作者:Georgekai 歸檔:學習筆記 2018/2/7
|
Nginx反向代理
1.1 集羣介紹
集羣概念:一羣幹相同事情的服務器,稱爲集羣
1.1.1 集羣作用
01. 處理高性能(Performance)
02. 價格有效性(Cost-effectiveness)
03. 可伸縮性(Scalability)
04. 高可用性(Availability)
集羣概念的特點說明:高可用 高性能
1.1.2 負載均衡的作用
1. 實現用戶訪問數據的調度
2. 實現壓力分擔
1.1.3 負載均衡實現方法
1. 硬件實現負載均衡
1)F5
2)Netscaler
3)Radware
4)A10
2. 軟件實現負載均衡
1)Nginx+Hearttbeat(高可用)
支持7層(http https )1.9以後也支持4層
2)LVS+keepalived(高可用)
只支持4層(端口)
3)haproxy
3. 方向代理概念說明
反向代理和數據轉發的區別:
反向代理:把客戶端請求發給給服務端
正向代理:把服務端的請求發給客戶端
數據轉發:接收到數據後不作處理直接轉發
1.2 部署nginx反向代理負載均衡服務
1.2.1 部署nginx網站集羣服務器
第一部分:準備環境:部署nginx網站集羣服務器(web01 web02 web03)
server {
listen 80;
server_name bbs.etiantian.org;
root html/bbs;
index index.html index.htm;
}
server {
listen 80;
server_name www.etiantian.org;
root html/www;
index index.html index.htm;
}
說明:將以上虛擬主機配置統一放置到web01 web02 web03服務器中
==========================================================================================
# 在站點目錄下創建測試文件
for name in www bbs;do echo "$(hostname -i) $(hostname) $name" >>/application/nginx/html/$name/george.html;done
for name in www bbs;do cat /application/nginx/html/$name/george.html;done
==========================================================================================
1.2.2 部署nginx反向代理服務器
1. 在db01服務器上——測試所有web服務節點是否能夠正常訪問(在命令行解析,不用添加到hosts文件)
[root@lb01 ~]# for name in www bbs;do curl -H host:${name}.etiantian.org 172.16.1.7/george.html;done
172.16.1.7 web01 www
172.16.1.7 web01 bbs
[root@lb01 ~]# for name in www bbs;do curl -H host:${name}.etiantian.org 172.16.1.8/george.html;done
172.16.1.8 web02 www
172.16.1.8 web02 bbs
[root@lb01 ~]# for name in www bbs;do curl -H host:${name}.etiantian.org 172.16.1.9/george.html;done
172.16.1.9 web03 www
172.16.1.9 web03 bbs
PS:curl -H host:www.etiantian.org 172.16.1.7/george.html 在命令行解析,不用添加到hosts文件
2. 配置nginx主配置文件編寫
① upstream
② proxy_pass
類似於ansible:
ansible: hosts nginx
[georgekai] upstream georgekai {
172.16.1.31 server 172.16.1.31:80;
172.16.1.32 server 172.16.1.32:80;
172.16.1.33 server 172.16.1.33:80;
}
ansible georgekai proxy_pass http://georgekai
===============================================================================================
[root@lb01 ~]# cat /application/nginx/conf/nginx.conf
worker_processes 1;
error_log /tmp/error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
keepalive_timeout 65;
upstream georgekai{
server 172.16.1.7:80;
server 172.16.1.8:80;
server 172.16.1.9:80;
}
server {
listen 80;
server_name bbs.etiantian.org;
root html/bbs;
index index.html index.htm;
location / {
proxy_pass http://georgekai;
}
}
}
3. 進行負載均衡測試
[root@lb01 ~]# curl -H host:bbs.etiantian.org 10.0.0.5/george.htmlf
172.16.1.7 web01 bbs
[root@lb01 ~]# curl -H host:bbs.etiantian.org 10.0.0.5/george.html
172.16.1.8 web02 bbs
[root@lb01 ~]# curl -H host:bbs.etiantian.org 10.0.0.5/george.html
172.16.1.9 web03 bbs
1.2.3 負載均衡模塊常用功能
weight #實現權重負載訪問功能(能者多勞)
max_fails #定義後端訪問的失敗次數
fail_timeout #定義後端失敗重試的間隔(單位是秒)
backup #定義後端服務的熱備節點(其他負載節點服務器都掛了,使用備份)
配置:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/blog.conf;
upstream georgekai {
server 10.0.0.7:80 weight=3 max_fails=3 fail_timeout=10s;
server 10.0.0.8:80 weight=1;
server 10.0.0.9:80 weight=1 backup;
}
server {
listen 80;
server_name bbs.etiantian.org;
root html/bbs;
index index.html index.htm;
location / {
proxy_pass http://georgekai;
}
}
}
1.2.4 模塊調度算法:
1. 定義輪詢調度算法-rr(默認調度算法)
2. 定義權重調度算法-wrr
3. 定義靜態調度算法-ip_hash(訪問多的話,會負載不均)
PS:根據用戶源地址算出一個範圍,那麼下次這個用戶再次訪問,會根據這個範圍還分配給那個對應的固定web 服務器
配置方法:
upstream george {
ip_hash ——
server 172.16.1.7:80 weight=3 max_fails=3 fail_timeout=10s;
server 172.16.1.8:80 weight=1;
server 172.16.1.9:80 weight=1 backup;
}
4. 定義最小的連接數-least_conn
哪個服務器連接數少,分配給它(誰閒着給誰)
5. fair(動態調度算法)
會根據後端服務端的實際情況來分配,靈活分配
1.2.5 實現反向代理服務器根據用戶請求的虛擬主機信息 而顯示頁面內容(可查看請求報文)
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include extra/blog.conf;
upstream george {
#ip_hash;
server 10.0.0.7:80 weight=3 max_fails=3 fail_timeout=10s;
server 10.0.0.8:80 weight=1;
server 10.0.0.9:80 weight=1;
}
server {
listen 80;
server_name bbs.etiantian.org;
root html/bbs;
index index.html index.htm;
location / {
proxy_pass http://georgekai;
proxy_set_header Host $host; --- 修改請求頭裏面host參數信息(curl -v可以查看請求頭信息)
#不加這一條,默認只會訪問第一個虛擬主機的站點信息
}
}
server {
listen 80;
server_name www.etiantian.org;
root html/www;
index index.html index.htm;
location / {
proxy_pass http://georgekai;
proxy_set_header Host $host;
}
}
}
1.2.6 實現用戶經過反向代理訪問後端web服務顯示真實用戶IP地址信息
就是在web服務部上用fail -f /application/nginx/logs/access.log ,會在後面顯示出用戶的真是IP地址
1. web服務器配置
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
2. 反向代理服務器配置
[root@lb01 ~]# cat /application/nginx/conf/nginx.conf
worker_processes 1;
error_log /tmp/error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
keepalive_timeout 65;
upstream georgekai{
server 10.0.0.7:80;
server 10.0.0.8:80;
server 10.0.0.9:80;
}
server {
listen 80;
server_name bbs.etiantian.org;
location / {
proxy_pass http://georgekai;;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; S ——$remote_addr就是客戶訪客的IP
}
}
server {
listen 80;
server_name www.etiantian.org;
location / {
proxy_pass http://georgekai;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; ——$remote_addr就是客戶訪客的IP
}
}
}
3. 測試
tail -f logs/access.log
172.16.1.6 - - [09/Feb/2018:00:13:49 +0800] "GET /george.html HTTP/1.0" 200 17 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36" "10.0.0.1"
1.2.7 nginx反向代理常見問題:
1. DNS域名解析,應該將域名解析爲代理服務器地址
2. 區分nginx服務,lb01上部署的是nginx代理服務器,在web服務器上進行查看訪問情況(日誌信息)
3. 訪問測試異常(瀏覽器軟件造成測試效果不正確,建議用谷歌)
1.2.8 複製均衡反向代理根據請求地址分配 (/static)
需求信息
www.etiantian.org/static 10.0.0.7:80 html/www/static static靜態服務器
www.etiantian.org/upload 10.0.0.8:80 html/www/upload upload服務器
www.etiantian.org/ 10.0.0.9:80 html/www 默認
部署web服務器測試環境:
1. 配置web01服務器環境:
cd /application/nginx
mkdir html/www/static
echo "10.0.0.7 web01 static" >>html/www/static/nana.html
cat html/www/static/nana.html
2. 配置web02服務器環境:
cd /application/nginx
mkdir html/www/upload
echo "10.0.0.8 web02 upload" >>html/www/upload/nana.html
cat html/www/upload/nana.html
3. 配置web03服務器環境:
cd /application/nginx
echo "10.0.0.9 web03 default" >>html/www/nana.html
cat html/www/nana.html
4. 利用nginx反向代理服務器進行測試訪問
curl -H host:www.etiantian.org 10.0.0.7/static/nana.html
curl -H host:www.etiantian.org 10.0.0.8/upload/nana.html
curl -H host:www.etiantian.org 10.0.0.9/nana.html
5. 編寫nginx反向代理配置文件
第一個部分:upstream配置
upstream static {
server 10.0.0.7:80;
}
upstream upload {
server 10.0.0.8:80;
}
upstream default {
server 10.0.0.9:80;
}
第二個部分:proxy_pass配置
location ~* /static {
proxy_pass http://static;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location ~* /upload {
proxy_pass http://upload;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location / {
proxy_pass http://default;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
worker_processes 1;
error_log /tmp/error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
keepalive_timeout 65;
upstream static {
server 10.0.0.7:80;
}
upstream upload {
server 10.0.0.8:80;
}
upstream default {
server 10.0.0.9:80;
}
server {
listen 80;
server_name www.etiantian.org;
location /static/ {
proxy_pass http://static;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /upload/ {
proxy_pass http://upload;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location / {
proxy_pass http://default;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
3. 進行客戶端訪問測試
windows上測試:
http://www.etiantian.org/static/nana.html
http://www.etiantian.org/upload/nana.html
http://www.etiantian.org/nana.html
linux上測試:
[root@lb01 nginx]# curl -H host:www.etiantian.org 10.0.0.7/static/nana.html
10.0.0.7 web01 static
[root@lb01 nginx]# curl -H host:www.etiantian.org 10.0.0.8/upload/nana.html
10.0.0.8 web02 upload
[root@lb01 nginx]# curl -H host:www.etiantian.org 10.0.0.9/nana.html
10.0.0.9 web03 default
1.2.9 根據客戶端的設備(user_agent)轉發實踐
1. 部署web服務器測試環境
配置web01服務器環境:
cd /application/nginx
echo "10.0.0.7 web01 mobile" >>html/www/nana.html ---手機端訪問
cat html/www/nana.html ——檢查
配置web02服務器環境:
cd /application/nginx
echo "10.0.0.8 web02 chrom" >>html/www/nana.html --- 谷歌瀏覽器訪問
cat html/www/upload/nana.html ——檢查
配置web03服務器環境:
cd /application/nginx
echo "10.0.0.9 web03 default" >>html/www/nana.html --- 其他瀏覽器客戶端訪問
cat html/www/nana.html ——檢查
2. 利用nginx反向代理服務器進行測試訪問
curl -H host:www.etiantian.org 10.0.0.7/nana.html
curl -H host:www.etiantian.org 10.0.0.8/nana.html
curl -H host:www.etiantian.org 10.0.0.9/nana.html
3. 編寫nginx反向代理配置文件
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
upstream mobile {
server 10.0.0.7:80 ;
}
upstream PC {
server 10.0.0.8:80 ;
}
upstream default {
server 10.0.0.9:80 ;
}
server {
listen 80;
server_name www.etiantian.org ;
location / {
if ($http_user_agent ~* "iphone")
{
proxy_pass http://mobile ;
}
if ($http_user_agent ~* "Chrome")
{
proxy_pass http://PC ;
}
proxy_pass http://default ;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
access_log logs/access_www.log
main;
}
}
4. 進行客戶端訪問測試
PS:-A:表示客戶端設備類型
[root@lb01 nginx]# curl -A iphone www.etiantian.org/nana.html
10.0.0.7 web01 mobile
[root@lb01 nginx]# curl -A chrome www.etiantian.org/nana.html
10.0.0.8 web02 chrom
[root@lb01 nginx]# curl -A georgekai www.etiantian.org/nana.html
10.0.0.9 web03 default
小夥伴們可以關注我的微信公衆號:linux運維菜鳥之旅
關注“中國電信天津網廳”公衆號,首次綁定可免費領2G流量,爲你的學習提供流量!