1)nginx的反向代理:proxy_pass
2)nginx的負載均衡:upstreamphp
下面是nginx的反向代理和負載均衡的實例:css
負載機:A機器:103.110.186.8/192.168.1.8
後端機器1:B機器:192.168.1.102
後端機器2:C機器:192.168.1.103html
需求:
1)訪問A機器的8080端口,反向代理到B機器的8080端口;
訪問A機器的8088端口,反向代理到C機器的8088端口;
訪問http://103.110.86.8:8090/ios,反向代理到B機器http://192.168.1.102:8090/ios/java
2)訪問A機器的80端口,負載均衡到後端的兩臺機器B和C的80端口node
操做記錄:
--------------------------------------------------------------------------------------
負載機:A機器上的操做記錄:
1)編譯安裝nginx
[root@opd ~]# yum install -y pcre* openssl* gcc gcc+
[root@opd ~]# cd /opt/src
[root@src ~]# wget http://nginx.org/download/nginx-1.8.0.tar.gz
[root@src ~]# tar -zxvf nginx-1.8.0.tar.gz
[root@src ~]# cd nginx-1.8.0
#添加www用戶,其中-M參數表示不添加用戶家目錄,-s參數表示指定shell類型ios
[root@nginx-1.8.0 ~]#useradd www -M -s /sbin/nologin
[root@nginx-1.8.0 ~]#vim auto/cc/gcc
#將這句註釋掉 取消Debug編譯模式 大概在179行
#CFLAGS="$CFLAGS -g"nginx
#咱們再配置下nginx編譯參數
[root@nginx-1.8.0 ~]# ./configure --prefix=/opt/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module
[root@nginx-1.8.0 ~]#make
[root@nginx-1.8.0 ~]#make install cleanshell
2)配置nginx
[root@nginx-1.8.0 ~]# cd /opt/nginx/conf
[root@nginx-1.8.0 conf]# vim nginx.conf //這個能夠做爲nginx安裝後的配置規範vim
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
http {
include mime.types;
default_type application
/octet-stream
;
charset utf-8;
log_format main
'$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_cookie" $host $request_time'
;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
fastcgi_read_timeout 3000;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
client_header_timeout 600s;
client_body_timeout 600s;
client_max_body_size 100m;
client_body_buffer_size 256k;
gzip
on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_types text
/plain
application
/x-javascript
text
/css
application
/xml
text
/javascript
application
/x-httpd-php
;
gzip_vary on;
include vhosts/*.conf;
}
|
[root@nginx-1.8.0 conf]# ulimit -n 65535
[root@nginx-1.8.0 conf]# mkdir vhosts
[root@nginx-1.8.0 conf]# cd vhosts
配置反向代理和負載均衡
[root@nginx-1.8.0 vhosts]# vim 8080.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
server {
listen 8080;
server_name localhost;
index index.html index.php index.htm;
root
/var/www/html
;
access_log
/usr/local/nginx/logs/8080-access
.log main;
error_log
/usr/local/nginx/logs/8080-error
.log;
location / {
proxy_pass http:
//192
.168.1.102:8080;
proxy_redirect off ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 300;
#跟後端服務器鏈接超時時間,發起握手等候響應時間
proxy_send_timeout 300;
#後端服務器回傳時間,就是在規定時間內後端服務器必須傳完全部數據
proxy_read_timeout 600;
#鏈接成功後等待後端服務器的響應時間,已經進入後端的排隊之中等候處理
proxy_buffer_size 256k;
#代理請求緩衝區,會保存用戶的頭信息以供nginx進行處理
proxy_buffers 4 256k;
#同上,告訴nginx保存單個用幾個buffer最大用多少空間
proxy_busy_buffers_size 256k;
#若是系統很忙時候能夠申請最大的proxy_buffers
proxy_temp_file_write_size 256k;
#proxy緩存臨時文件的大小
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
}
}
|
[root@nginx-1.8.0 vhosts]# cat 8088.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
server {
listen 8088;
server_name localhost;
index index.html index.php index.htm;
root
/var/www/html
;
access_log
/usr/local/nginx/logs/8088-access
.log main;
error_log
/usr/local/nginx/logs/8088-error
.log;
location / {
proxy_pass http:
//192
.168.1.103:8088;
proxy_redirect off ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 600;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
}
}
|
-----------------------------------------------------------------------------------------------------------------
下面這個匹配path的代理設置須要注意幾點:
首先必定要保證目標B機器,也就是192.168.1.102的8090端口站點目錄下有這個匹配path的目錄ios存在!!
也就是要保證A機器本機能順利訪問到目標B機器的8090端口的ios路徑,即:
[root@nginx-1.8.0 vhosts]# curl http://192.168.1.102:8090/ios/ #必定要保證這個能從A機器訪問成功!
下面幾種配置都是能夠的:
第一種:
[root@nginx-1.8.0 vhosts]# cat 8090.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
server {
listen 8090;
server_name localhost;
index index.html index.php index.htm;
root
/var/www/html
;
access_log
/usr/local/nginx/logs/8090-access
.log main;
error_log
/usr/local/nginx/logs/8090-error
.log;
location
/ios/
{
#這種狀況,這裏必定要匹配的是/ios/,不能是/ios
proxy_pass http:
//192
.168.1.102:8090;
#必定要保證192.168.1.102機器8090端口站點目錄下有ios目錄!不然訪問會報錯404!
proxy_redirect off ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 600;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
}
}
|
第二種:
[root@nginx-1.8.0 vhosts]# cat 8090.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
server {
listen 8090;
server_name localhost;
index index.html index.php index.htm;
root
/var/www/html
;
access_log
/usr/local/nginx/logs/8090-access
.log main;
error_log
/usr/local/nginx/logs/8090-error
.log;
location
/ios/
{
proxy_pass http:
//192
.168.1.102:8090
/ios/
;
proxy_redirect off ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 600;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
}
}
|
第三種:
[root@nginx-1.8.0 vhosts]# cat 8090.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
server {
listen 8090;
server_name localhost;
index index.html index.php index.htm;
root
/var/www/html
;
access_log
/usr/local/nginx/logs/8090-access
.log main;
error_log
/usr/local/nginx/logs/8090-error
.log;
location
/ios
{
proxy_pass http:
//192
.168.1.102:8090
/ios/
; 這種狀況,這裏必定要匹配的是
/ios/
,不能是
/ios
proxy_redirect off ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 600;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
}
}
|
以上三種配置方法都保證了訪問http://103.110.86.8:8090/ios會自動變爲http://103.10.86.8:8090/ios/,並代理到http://192.168.1.102:8090/ios/的結果
-----------------------------------------------------------------------------------------------------------------
[root@nginx-1.8.0 vhosts]# cat LB.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
upstream lb {
server 192.168.1.102:80 max_fails=3 fail_timeout=30s;
#max_fails = 3 爲容許失敗的次數,默認值爲1
server 192.168.1.103:80 max_fails=3 fail_timeout=30s;
#fail_timeout = 30s 當max_fails次失敗後,暫停將請求分發到該後端服務器的時間
}
server {
listen 80;
server_name localhost;
index index.html index.php index.htm;
root
/var/www/html
;
access_log
/usr/local/nginx/logs/80-access
.log main;
error_log
/usr/local/nginx/logs/80-error
.log;
location / {
proxy_pass http:
//lb
;
proxy_redirect off ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 600;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
}
}
|
啓動nginx
[root@nginx-1.8.0 vhosts]# /opt/nginx/sbin/nginx -t 【檢查配置是否正確】
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
[root@host-192-168-1-102 vhosts]# /opt/nginx/sbin/nginx 【啓動nginx】
--------------------------------------------------------------------------------------
後端機:B機器上的操做記錄:
1)編譯安裝nginx
[root@B ~]# yum install -y pcre* openssl* gcc gcc+
[root@B ~]# cd /opt/src
[root@B ~]# wget http://nginx.org/download/nginx-1.8.0.tar.gz
[root@B ~]# tar -zxvf nginx-1.8.0.tar.gz
[root@B ~]# cd nginx-1.8.0
#添加www用戶,其中-M參數表示不添加用戶家目錄,-s參數表示指定shell類型
[root@nginx-1.8.0 ~]#useradd www -M -s /sbin/nologin
[root@nginx-1.8.0 ~]##vim auto/cc/gcc
#將這句註釋掉 取消Debug編譯模式 大概在179行
#CFLAGS="$CFLAGS -g"
#咱們再配置下nginx編譯參數
[root@nginx-1.8.0 ~]# ./configure --prefix=/opt/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module
[root@nginx-1.8.0 ~]#make
[root@nginx-1.8.0 ~]#make install clean
2)配置nginx
[root@nginx-1.8.0 ~]# cd /opt/nginx/conf
注意,把默認的nginx.conf文件中的server區域配置註釋掉,設置vhosts虛擬主機的配置,以下:
[root@nginx-1.8.0 conf]# vim nginx.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
user www;
worker_processes 8;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application
/octet-stream
;
charset utf-8;
log_format main
'$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_cookie" $host $request_time'
;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
fastcgi_read_timeout 3000;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
client_header_timeout 600s;
client_body_timeout 600s;
client_max_body_size 100m;
client_body_buffer_size 256k;
gzip
on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_types text
/plain
application
/x-javascript
text
/css
application
/xml
text
/javascript
application
/x-httpd-php
;
gzip_vary on;
include vhosts/*.conf;
}
|
[root@nginx-1.8.0 conf]# ulimit -n 65535
[root@nginx-1.8.0 conf]# mkdir vhosts
[root@nginx-1.8.0 conf]# cd vhosts
[root@nginx-1.8.0 conf]# vim 8080.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
server {
listen 8080;
server_name localhost;
index index.html index.php index.htm;
access_log
/usr/local/nginx/logs/8080-access
.log main;
error_log
/usr/local/nginx/logs/8080-error
.log;
location ~ / {
root
/var/www/html/8080
;
index index.html index.php index.htm;
}
}
|
[root@nginx-1.8.0 conf]# vim 8090.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
server {
listen 8090;
server_name localhost;
index index.html index.php index.htm;
access_log
/usr/local/nginx/logs/8090-access
.log main;
error_log
/usr/local/nginx/logs/8090-error
.log;
location ~ / {
root
/var/www/html/8090
;
#針對上面匹配ios的path代理,要保證站點目錄/var/www/html/8080下有ios目錄存在
index index.html index.php index.htm;
}
}
|
[root@nginx-1.8.0 conf]# vim 80.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
server {
listen 80;
server_name localhost;
index index.html index.php index.htm;
access_log
/usr/local/nginx/logs/80-access
.log main;
error_log
/usr/local/nginx/logs/80-error
.log;
location ~ / {
root
/var/www/html
;
index index.html index.php index.htm;
}
}
|
啓動nginx
[root@nginx-1.8.0 vhosts]# /opt/nginx/sbin/nginx -t 【檢查配置是否正確】
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
[root@host-192-168-1-102 vhosts]# /opt/nginx/sbin/nginx 【啓動nginx】
--------------------------------------------------------------------------------------
後端機:C機器上的操做記錄:
1)編譯安裝nginx
[root@C ~]# yum install -y pcre* openssl* gcc gcc+
[root@C ~]# cd /opt/src
[root@C ~]# wget http://nginx.org/download/nginx-1.8.0.tar.gz
[root@C ~]# tar -zxvf nginx-1.8.0.tar.gz
[root@C ~]# cd nginx-1.8.0
#添加www用戶,其中-M參數表示不添加用戶家目錄,-s參數表示指定shell類型
[root@nginx-1.8.0 ~]#useradd www -M -s /sbin/nologin
[root@nginx-1.8.0 ~]##vim auto/cc/gcc
#將這句註釋掉 取消Debug編譯模式 大概在179行
#CFLAGS="$CFLAGS -g"
#咱們再配置下nginx編譯參數
[root@nginx-1.8.0 ~]# ./configure --prefix=/opt/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module
[root@nginx-1.8.0 ~]#make
[root@nginx-1.8.0 ~]#make install clean
2)配置nginx
[root@nginx-1.8.0 ~]# cd /opt/nginx/conf
注意,把默認的nginx.conf文件中的server區域配置註釋掉,設置vhosts虛擬主機的配置,以下:
[root@nginx-1.8.0 conf]# vim nginx.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
user www;
worker_processes 8;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application
/octet-stream
;
charset utf-8;
log_format main
'$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_cookie" $host $request_time'
;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
fastcgi_read_timeout 3000;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
client_header_timeout 600s;
client_body_timeout 600s;
client_max_body_size 100m;
client_body_buffer_size 256k;
gzip
on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_types text
/plain
application
/x-javascript
text
/css
application
/xml
text
/javascript
application
/x-httpd-php
;
gzip_vary on;
include vhosts/*.conf;
}
|
[root@nginx-1.8.0 conf]# vim 80.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
server {
listen 80;
server_name localhost;
index index.html index.php index.htm;
access_log
/usr/local/nginx/logs/80-access
.log main;
error_log
/usr/local/nginx/logs/80-error
.log;
location ~ / {
root
/var/www/html/
;
index index.html index.php index.htm;
}
}
|
啓動nginx
[root@nginx-1.8.0 vhosts]# /opt/nginx/sbin/nginx -t 【檢查配置是否正確】
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
[root@host-192-168-1-102 vhosts]# /opt/nginx/sbin/nginx 【啓動nginx】
到此,上面需求中的nginx反向代理和負載均衡就已經配置完成了!
訪問http://103.110.86.8:8080的結果顯示的就是B機器,即http://192.168.1.102:8080的結果
訪問http://103.110.86.8:8088的結果顯示的就是C機器,即http://192.168.1.108:8088的結果
訪問http://103.110.86.8:8090/ios的結果顯示的就是B機器,即http://192.168.1.102:8090/ios/的結果
訪問http://103.110.86.8的請求就會被負載給到後端兩臺機器http://192.168.1.102和http://192.168.1.103
能夠在103.110.86.8本機能夠使用curl和telnet測試到目標機器是否通順~
[root@nginx-1.8.0 vhosts]# curl http://192.168.1.102:8080
[root@nginx-1.8.0 vhosts]# telnet 192.168.1.102 8080
--------------------------------------------------------------------------------------------------------------------------------------------
說明一下:
上面的nginx反向代理的需求,除了nginx反代配置以外,也能夠使用iptables的nat轉發實現。
好比:
訪問A機器的8080端口,反向代理到B機器的80端口;
iptables的nat轉發規則設置以下:
[root@opd ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.102:80
[root@opd ~]# iptables -t nat -A POSTROUTING -d 192.168.1.102 -p tcp -m tcp --sport 80 -j SNAT --to-source 192.168.1.8
[root@opd ~]# iptables -t filter -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
[root@opd ~]# service iptables save
**************************************
須要注意的是:
要打開A機器的ip轉發功能:
[root@opd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
而後後端機器B的route路由最好也設置成192.168.1.8
**************************************
這樣,訪問http://103.110.86.8:8080的結果就是http://192.168.1.102的結果
-----------------------------------------------------------------------------------------------------------
nginx反向代理一例:
訪問http://testwx3.wangshibo.com/apiwx3反向代理到https://testwww.wangshibo.com
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@dev-new-
test
vhosts]
# cat testwx3.wangshibo.com.conf
server {
listen 80;
server_name testwx3.wangshibo.com;
root
/Data/app/xqsj_wx3/dist
;
index index.html;
location
/apiwx3/
{
proxy_pass https:
//testwww
.wangshibo.com/;
}
|
如上配置後:
訪問http://testwx3.wangshibo.com/apiwx3自動跳轉到http://testwx3.wangshibo.com/apiwx3/
訪問http://testwx3.wangshibo.com/apiwx3/$1的內容和https://testwww.wangshibo.com/$1內容一致
好比:
訪問http://testwx3.wangshibo.com/apiwx3/xqsj.php?r=HouseGroup/create 顯示的內容既是 http://testwww.wangshibo.com/xqsj.php?r=HouseGroup/create的內容
若是將上面的代理配置改成:
|
1
2
3
4
5
6
7
8
|
location
/apiwx3
{
proxy_pass https:
//testwww
.wangshibo.com;
}
或者
location
/apiwx3/
{
proxy_pass https:
//testwww
.wangshibo.com/;
}
|
那麼只能實現:訪問http://testwx3.wangshibo.com/apiwx3的結果和https://testwww.wangshibo.com一致不能實現:訪問http://testwx3.wangshibo.com/apiwx3/$1的內容和https://testwww.wangshibo.com/$1內容一致-----------------------------------------------------------------------------------------------------------