Nginx反向代理

網站URL:

svn-------dev.qingfeng.com/svn(10.0.0.8:801/svn)

svn web---dev.qingfeng.com/submin(10.0.0.8:801/submin)

網站------www.qingfeng.com(10.0.0.7:80&10.0.0.8:80)

oa--------oa.qingfeng.com(10.0.0.7:802&10.0.0.8:802)

反向代理總結:

多域名指向是經過虛擬主機的不一樣server實現;

同一域名的不一樣虛擬目錄經過每一個server下面的不一樣location實現;

反向代理到後端的服務器須要在vhost/LB.conf下面配置upstream,

而後在server或location中經過proxy_pass引用.

1.安裝nginx

mkdir -p /server/tools
cd /server/tools
yum install -y pcre pcre-devel openssl openssl-devel gcc gcc+
wget http://nginx.org/download/nginx-1.8.0.tar.gz
useradd www -M -s /sbin/nologin
tar xf nginx-1.8.0.tar.gz
cd nginx-1.8.0/
sed -i "179s/#//" auto/cc/gcc
mkdir /application
./configure --prefix=/application/nginx-1.8.0 --user=www \
--group=www --with-http_stub_status_module --with-http_ssl_module
make && make install
ln -s /application/nginx-1.8.0/ /application/nginx

2.10.0.0.8最簡配置

cat nginx.conf
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    
    include vhosts/*.conf;
}

cat www.conf
server {
    listen 80;
    server_name www.qingfeng.com;

    access_log logs/www_access.log main;
    error_log  logs/www_error.log;

    location / {
        root html/www;
        index index.html index.php;
    }
}

cat svn.conf
server {
    listen 801;
    server_name dev.qingfeng.com;

    access_log logs/svn_submin_access.log main;
    error_log  logs/svn_submin_error.log;

    location / {
        root html;
        index index.html;
    }
}

cat oa.conf
server {
    listen 802;
    server_name oa.qingfeng.com;

    access_log logs/www_access.log main;
    error_log  logs/www_error.log;

    location / {
        root html/oa;
        index index.html index.php index.htm;
    }
}
# 10.0.0.7的主配文件、輔助文件(oa.conf)跟10.0.0.8同樣

3.建立目錄及首頁文件

mkdir /application/nginx/conf/vhosts
# 10.0.0.7
mkdir /application/nginx/html/{oa,www}
cd /application/nginx/html/
echo "oa-10.0.0.7:802" > oa/index.html
echo "www-10.0.0.7:80" > www/index.html
# 10.0.0.8
mkdir /application/nginx/html/{oa,www,svn,submin}
cd /application/nginx/html/
echo "oa-10.0.0.8:802" > oa/index.html
echo "www-10.0.0.8:80" > www/index.html
echo "this is the page of svn-10.0.0.8" > svn/index.html
echo "this is the page of submin-10.0.0.8" > submin/index.html

# 經典錯誤示範:
location /svn/ {
	root html/svn;
	index index.html;
}
若是寫成這樣的格式,將沒法訪問到頁面,由於location不只是url,還要把它拼接到網站根路徑後,
去掉根路徑後面跟的字符便可正常訪問.
location /svn/ {
	root html;
	index index.html;
}

4.負載均衡(10.0.0.5)最簡配置

cat LB.conf
upstream LB-WWW {
      # ip_hash;
      server 10.0.0.7:80;
      server 10.0.0.8:80;
    }
    
upstream LB-OA {
      # ip_hash;
      server 10.0.0.7:802;
      server 10.0.0.8:802;
}
server {
    listen      80;
    server_name dev.qingfeng.com;

    access_log  logs/dev-access.log main;
    error_log  logs/dev-error.log;

    location /svn/ {
        proxy_pass http://10.0.0.8:801/svn/;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
    
    location /submin/ {
        proxy_pass http://10.0.0.8:801/submin/;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}
server {
    listen      80;
    server_name www.qingfeng.com;
    
    access_log  logs/www-access.log main;
    error_log   logs/www-error.log;

    location / {
        proxy_pass http://LB-WWW;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

server {
    listen      80;
    server_name oa.qingfeng.com;

    access_log  logs/oa-access.log main;
    error_log   logs/oa-error.log;

    location / {
        proxy_pass http://LB-OA;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

5.解決問題

a.若是location中不加proxy_set_header Host $host;會致使客戶端發來的請求頭的

host中沒有域名,只會返回第一個匹配到的頁面;

b.反向代理到web01(nginx),返回403,是由於沒有建立首頁文件,建立後,能夠正常訪問,

反向代理到web02(apache),返回400,是由於沒有在lb01配置文件中添加$host,發送了空請求.

c.解決web集羣會話保持的方法:前端用ip_hash或後端搭一個memcache共享session.