Nginx配置反向代理实例及Keepalived主从切换
概述
工作中经常需要帮同事配置反向代理,反向代理的使用场景一般为办公网跨网访问生产网应用资源。今天简单记录下操作步骤,以备之后查阅。
NGX配置
nginx的配置一般放置在 /etc/nginx/nginx.conf下,可以使用whereis nginx查看nginx的具体位置
[root@NGXapp01 ~]# whereis nginx
nginx: /usr/sbin/nginx /usr/lib64/nginx /etc/nginx /usr/local/nginx.bak /usr/share/nginx /usr/share/man/man3/nginx.3pm.gz /usr/share/man/man8/nginx.8.gz
sbin下代表nginx可执行程序
etc/nginx下有nginx.conf配置文件
usr/share下有html文件夹,可配置nginx的静态资源/页面
简单 查看下nginx.conf文件配置
144144.163: [root@NGXapp01 ~]# cat /etc/nginx/nginx.conf
144144.168: # For more information on configuration, see:
144144.168: # * Official English Documentation: http://nginx.org/en/docs/
144144.168: # * Official Russian Documentation: http://nginx.org/ru/docs/
144144.168:
144144.168: user nginx;
144144.168: worker_processes auto;
144144.168: error_log /var/log/nginx/error.log;
144144.168: pid /run/nginx.pid;
144144.168:
144144.168: # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
144144.168: include /usr/share/nginx/modules/*.conf;
144144.168: worker_rlimit_nofile 50000;
144144.168: events {
144144.168: worker_connections 50000;
144144.168: }
144144.168: stream {
144144.168: log_format stream '$remote_addr - [$time_local] $status $bytes_received $bytes_received $hostname $msec';
144144.168: include /app/xxxxx/conf.d/stream/*.conf;
144144.168: }
144144.168: http {
144144.168: log_format main '$remote_addr - $remote_user [$time_local] "$request" '
144144.168: '$status $body_bytes_sent "$http_referer" '
144144.168: '"$http_user_agent" "$http_x_forwarded_for"';
144144.168:
144144.168: access_log /var/log/nginx/access.log main;
144144.168: client_max_body_size 1024M;
144144.168:
144144.168: sendfile on;
144144.168: tcp_nopush on;
144144.168: tcp_nodelay on;
144144.168: keepalive_timeout 65;
144144.168: types_hash_max_size 2048;
144144.168: server_names_hash_bucket_size 128;
144144.168: underscores_in_headers on;
144144.168:
144144.168:
144144.168: default_type application/octet-stream;
144144.168: include /etc/nginx/mime.types;
144144.168:
144144.173: # Load modular configuration files from the /etc/nginx/conf.d directory.
144144.173: # See http://nginx.org/en/docs/ngx_core_module.html#include
144144.173: # for more information.
144144.173: include /etc/nginx/conf.d/*.conf;
144144.173: include /app/xxxxxx/xxx/conf.d/http/*.conf;
144144.173: include /app/xxxxxx/xxx/conf.d/https/*.conf;
144144.173:
144144.173:
144144.173: }
从配置文件可以看出,关于http、https和Stream的反向代理配置主要放置在
/app/xxxxx/xxxx/conf.d/http/.conf;
/app/xxxxx/xxxx/conf.d/https/.conf;
/app/xxxxxx/xxxx/conf.d/stream/*.conf;
stream主要是用来对TCP/UDP进行反向代理和负载均衡的。
Http及Https反向代理配置
进入/app/ngx/xxx/conf.d/http/,可以看到有许多http配置,拿一个http配置举例供大家参考
144622.340: [root@NGXapp01 stream]# cat ../http/xxxxx.conf
144622.345:
144622.345: upstream backserver {
144622.345: ip_hash;
144622.345: server xxx.xxx.xxx.xxx:8080 ;
144622.345: server xxx.xxx.xxx.xxx:8080 ;
144622.345: }
144622.345: server {
144622.345: listen 80 ;
144622.345: server_name xxx. xxx.com;
144622.345: access_log /app/xxxx/xxx/log/http/xxx/access.log main;
144622.345: error_log /app/xxx/xxx/log/http/xxx/error.log;
144622.345:
144622.345:
144622.345: location / {
144622.350: proxy_pass http://backserver;
144622.350: proxy_redirect off;
144622.350: proxy_set_header Host $host:$server_port;
144622.350: proxy_set_header X-Real-IP $remote_addr;
144622.350: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
144622.350: }
144622.350: }
- upstream backserver 是用来做负载均衡 location这里引用了backupserver的两台服务器
- server 用来注明NGX服务器监听的地址,Servername可以是域名也可以是具体的IP,这里是监听的域名80端口
144648.905: [root@NGXapp01 stream]# cat ../http/xxxxx.conf
144648.905:
144648.905: server {
144648.905: listen 80 ;
144648.905: server_name xxx.com;
144648.905: access_log /app/xxxx/xxx/log/http/xxxx/access.log main;
144648.905: error_log /app/xxxx/xxx/log/http/xxxx/error.log;
144648.905:
144648.905:
144648.905: location / {
144648.905: proxy_pass http://xxx.xxx.xxx.xxx:70;
144648.905: proxy_redirect off;
144648.910: proxy_set_header Host $host:$server_port;
144648.910: proxy_set_header X-Real-IP $remote_addr;
144648.910: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
144648.910: }
144648.910: }
- server是监听的地址 servername可以是ip地址或者域名
- locattion是nginx转发的地址
修改配置
一般来说,以上配置对于简单的日常使用就够了,以ngx所在用户根据需求修改好自己的配置,保存后需要进行如下操作
su - root
nginx -t # 检测配置文件是否正常
nginx -s reload # 热刷新,不重启应用的情况下将配置读取到内存
keepalived主从切换,用来针对某节点配置是否正常
由于NGX是主从架构,因此 server 模块中的server name 最好使用keepalived的虚拟地址,申请域名解析的时候最好也将域名指向虚拟地址。
以下提供仅申请了一台NGX服务器的地址域名解析,或仅指向其中一台IP地址的情况下,用来测试配置是否成功的情况。
ip a # 查看谁是keepalived的主节点,若申请的主节点的访问策略,无需对keepalived进行操作,仅测试这台主节点转发配置是否生效
# 如果配置的是从节点的反向代理,那么需要测试从节点反向代理配置是否生效
# 在主节点执行以下操作,主节点关闭后,虚拟地址自动漂移到从节点。
systemctl stop keepalived