1.反向代理概述
反向代理(Reverse Proxy)方式是指以代理服務器來接受internet上的連接請求,然後將請求轉發給內部網絡上的服務器,並將從服務器上得到的結果返回給internet上請求連接的客戶端,此時代理服務器對外就表現爲一個反向代理服務器。
環境準備:
主機名 | IP地址 | 角色 | 系統 |
---|---|---|---|
web-node1.com | eth0:192.168.90.201 | web-node1節點 | CentOS7.2 |
web-node2.com | eth0:192.168.90.202 | web-node2節點 | CentOS7.2 |
lb-node1.com | eth0:192.168.90.203 | Nginx反向代理 | CentOS7.2 |
2.Node節點部署
在兩臺web-node節點中均使用Yum安裝一個Apache用於做真實機,監聽8080端口
web-node1.com部署
[root@web-node1 ~]# rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm [root@web-node1 ~]# yum install -y gcc glibc gcc-c++ make screen tree lrzsz ##部署web-node1 httpd服務 [root@web-node1 ~]# yum install -y httpd [root@web-node1 ~]# sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf [root@web-node1 ~]# systemctl start httpd [root@web-node1 ~]# echo "web-node1.com" > /var/www/html/index.html [root@web-node1 ~]# curl http://192.168.90.201:8080/ web-node1.com
web-node2.com部署
[root@web-node1 ~]# rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm [root@web-node1 ~]# yum install -y gcc glibc gcc-c++ make screen tree lrzsz ##部署web-node2 httpd服務 [root@web-node1 ~]# yum install -y httpd [root@web-node1 ~]# sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf [root@web-node1 ~]# systemctl start httpd [root@web-node1 ~]# echo "web-node2.com" > /var/www/html/index.html [root@web-node1 ~]# curl http://192.168.90.202:8080/ web-node2.com
3.反向代理部署
Nginx 源碼編譯安裝,使其支持4層,並監聽80端口
[root@lb-node1 ~]# useradd -s /sbin/nologin -M www
[root@lb-node1 ~]# cd /usr/local/src/
[root@lb-node1 src]# wget http://nginx.org/download/nginx-1.10.2.tar.gz
[root@lb-node1 src]# tar xf nginx-1.10.2.tar.gz
[root@lb-node1 src]# cd nginx-1.10.2
[root@lb-node1 nginx-1.10.2]# ./configure --prefix=/usr/local/nginx-1.10.2 \
--user=www --group=www --with-http_ssl_module \
--with-http_stub_status_module --with-file-aio --with-stream
[root@lb-node1 nginx-1.10.2]# make && make install
[root@web-node1 ~]# ln -s /usr/local/nginx-1.10.2/ /usr/local/nginx
## 測試配置並啓動Nginx
[root@lb-node1 ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx-1.10.2/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx-1.10.2/conf/nginx.conf test is successful
[root@lb-node1 ~]# /usr/local/nginx/sbin/nginx
3.1配置Nginx7層反向代理
1.配置Nginx反向代理
##http段配置
upstream web-cluster {
# ip_hash;
server 192.168.90.201:8080 weight=1 max_fails=3 fail_timeout=3;
server 192.168.90.202:8080 weight=1 max_fails=3 fail_timeout=3;
}
server {
listen 80;
server_name 192.168.90.203;
location / {
proxy_pass http://web-cluster;
include proxy.conf;
}
}
測試代理
[root@lb-node1 ~]# curl http://192.168.90.203/
web-node1.com
[root@lb-node1 ~]# curl http://192.168.90.203/
web-node2.com
[root@lb-node1 ~]# curl http://192.168.90.203/
web-node1.com
[root@lb-node1 ~]# curl http://192.168.90.203/
web-node2.com
2.通過分組方式,以及User-agent實現不同代理
#http段配置
upstream static-cluster {
server 192.168.90.201:8080 weight=1 max_fails=3 fail_timeout=3;
}
upstream dynamic-cluster {
server 192.168.90.202:8080 weight=1 max_fails=3 fail_timeout=3;
}
upstream default-cluster {
server 192.168.90.202:8080 weight=1 max_fails=3 fail_timeout=3;
}
#需要配置本地host解析測試 server { listen 80; server_name nginx.jiege.com; location / { if ($http_user_agent ~* "Firefox"){ proxy_pass http://static-cluster; } if ($http_user_agent ~* "Chrome") { proxy_pass http://dynamic-cluster; } proxy_pass http://default-cluster; } }
測試分組
##默認瀏覽器交給default處理[root@lb-node1 ~]# curl http://nginx.jiege.com web-node2.com 火狐瀏覽器交給static-cluster處理 谷歌瀏覽器交給dynamic-cluster處理 配置ssh以及msql反向代理
stream { upstream ssh_proxy { hash $remote_addr consistent; server 192.168.90.201:22; } upstream mysql_proxy { hash $remote_addr consistent; server 192.168.90.202:3306; } server { listen 2222; proxy_connect_timeout 1s; proxy_timeout 300s; proxy_pass ssh_proxy; } server { listen 3333; proxy_connect_timeout 1s; proxy_timeout 300s; proxy_pass mysql_proxy; } }
2222端口代理至於node1的SSH、3333端口代理至於node2的MYSQL
## 測試連接ssh
[root@lb-node1 ~]# ssh -p2222 root@192.168.90.203
root@192.168.90.203's password:
Last login: Wed Oct 19 11:53:04 2016 from 192.168.80.143
[root@web-node1 ~]#
## 測試連接mysql
[root@lb-node1 ~]# mysql -h192.168.90.203 -uroot -p1 -P3333
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 273
Server version: 5.5.47-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>