反向代理负载均衡之NGINX

反向代理概述

反向代理（Reverse Proxy）方式是指以代理服务器来接受internet上的连接请求，然后将请求转发给内部网络上的服务器，并将从服务器上得到的结果返回给internet上请求连接的客户端，此时代理服务器对外就表现为一个反向代理服务器。

Nginx负载均衡部署

#环境准备

lb01  10.0.0.5  172.16.1.5

web01 10.0.0.8  172.16.1.8

web02 10.0.0.7  172.16.1.7

web03 10.0.0.9  172.16.1.9

#三台都安装上Nginx

#安装Nginx软件

#安装依赖软件包集合

yum -y install openssl openssl-devel pcre pcre-devel

#下载安装Nginx软件

#软件可以去官网下

[root@lb01 ~]# cd /home/oldboy/tools/

[root@lb01 tools]# tar -xf nginx-1.10.2.tar.gz

[root@lb01 tools]# ll

total 896

drwxr-xr-x 9 1001 1001   4096 Mar 29 16:18 nginx-1.10.2

-rw-r--r-- 1 root root 910812 Mar 29 16:16 nginx-1.10.2.tar.gz

[root@lb01 tools]#useradd -s /sbin/nologin -M www

[root@lb01 nginx-1.10.2]#./configure  --user=www --group=www --prefix=/application/nginx-1.10.2 --with-http_stub_status_module  --with-http_ssl_module

[root@lb01 nginx-1.10.2]# make

[root@lb01 nginx-1.10.2]# make install

ln -s /application/nginx-1.10.2/ /application/nginx

配置用于测试的web服务

Nginx web01 web02 web03 的配置如下

[root@lb01 nginx-1.10.2]# cd /application/nginx/conf/

[root@lb01 conf]# vim nginx.conf

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    log_format  main  \'$remote_addr - $remote_user [$time_local] "$request" \'
                      \'$status $body_bytes_sent "$http_referer" \'
                      \'"$http_user_agent" "$http_x_forwarded_for"\';
    server {
        listen       80;
        server_name  www.etiantian.org;
        location / {
            root   html/www;
            index  index.html index.htm;
        }
        access_log  logs/access_www.log  main;
    }
    server {
        listen       80;
        server_name  blog.etiantian.org;
        location / {
            root   html/blog;
            index  index.html index.htm;
        }
        access_log  logs/access_blog.log  main;
    }
}

#配置完成后检查语法，并启动Nginx

[root@web01 conf]# ../sbin/nginx -t

nginx: the configuration file /application/nginx-1.10.2/conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.10.2/conf/nginx.conf test is successful

[root@web01 conf]# ../sbin/nginx

 

mkdir /application/nginx/html/{www,blog}

for dir in www blog;do echo "`hostname` $dir" >/application/nginx/html/$dir/hehe.html;done

for dir in www blog;do cat /application/nginx/html/$dir/hehe.html;done

lb01 www

lb01 blog

#测试结果如下

[root@lb01 conf]# curl 10.0.0.7/hehe.html

web02 www

[root@lb01 conf]# curl 10.0.0.8/hehe.html

web01 www

[root@lb01 conf]# curl 10.0.0.9/hehe.html

web03 www

上面一些配置详解

#Nginx日志配置规范
#//配置语法: 包括: error.log access.log
Syntax: log_format name [escape=default|json] string ...;
Default:    log_format combined "...";
Context:    http

#//Nginx默认配置
log_format  main  \'$remote_addr - $remote_user [$time_local] "$request" \'
                   \'$status $body_bytes_sent "$http_referer" \'
                  \'"$http_user_agent" "$http_x_forwarded_for"\';

$remote_addr   # //表示客户端地址
$remote_user    #//http客户端请求nginx认证用户名
$time_local    # //Nginx的时间
$request        #//Request请求行, GET等方法、http协议版本
$status         #//respoence返回状态码
$body_bytes_sent   # //从服务端响应给客户端body信息大小
$http_referer      # //http上一级页面, 防盗链、用户行为分析
$http_user_agent    #//http头部信息, 客户端访问设备
$http_x_forwarded_for  # //http请求携带的http信息

实现一个简单的负载均衡

[root@lb01 conf]# vim nginx.conf

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    log_format  main  \'$remote_addr - $remote_user [$time_local] "$request" \'

                      \'$status $body_bytes_sent "$http_referer" \'

                      \'"$http_user_agent" "$http_x_forwarded_for"\';

    upstream server_pools {

        server 10.0.0.7;

        server 10.0.0.8;

        server 10.0.0.9;

    }

    server {

        listen 80;

        location / {

            proxy_pass http://server_pools;

        }

access_log  logs/access.log  main;

}

}

检查语法启动服务

[root@lb01 conf]# ../sbin/nginx -t

nginx: the configuration file /application/nginx-1.10.2/conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.10.2/conf/nginx.conf test is successful

[root@lb01 conf]# ../sbin/nginx -s reload

linux下测试结果如下

[root@lb01 conf]# ../sbin/nginx -s reload

[root@lb01 conf]# curl 10.0.0.5/hehe.html

web02 www

[root@lb01 conf]# curl 10.0.0.5/hehe.html

web01 www

[root@lb01 conf]# curl 10.0.0.5/hehe.html

web03 www

[root@lb01 conf]# curl 10.0.0.5/hehe.html

web02 www

[root@lb01 conf]# curl 10.0.0.5/hehe.html

web01 www

[root@lb01 conf]# curl 10.0.0.5/hehe.html

web03 www

Nginx upstream模块

upstream模块介绍

Nginx的负载均衡功能依赖与ngx_http_upstream_module模块，所支持的代理方式包括proxy_pass、fastcgi_pass、memcached_pass等

ngx_http_upstream_module模块允许Nginx定义一组或多组节点服务器，使用时可以通过proxy_pass代理的方式把网站的请求发送到事先定义好的对应Upstream组的名字上，具体写法为"proxy_pass http://www_server_pools",其中www_server_pools就是一个Upstream节点服务器组名字。

Upstream模块语法

    upstream server_pools {   #----》upstream是关键字必须有后面的server_pools为一个upstream集群组的名字，可以自己起名，调用时就用这个名字

        server 10.0.0.7 weight=2;

#server 关键字是固定的，后面可以接域名IP。如果不指定端口默认是80，weight代表权重，数值越大被分配的请求越多，结尾有分号

        server 10.0.0.8 weight=1;

        server 10.0.0.9 weight=1;

    }

比较完整的upstrea配置案例

 upstream server_pools {

        server 10.0.0.7 weight=1 max_fails=3 fail_timeout=10s;

        server 10.0.0.8 weight=1 max_fails=3 fail_timeout=10s;

        server 10.0.0.9 weight=1 max_fails=3 fail_timeout=10s;

}

upstream模块相关说明

upstream模块内参数	参数说明
server 10.0.0.8:80	负载均衡后面的RS配置，可以是IP或域名，端口不写，默认是80端口。高并发场景IP要换成域名，通过内部DNS做负载均衡
weight	代表服务器的权重，默认是1。权重数字越大表示接受的请求比例越大
max_fails=1	最大尝试失败的次数，默认为1，0表示禁止失败尝试。企业场景：2-3.京东1次，蓝汛10次，根据业务需求去配置
backup	热备配置(RS节点的高可用)，当前面激活的RS都失败后会自动启动热备RS。这标志着这个服务器作为备份服务器，若主服务器全宕机了，就会向他转发请求；
fail_timeout=10s	失败超时时间，默认是10s.
down	这标志着服务器永远不可用，这个参数可配合ip_hash使用

来看个示例

upstream backend {

server backend1.example.com weight=5;    

server 127.0.0.1:8080 max_fails=5 fail_timeout=10s; #当检测次数等于5的时候，5次连续检测失败后重新检测，这个参数和proxy/fastcgi/memcached_next_upstream 相关

server unix:/tmp/backend3;

server backup1.example.com:8080 backup;

}

http_proxy_module模块

proxy_pass指令介绍

proxy_pass指令属于ngx_http_proxy_module模块，此模块可以将请求转发到另一台服务器，在实际的反向代理工作中，会通过location功能匹配指定的URI，然后把接收到的符合匹配URI的请求通过proxy_pass抛给定义好的upstream节点池。

将匹配URI为name的请求抛给http://127.0.0.1/remote/.

    location /name/ {

            proxy_pass http://127.0.0.1/remote/;

        }

 Nginx负载均衡配置实战

配置基于域名虚拟主机的web节点

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    log_format  main  \'$remote_addr - $remote_user [$time_local] "$request" \'

                      \'$status $body_bytes_sent "$http_referer" \'

                      \'"$http_user_agent" "$http_x_forwarded_for"\';

    server {

        listen       80;

        server_name  www.etiantian.org;

        location / {

            root   html/www;

            index  index.html index.htm;

        }

        access_log  logs/access_www.log  main;

    }

    server {

        listen       80;

        server_name  blog.etiantian.org;

        location / {

            root   html/blog;

            index  index.html index.htm;

        }

        access_log  logs/access_blog.log  main;

    }

}

配置检查测试

mkdir /application/nginx/html/{www,blog}

for dir in www blog;do echo "`hostname` $dir" >/application/nginx/html/$dir/hehe.html;done

for dir in www blog;do cat /application/nginx/html/$dir/hehe.html;done

[root@lb01 html]# ../sbin/nginx -t

nginx: the configuration file /application/nginx-1.10.2/conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.10.2/conf/nginx.conf test is successful

[root@lb01 html]# ../sbin/nginx -s reload

[root@lb01 ~]# curl 10.0.0.7/hehe.html

web02 www

[root@lb01 ~]# curl 10.0.0.8/hehe.html

web01 www

[root@lb01 ~]# curl 10.0.0.9/hehe.html

web03 www

Nginx负载均衡反向代理实践

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    log_format  main  \'$remote_addr - $remote_user [$time_local] "$request" \'

                      \'$status $body_bytes_sent "$http_referer" \'

                      \'"$http_user_agent" "$http_x_forwarded_for"\';

    upstream server_pools {

        server 10.0.0.7;

        server 10.0.0.8;

        server 10.0.0.9;

    }

    server {

        listen 80;

        location / {

            proxy_pass http://server_pools;

        }

access_log  logs/access.log  main;

    }

}

启动测试

[root@lb01 html]# ../sbin/nginx -t

nginx: the configuration file /application/nginx-1.10.2/conf/nginx.conf syntax is ok

nginx: configuration file /application/nginx-1.10.2/conf/nginx.conf test is successful

[root@lb01 html]# ../sbin/nginx -s reload

[root@lb01 ~]# curl 10.0.0.5/hehe.html 

web02 www

[root@lb01 ~]# curl 10.0.0.5/hehe.html 

web01 www

[root@lb01 ~]# curl 10.0.0.5/hehe.html 

web03 www

经过反向代理后的节点服务器记录用户IP企业案例

worker_processes  1;

events {

    worker_connections  1024;
}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    log_format  main  \'$remote_addr - $remote_user [$time_local] "$request" \'
                      \'$status $body_bytes_sent "$http_referer" \'
                      \'"$http_user_agent" "$http_x_forwarded_for"\';
  
  
    upstream server_pools {

        server 10.0.0.7 weight=1 max_fails=3 fail_timeout=10s;

        server 10.0.0.8 weight=1 max_fails=3 fail_timeout=10s;

        server 10.0.0.9 weight=1 max_fails=3 fail_timeout=10s;
    }

    server {

        listen 80;

        server_name www.etiantian.org;

        location / {

            proxy_pass http://server_pools;

            proxy_set_header Host  $host;

            proxy_set_header X-Forwarded-For $remote_addr;

        }

access_log  logs/access_www.log  main;

}
    server {

        listen 80;

        server_name blog.etiantian.org;

        location / {

            proxy_pass http://server_pools;

            proxy_set_header Host  $host;

            proxy_set_header X-Forwarded-For $remote_addr;
        }

access_log  logs/access_blog.log  main;

}

}

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    log_format  main  \'$remote_addr - $remote_user [$time_local] "$request" \'
                      \'$status $body_bytes_sent "$http_referer" \'
                      \'"$http_user_agent" "$http_x_forwarded_for"\';
  
  
upstream upload_pools {

  server 10.0.0.8:80;

}

upstream static_pools {

  server 10.0.0.7:80;

}

upstream default_pools {

  server 10.0.0.9:80;

}

server {

    listen 80;

    server_name www.etiantian.org;

location /static/ { 

    proxy_pass http://static_pools;

    proxy_set_header Host $host;

    proxy_set_header X-Forwarded-For $remote_addr;

}

location /upload/ { 

    proxy_pass http://upload_pools;

    proxy_set_header Host $host;

    proxy_set_header X-Forwarded-For $remote_addr;
}

 location / { 

    proxy_pass http://default_pools;

    proxy_set_header Host $host;

    proxy_set_header X-Forwarded-For $remote_addr;

　　　　}
    access_log  logs/access_www.log  main;

　　}
}