本次實驗爲Nginx作這反向代理服務器.將客戶端請求轉發到後端的web服務器上(apache).nginx和DNS安裝在一臺服務器上.
一.實現環境
說明;
nginx+DNS服務器模擬公網地址 兩個域名同時指向這個IP,通過nginx代理將實際請求轉發到後端真實服務器上
www.haidongqing.com 192.168.137.106
mail.haidongqing.com 192.168.137.106
二.所需軟件及版本
bind-9.3.6
nginx-1.4.5.tar.gz //wget http://nginx.org/download/nginx-1.4.5.tar.gz
三.安裝配置DNS
yum -y install bind
yum -y install caching-nameserver
檢查安裝後的目錄
ls /var/named
手動創建named置文件
vim /etc/named.conf
手動編輯正反區域配置文件
vim /var/named/haidongqing.com.zone 192.168.137.zone
測試配置文件語法和區域配置文件語法
named-checkconf
named-checkzone "haidongqing.com" haidongqing.con.zone
無報錯即可以重啓DNS
service named restart
netstat -ntlp //檢查端口及進程名
測試DNS正解
dig -t A mail.haidongqing.com
三.安裝配置Nginx
yum -y install pcre-devel
tar -zxvf nginx-1.4.5.tar.gz
cd nginx-1.4.5
./configure \
--prefix=/usr/local/nginx \
--sbin-path=/usr/local/nginx/sbin/nginx \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=nginx \
--group=nginx \
--with-pcre
make && make install
安裝好之後無需改動配置文件可以直接啓動nginx
這裏寫一個腳本方便起動nginx .
#!/bin/sh
function_start_nginx()
{
printf "starting nginx...\n"
/usr/local/nginx/sbin/nginx 2>&1
}
function_stop_nginx()
{
printf "stopping nginx...\n"
kill -9 `ps -ef |grep nginx | grep -v grep | awk '{print $2}'` 2>&1
}
function_restart_nginx()
{
printf "restart nginx...\n"
kill -9 `ps -ef |grep nginx | grep -v grep | awk '{print $2}'` 2>&1
/usr/local/nginx/sbin/nginx 2>&1
}
function_hupstart_nginx()
{
printf "huprestarting nginx...\n"
kill -HUP `cat /usr/local/nginx/logs/nginx.pid` 2>&1
}
case $1 in
start)
function_start_nginx
;;
stop)
function_stop_nginx
;;
restart)
function_restart_nginx
;;
hup)
function_hupstart_nginx
;;
*)
printf "Usage:$0{start|stop|restar|hup} \n"
esac
檢查端口及服務
測試web接口
注:以上nginx 安裝完成
四.配置nginx反向代理負載均衡
備份主配置文件 手動編輯新配置文件
cd /usr/local/nginx/conf
mv nginx.conf nginx.conf.bak
user nginx nginx;
worker_processes 10;
events
{
use epoll;
worker_connections 51200;
}
http
{
include mime.types;
default_type application/octet-stream;
keepalive_timeout 120;
tcp_nodelay on;
upstream www.haidongqing.com {
server 192.168.137.136:80;
server 192.168.137.137:80;
}
upstream mail.haidongqing.com {
server 192.168.137.100:80;
server 192.168.137.101:80;
}
server
{
listen 80;
server_name www.haidongqing.com;
location / {
proxy_pass http://www.haidongqing.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
log_format www_haidongqing_com '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/www.log www_haidongqing_com;
server
{
listen 80;
server_name mail.haidongqing.com;
location / {
proxy_pass http://mail.haidongqing.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
log_format mail_haidongqing_com '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/mail.log mail_haidongqing_com;
}
mail.haidongqing.com 的請求將轉發到100 和101兩臺服務器上
www.haidongqing.com 的請求將轉發到136和137兩臺服務器上
配置完成 檢查語法即可重啓nginx
./usr/local/nginx/sbin/nginx -t
./usr/local/nginx/sbin/sng restart
注:以上日誌配置必須寫在server之外.否則啓動時會出來告警提示.
訪問測試
將客戶端DNS改爲nginx+dns服務器地址,配置各realServer的dns指向及web服務器配置
以下截圖爲測試結果,刷新一次頁面將會變化一次.如果是生產環境.所顯示的內容應該是完全相同的
