大併發 簡單轉發 用LVS (四層)
大併發 功能要求URI轉發 lvs+nginx (四層+七層)
併發不大 nginx/haproxy (七層)
1000萬--2000萬PV的網站可以使用nginx負載均衡,高於2000萬使用LVS
測試環境:
測試域名:www.mydomain.com (在本機hosts文件做解析:23.247.76.253 www.mydomain.com)
A服務器:23.247.76.253 (主)
B服務器:107.179.101.254
C服務器:23.247.78.253
主服務器配置(負載均衡器):
[root@nagios_client1 ~]# cat /usr/local/nginx/conf/nginx.conf
user www www;
worker_processes auto;
error_log /home/wwwroot/index/log/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http
{
#limit_req_zone $binary_remote_addr zone=my_req_zone:1000m rate=100r/m;
#limit_conn_zone $binary_remote_addr zone=default:1000m;
#limit_conn default 100;
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 4k;
large_client_header_buffers 4 4k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60 60;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 16k;
fastcgi_buffers 16 16k;
fastcgi_busy_buffers_size 16k;
fastcgi_temp_file_write_size 16k;
fastcgi_intercept_errors on;
proxy_cache_valid 200 304 12h;
proxy_cache_key $scheme://$host$request_uri;
proxy_temp_path /home/amproxy_cache_tmp;
proxy_cache_path /home/amproxy_cache levels=1:2 keys_zone=amproxy:20m inactive=10d max_size=2g;
tcp_nodelay on;
server_tokens off;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/rss+xml application/xhtml+xml application/atom_xml;
gzip_disable "MSIE [1-6].(?!.*SV1)";
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
# footer_types text/css;
# footer "<!-- $hostname, $year/$month/$day $hour:$minute:$second, $request -->";
ssl_buffer_size 4k;
add_header Anycast $hostname;
include vhost/*.conf;
include vhost/ssl/*.conf;
include vhost/http/*.conf;
include proxy/http/*.conf;
include proxy/ssl/*.conf;
#add_header X-S-NODE $hostname;
upstream servers.mydomain.com {
server 23.247.78.254:80;
server 107.179.101.254:8080;
server 23.247.76.253:8080;
# ip_hash;
}
server{
listen 80;
server_name www.mydomain.com;
location / {
proxy_pass http://servers.mydomain.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
HTTP/HTTPS 配置
server { # HTTP
# 對於特定請求 http://host:port/path
# (1)host 匹配於 server.server_name
# (2)port 匹配於 server.listen
# (3)path 匹配於 server.location, 而且優先採用精確匹配項
listen 80; # HTTP
listen 443 ssl; # HTTPS
server_name www.mydomain.com; # 通配符、正則
if ($scheme != https) { # 強制 HTTP 跳轉至 HTTPS
# host 與 server_name 等價, redirect/permanent 分別爲臨時跳轉/永久跳轉
rewrite ^(.*)$ https://$host$1 permanent;
}
# 重定向錯誤頁
error_page 404 /static/error/404.html;
error_page 500 502 503 504 /static/error/50x.html;
# 靜態頁面,直接指向目錄 /usr/share/nginx
location ^~ /static/ { # 首部匹配
root /usr/share/nginx; # 其下有 static 目錄
index index.html index.htm;
# 以下指令都適用於 http, server, location
add_header X-Header-Name value;
chunked_transfer_encoding on;
expires 1d;
gzip on; # 開啓壓縮(默認關閉)
}
# 動態數據,轉給三個Nginx實例負載均衡
location / {
proxy_pass http://servers.mydomain.com;
proxy_set_header Host $host;
proxy_set_header Connection close;
proxy_connect_timeout 100ms; # 代理機器連接超時時長(默認的60s太長了)
expires 30d;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; allow all; }
# HTTPS 專用配置
# http://nginx.org/en/docs/http/configuring_https_servers.html
ssl_certificate /etc/nginx/ssl/nginx.crt; # 證書文件
ssl_certificate_key /etc/nginx/ssl/nginx.key; # 密鑰對文件(包含公鑰和私鑰, 私鑰不會發給客戶端)
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # SSL(包括 v3)都有漏洞,應該用 TLS(TLS1.0 = SSL 3.1)
ssl_ciphers HIGH:!aNULL:!MD5;
}
B、C服務器配置:
server
{
listen 8080;
server_name www.mydomain.com;
index index.html index.htm index.php;
root /home/wwwroot/index/web;
fastcgi_buffer_size 4k;
fastcgi_buffers 8 4k;
fastcgi_busy_buffers_size 4k;
gzip off;
location /cr_status
{
stub_status on;
access_log off;
# allow 127.0.0.1;
}
location ~ .*\.php$
{
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
access_log /home/wwwroot/index/log/access.log combined;
error_log /home/wwwroot/index/log/error.log crit;
}
}
測試:用瀏覽器訪問
詳解:
1、輪詢(默認)
每個請求按時間順序逐一分配到不同的後端服務器,如果後端服務器down掉,能自動剔除。
2、weight
指定輪詢機率,weight和訪問比率成正比,用於後端服務器性能不均的情況。
例如:
upstream bakend {
server 23.247.78.254:80 weight=10;
server 107.179.101.254:8080 weight=10;
}
3、ip_hash
每個請求按訪問ip的hash結果分配,這樣每個訪客固定訪問一個後端服務器,可以解決session的問題。
當負載調度算法爲ip_hash時,後端服務器在負載均衡調度中的狀態不能是weight和backup。
例如:
upstream resinserver{
ip_hash;
server 23.247.78.254:80;
server 107.179.101.254:8080;
}
4、fair(第三方)
按後端服務器的響應時間來分配請求,響應時間短的優先分配。
upstream resinserver{
server server1;
server server2;
fair;
}
5、url_hash(第三方)
按訪問url的hash結果來分配請求,使每個url定向到同一個後端服務器,後端服務器爲緩存時比較有效。
例:在upstream中加入hash語句,server語句中不能寫入weight等其他的參數,hash_method是使用的hash算法
upstream resinserver{
server squid1:3128;
server squid2:3128;
hash $request_uri;
hash_method crc32;
}
tips:
upstream resinserver{#定義負載均衡設備的Ip及設備狀態
ip_hash;
server 127.0.0.1:8000 down;
server 127.0.0.1:8080 weight=2;
server 127.0.0.1:6801;
server 127.0.0.1:6802 backup;
}
在需要使用負載均衡的server中增加
proxy_pass http://resinserver/;
每個設備的狀態設置爲:
1.down 表示單前的server暫時不參與負載
2.weight 默認爲1.weight越大,負載的權重就越大。
3.max_fails :允許請求失敗的次數默認爲1.當超過最大次數時,返回proxy_next_upstream 模塊定義的錯誤
4.fail_timeout:max_fails次失敗後,暫停的時間。
5.backup: 其它所有的非backup機器down或者忙的時候,請求backup機器。所以這臺機器壓力會最輕。
nginx支持同時設置多組的負載均衡,用來給不用的server來使用。
client_body_in_file_only 設置爲On 可以講client post過來的數據記錄到文件中用來做debug
client_body_temp_path 設置記錄文件的目錄 可以設置最多3層目錄
location 對URL進行匹配.可以進行重定向或者進行新的代理 負載均衡