54914实验证明端口模式更加稳定。
缓存优化:跟proxy用法类似
fastcgi_cache_path path [levels=levels] [use_temp_path=on|off] keys_zone=name:size [inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];
定义fastcgi的缓存;缓存位置为磁盘上的文件系统,由path所指定路径来定义;
levels=levels:缓存目录的层级数量,以及每一级的目录数量;levels=ONE:TWO:THREE
leves=1:2:2
keys_zone=name:size
k/v映射的内存空间的名称及大小
inactive=time
非活动时长
max_size=size
磁盘上用于缓存数据的缓存空间上限
fastcgi_cache zone | off;
调用指定的缓存空间来缓存数据;http, server, location
fastcgi_cache_key string;
定义用作缓存项的key的字符串;
fastcgi_cache_methods GET | HEAD | POST ...;
为哪些请求方法使用缓存;
fastcgi_cache_min_uses number;
缓存空间中的缓存项在inactive定义的非活动时间内至少要被访问到此处所指定的次数方可被认作活动项;
fastcgi_cache_valid [code ...] time;
不同的响应码各自的缓存时长;
fastcgi_keep_conn on 代理到服务器长连接,比较好http-upstream
调度说明
http {
upstream webbackend {
ip_hash;
least_conn;
server 192.168.1.201:80; #
server 192.168.1.202:80; #
server 127.0.0.1:80 backup;
keepalive 32;
}
}
权重 weight=1
最大并发连接数 max_conns=numbs
健康状态监测 最多失败次数后不可用 max_fails=2 0:不做检测
健康状态监测 每隔多少时间监测一次 fail_timeout=5
监测到可以连接,会恢复
备用,所有服务都跪了的时候启动 backup
人为标注下线 down
数据包平滑向上发送 slow_start
ip_hash 不能跟backup一起使用
hash 加变量 consistent #consistent加上比较好是一致性hash取模 32位加虚拟节点取模算法
hash $remote_addr 就是ip_hash
hash $request_uri dh算法,实现缓存命中率
keepalive 32; 在并发下保持连接是很好的选择
least_conn ;权重不同时候防止 没有请求配置集群组
http {
upstream webbackend {
server 192.168.1.201:80; # weight=1
server 192.168.1.202:80; #
}
upstream phpbackend {
server 192.168.1.201:9000 weight=2 fail_timeout=2 max_fails=2;
server 192.168.1.202:9000 weight=1 fail_timeout=2 max_fails=2;
server 127.0.0.1:9000 backup;
}
}
server {
listen 80;
server_name www.proxy.develop;
index index.php;
location / {
proxy_pass http://webbackend;
}
location ~* .php$ {
fastcgi_pass phpbackend;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /www/data/nginx/$fastcgi_script_name;
}
}
marvindeMacBook-Pro:webbench-1.5 marvin$ curl http://www.proxy.develop/index.html
<h1>node2 -------------------------------</h1>
marvindeMacBook-Pro:webbench-1.5 marvin$ curl http://www.proxy.develop/index.html
node3stream四层代理
#端口不要跟7层冲突
stream {
upstream sshsrvs {
server 192.168.1.201:22;
server 192.168.1.202:22;
}
server {
listen 22923;
proxy_pass sshsrvs;
}
server {
listen 22922;
proxy_pass 192.168.1.201:22;
}
server {
listen 8080;
proxy_pass 192.168.1.202:80;
}
}marvindeMacBook-Pro:~ marvin$ ssh -p22922 [email protected]
The authenticity of host ‘[192.168.1.200]:22922 ([192.168.1.200]:22922)‘ can‘t be established.
ECDSA key fingerprint is SHA256:DdAAXSUPsbzY8IAC/+raL8nU85KiYDMmeJpZYbgSKwU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[192.168.1.200]:22922‘ (ECDSA) to the list of known hosts.
[email protected]‘s password:
X11 forwarding request failed on channel 0
Last login: Fri Jun 1 08:26:25 2018 from 192.168.1.104
[[email protected] ~]#以上是关于Linux nginx代理介绍的主要内容,如果未能解决你的问题,请参考以下文章