第4章 Nginx反向代理
https://www.processon.com/view/link/665178275a676876a641cf95?cid=66503a19e033962c8d0b2687
https://www.processon.com/view/link/66598a2cee40852c5fdd6d7d?cid=6659212f94997339cdd4f28d
第1章 反向代理和负载均衡
1.什么是反向代理和负载均衡
后端有多个服务器,通过反向代理将用户流量均衡的分摊,实现负载均衡的效果
2.实现反向代理和负载均衡的软件
HAproxy:只做反向代理
Nginx:既可以做web服务器,也可以做反向代理服务器,反向代理和负载均衡都是Nginx的模块
第2章 Nginx反向代理模块
1.官方地址
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
2.关键指令
proxy_pass http://要转发到的后端服务器IP地址;
proxy_set_header Host $http_host; #lb服务器将用户访问网站的HOST信息传递后后端的web服务器
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #将用户的真实IP传递给后端的web服务器
proxy_set_header X-Forwarded-Proto $scheme; # 确保后端应用程序知道原始请求是通过什么类型的协议发起的
proxy_connect_timeout 30; #代理与后端服务器连接超时时间(代理连接超时)
proxy_read_timeout 60; #代理等待后端服务器的响应时间
proxy_buffering on; #把后端返回的内容先放到缓冲区当中,然后再返回给客户端,边收边传,不是全部接收完再传给客户端
proxy_buffer_size 32k; #设置nginx代理保存用户头信息的缓冲区大小
proxy_buffers 4 128k; #proxy_buffers缓冲区
3.配置举例
简单代理配置:
location / {
proxy_pass http://10.0.0.7;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
完善代理配置:
location / {
# 主要的代理传递指令
proxy_pass http://10.0.0.7;
# 设置头信息,确保后端可以接收到正确的客户端数据
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 连接与超时设置
proxy_connect_timeout 30s; # 后端服务器连接超时时间
proxy_read_timeout 60s; # 从后端服务器读取数据的超时时间
proxy_send_timeout 60s; # 发送请求到后端服务器的超时时间
# 缓存和性能优化
proxy_buffering on; # 启用缓存响应内容
proxy_buffers 16 32k; # 调整缓存大小
proxy_buffer_size 64k; # 单个连接的缓冲区大小
}
2.反向代理到单台web服务器
2.1 实验环境
lb-5 Nginx反向代理
web-7 web服务器
2.2 web-7部署测试环境
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
server {
listen 80;
server_name proxy.luffy.com;
location / {
root /code/proxy;
index index.html;
}
}
EOF
mkdir /code/proxy -p
echo web-7 > /code/proxy/index.html
chown -R www:www /code/
systemctl restart nginx
2.3 lb-5安装Nginx
cat > /etc/yum.repos.d/nginx.repo << 'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
yum install nginx -y
2.4 lb-5编写Nginx反向代理配置文件
groupadd -g 1000 www
useradd -u 1000 -g 1000 -M -s /sbin/nologin www
sed -i '/^user/c user www;' /etc/nginx/nginx.conf
rm -rf /etc/nginx/conf.d/default.conf
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
server {
listen 80;
server_name proxy.luffy.com;
location / {
proxy_pass http://10.0.0.7;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
2.5 windows修改hosts解析
10.0.0.5 proxy.luffy.com
第3章 Nginx负载均衡模块
1.官网地址
https://nginx.org/en/docs/http/ngx_http_upstream_module.html
2.upstream 关键指令
**upstream** - 定义一个服务器组,可以在其中列出多个服务器地址及其相关配置。
**server** - 在 location 块中使用,指向 upstream 定义的服务器组。
**ip_hash** - 启用会话持久化,使来自同一客户端IP的请求总是被转发到同一服务器。
**hash** - 对指定的键值进行哈希运算来决定请求应该被转发到哪个服务器。
**least_conn**:将请求路由到连接数最少的服务器,帮助实现负载平衡。
3.实验-反向代理到多台服务器实现负载均衡
3.1 web-8部署实验环境
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
server {
listen 80;
server_name proxy.luffy.com;
location / {
root /code/proxy;
index index.html;
}
}
EOF
mkdir /code/proxy -p
echo web-8 > /code/proxy/index.html
chown -R www:www /code/
systemctl restart nginx
3.2 lb-5编写反向代理负载均衡配置
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
server 10.0.0.7;
server 10.0.0.8;
}
server {
listen 80;
server_name proxy.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
4.负载均衡调度算法
轮询(Round Robin):
默认采用轮询调度算法,即平均将请求分发到upstream定义的服务器IP地址池里。
权重(Weighted):
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
server 10.0.0.7 weight=1;
server 10.0.0.8 weight=2;
}
server {
listen 80;
server_name proxy.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
测试
[root@lb-5 /etc/nginx/conf.d]# for i in {1..100};do curl -s 10.0.0.5;done|sort|uniq -c|sort -rn
66 web-8
34 web-7
[root@lb-5 /etc/nginx/conf.d]# for i in {1..1000};do curl -s 10.0.0.5;done|sort|uniq -c|sort -rn
667 web-8
333 web-7
IP 哈希(IP Hash):
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
ip_hash;
server 10.0.0.7 ;
server 10.0.0.8 ;
}
server {
listen 80;
server_name proxy.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
URI 哈希(URI Hash):
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
hash $request_uri;
server 10.0.0.7 ;
server 10.0.0.8 ;
}
server {
listen 80;
server_name proxy.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
最少连接(Least Connections)
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
least_conn;
server 10.0.0.7;
server 10.0.0.8;
}
server {
listen 80;
server_name proxy.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
最少响应时间( Least Time )
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
least_time last_byte; # 完整响应最快的服务器
#least_time header; # 响应头最快的服务器
#least_time last_byte inflight; # 考虑在途请求的完整响应时间
server 10.0.0.7;
server 10.0.0.8;
}
server {
listen 80;
server_name proxy.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
5.server指令参数
backup 备用
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
server 10.0.0.7 backup;
server 10.0.0.8 ;
}
server {
listen 80;
server_name proxy.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
down 停用
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
server 10.0.0.7 down;
server 10.0.0.8 ;
}
server {
listen 80;
server_name proxy.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
max_conns 最大连接数
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
server 10.0.0.7 max_conns=10;
server 10.0.0.8 ;
}
server {
listen 80;
server_name proxy.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
max_fails 最大失败数
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
server 10.0.0.7 max_fails=3;
server 10.0.0.8 ;
}
server {
listen 80;
server_name proxy.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
fail_timeout 失败超时时间
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
server 10.0.0.7 max_fails=3 fail_timeout=5 ;
server 10.0.0.8 ;
}
server {
listen 80;
server_name proxy.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
第4章 Nginx负载均衡实战
1.根据域名配置转发
需求:
blog.luffy.com --> blog_pool
kod.luffy.com --> kod_pool
多个负载均衡池配的反向代理配置:
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream blog_pool {
server 10.0.0.7;
}
upstream kod_pool {
server 10.0.0.8;
}
server {
listen 80;
server_name blog.luffy.com;
location / {
proxy_pass http://blog_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name kod.luffy.com;
location / {
proxy_pass http://kod_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
两个域名访问相同负载均衡地址池:
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
server 10.0.0.7;
server 10.0.0.8;
}
server {
listen 80;
server_name blog.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name kod.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
精简配置:
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
server 10.0.0.7;
server 10.0.0.8;
}
server {
listen 80;
server_name blog.luffy.com kod.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx
2.动静分离
所有图片类型的数据都转发到 专门的图片服务器
upstream static {
server 172.16.1.7;
server 172.16.1.8;
}
upstream web {
server 172.16.1.8;
server 172.16.1.9;
server 172.16.1.10;
server 172.16.1.11;
}
server {
listen 80;
server_name blog.luffy.com;
location / {
proxy_pass http://web;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ \.(gif|jpg|jpeg|png|bmp|swf|css|js)$ {
proxy_pass http://static;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
第5章 Nginx四层代理
1.四层负载均衡小试身手
项目需求
1.lb-51和lb-52上分别安装了redis和mysql数据库
2.访问lb服务器的3306和6379可以代理到后端对应的数据库
3.ssh访问lb服务器的8000端口,代理到m-61的22端口上
lb-5服务器的nginx配置文件
stream {
upstream redis_server {
server 172.16.1.51:6379 max_fails=3 fail_timeout=30s;
server 172.16.1.52:6379 max_fails=3 fail_timeout=30s;
}
upstream mysql_server {
server 172.16.1.51:3306 max_fails=3 fail_timeout=30s;
server 172.16.1.52:3306 max_fails=3 fail_timeout=30s;
}
server {
listen 10.0.0.7:6379;
proxy_pass redis_server;
include proxy_params;
}
server {
listen 10.0.0.7:3306;
proxy_pass mysql_server;
include proxy_params;
}
server {
listen 10.0.0.7:3306;
proxy_pass 172.16.1.61:22;
include proxy_params;
}
}
nginx -t
systemctl restart nginx
访问并测试
redis-cli -h 10.0.0.5
mysql -uroot -p123 -h10.0.0.5
第6章 代理参数配置优化
未优化前
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
server 10.0.0.7;
server 10.0.0.8;
}
server {
listen 80;
server_name kod.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
}
}
server {
listen 80;
server_name blog.luffy.com;
location / {
proxy_pass http://web_pool;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
}
}
EOF
systemctl restart nginx
优化步骤
第一步:将相同的代理参数写入到一个文件里
cat > /etc/nginx/proxy_params << 'EOF'
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
EOF
第二步:跳转的配置文件里包含即可
cat > /etc/nginx/conf.d/proxy.conf << 'EOF'
upstream web_pool {
server 10.0.0.7;
server 10.0.0.8;
}
server {
listen 80;
server_name kod.luffy.com blog.luffy.com;
location / {
proxy_pass http://web_pool;
include proxy_params;
}
}
EOF
systemctl restart nginx
更新: 2024-10-18 14:12:14