Nginx(三):反向代理,负载均衡
环境准备
配置反向代理,负载均衡,动静分离需要的必备环境,JDK,2个tomcat开启8080和8081端口。
安装jdk
[root@localhost ~]# rpm -qa|grep java
[root@localhost ~]# yum install -y java
# 省略
Complete!
[root@localhost ~]# java -version
openjdk version "1.8.0_242"
OpenJDK Runtime Environment (build 1.8.0_242-b08)
OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode)
安装Tomcat
注意:/opt/目录下的softwares和devtools是新创建的,apache-tomcat-7.0.103.tar.gz是网上下载的。
[root@localhost softwares]# ls
apache-tomcat-7.0.103.tar.gz
[root@localhost softwares]# tar -zxvf apache-tomcat-7.0.103.tar.gz -C /opt/devtools/
# 省略
[root@localhost softwares]# cd ../devtools/
[root@localhost devtools]# ls
apache-tomcat-7.0.103
[root@localhost devtools]# mv apache-tomcat-7.0.103/ apache-tomcat-7.0.103.8080/
[root@localhost devtools]# cp -r apache-tomcat-7.0.103.8080/ apache-tomcat-7.0.103.8081/
[root@localhost devtools]# ls
apache-tomcat-7.0.103.8080 apache-tomcat-7.0.103.8081
修改配置文件
[root@localhost devtools]# cd apache-tomcat-7.0.103.8081/conf/
[root@localhost conf]# ls
catalina.policy catalina.properties context.xml logging.properties server.xml tomcat-users.xml web.xml
[root@localhost conf]# vi server.xml
# 将8080修改为8081
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
启动验证
- 启动8081
[root@localhost conf]# cd ../bin/
[root@localhost bin]# ./startup.sh
Using CATALINA_BASE: /opt/devtools/apache-tomcat-7.0.103.8081
Using CATALINA_HOME: /opt/devtools/apache-tomcat-7.0.103.8081
Using CATALINA_TMPDIR: /opt/devtools/apache-tomcat-7.0.103.8081/temp
Using JRE_HOME: /usr
Using CLASSPATH: /opt/devtools/apache-tomcat-7.0.103.8081/bin/bootstrap.jar:/opt/devtools/apache-tomcat-7.0.103.8081/bin/tomcat-juli.jar
Tomcat started.
- 启动8080
[root@localhost bin]# cd /opt/devtools/apache-tomcat-7.0.103.8080/bin/
[root@localhost bin]# ./startup.sh
Using CATALINA_BASE: /opt/devtools/apache-tomcat-7.0.103.8080
Using CATALINA_HOME: /opt/devtools/apache-tomcat-7.0.103.8080
Using CATALINA_TMPDIR: /opt/devtools/apache-tomcat-7.0.103.8080/temp
Using JRE_HOME: /usr
Using CLASSPATH: /opt/devtools/apache-tomcat-7.0.103.8080/bin/bootstrap.jar:/opt/devtools/apache-tomcat-7.0.103.8080/bin/tomcat-juli.jar
Tomcat started.
反向代理
反向代理实例一
实现效果:使用 nginx 反向代理,访问 www.123.com 直接跳转到 127.0.0.1:8080
修改本地host配置
192.168.1.11 www.123.com
修改Nginx配置
[root@localhost bin]# cd /etc/nginx/
[root@localhost nginx]# ls
conf.d fastcgi.conf fastcgi_params koi-utf mime.types nginx.conf scgi_params uwsgi_params win-utf
default.d fastcgi.conf.default fastcgi_params.default koi-win mime.types.default nginx.conf.default scgi_params.default uwsgi_params.default
# 建议先把原配置文件备份
[root@localhost nginx]# cp nginx.conf nginx.conf.bak
[root@localhost nginx]# vi nginx.conf
listen 80;
server_name www.123.com;
location / {
proxy_pass http://127.0.0.1:8080
}
[root@localhost nginx]# systemctl start nginx
[root@localhost nginx]# cd /var/log/nginx/
[root@localhost nginx]# ls
access.log error.log
[root@localhost nginx]# tail -500f error.log
2020/04/05 03:01:25 [crit] 58256#0: *1 connect() to 127.0.0.1:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.1.9, server: www.123.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "www.123.com"
2020/04/05 03:01:25 [crit] 58256#0: *1 connect() to 127.0.0.1:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.1.9, server: www.123.com, request: "GET /nginx-logo.png HTTP/1.1", upstream: "http://127.0.0.1:8080/nginx-logo.png", host: "www.123.com", referrer: "http://www.123.com/"
2020/04/05 03:01:25 [crit] 58259#0: *3 connect() to 127.0.0.1:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.1.9, server: www.123.com, request: "GET /poweredby.png HTTP/1.1", upstream: "http://127.0.0.1:8080/poweredby.png", host: "www.123.com", referrer: "http://www.123.com/"
2020/04/05 03:01:25 [crit] 58259#0: *3 connect() to 127.0.0.1:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.1.9, server: www.123.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8080/favicon.ico", host: "www.123.com", referrer: "http://www.123.com/"
^C
# 抛出异常, 经下方命令排查是因为系统访问网络状态关闭
[root@localhost nginx]# getsebool -a | grep httpd_can_network_connect
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
开启网络访问
# SELinux命令,临时配置,重启后失效
[root@localhost nginx]# setsebool httpd_can_network_connect=1
# 写入配置文件的命令,重启后保留
[root@localhost nginx]# setsebool -P httpd_can_network_connect 1
访问成功
反向代理实例二
实现效果:使用 nginx 反向代理,根据访问的路径跳转到不同端口的服务中 nginx 监听端口为 9001,
访问 http://www.123.com/edu/ 直接跳转到 127.0.0.1:8080
访问 http://www.123.com/vod/ 直接跳转到 127.0.0.1:8081
修改tomcat服务文件
[root@localhost ~]# cd /opt/devtools/apache-tomcat-7.0.103.8080/webapps/
[root@localhost webapps]# ls
docs examples host-manager manager ROOT
[root@localhost webapps]# cd ROOT/
[root@localhost ROOT]# ls
asf-logo-wide.svg bg-button.png bg-middle.png bg-nav.png bg-upper.png favicon.ico index.jsp RELEASE-NOTES.txt tomcat.css tomcat.gif tomcat.png tomcat-power.gif tomcat.svg WEB-INF
[root@localhost ROOT]# vi index.jsp
<div id="asf-box">
<h1>${pageContext.servletContext.serverInfo}:8080</h1>
</div>
相同方式修改8081
<div id="asf-box">
<h1>${pageContext.servletContext.serverInfo}:8081</h1>
</div>
- 重启tomcat
修改nginx配置文件
# location / {
# proxy_pass http://127.0.0.1:8080;
# }
location /edu/ {
proxy_pass http://127.0.0.1:8080;
}
location /vod/ {
proxy_pass http://127.0.0.1:8081;
}
- 重启nginx
[root@localhost nginx]# tail -500f error.log
2020/04/05 04:08:34 [error] 62039#0: *78 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.1.9, server: www.123.com, request: "GET /favicon.ico HTTP/1.1", host: "www.123.com", referrer: "http://www.123.com/edu/"
原因,如果代理服务器地址中是带有URI的,此URI会替换掉 location
所匹配的URI部分。
而如果代理服务器地址中是不带有URI的,则会用完整的请求URL来转发到代理服务器。
即http://www.123.com/edu/请求转发到http://127.0.0.1:8080/edu/,服务器中不存在这路径,遂查找nginx指向的,依然没有找到,抛出异常。
注意:location 正则匹配,proxy_pass 不允许使用URI。
优化修改nginx配置
# location / {
# proxy_pass http://127.0.0.1:8080;
# }
location /edu/ {
proxy_pass http://127.0.0.1:8080/;
}
location /vod/ {
proxy_pass http://127.0.0.1:8081/;
}
- 重启nginx
负载均衡
负载均衡即是将负载分摊到不同的服务单元,既保证服务的可用性,又保证响应 足够快,给用户很好的体验。快速增长的访问量和数据流量催生了各式各样的负载均衡产品, 很多专业的负载均衡硬件提供了很好的功能,但却价格不菲,这使得负载均衡软件大受欢迎, nginx 就是其中的一个,在 linux 下有 Nginx、LVS、Haproxy 等等服务可以提供负载均衡服 务,而且 Nginx 提供了几种分配方式(策略): 轮询、权重、ip_hash、fair。
轮询
每个请求按时间顺序逐一分配到不同的后端服务器,如果后端服务器 down 掉,能自动剔除。
实现效果
访问www.123.com,负载到8080和8081两台tomcat中去。
修改Nginx配置
http {
# http块中配置
upstream myserver {
server 127.0.0.1:8080;
server 127.0.0.1:8081;
}
server {
# server块中配置
location / {
proxy_pass http://myserver;
}
}
}
效果
权重(weight)
weight 代表权,重默认为 1,权重越高被分配的客户端越多,指定轮询几率,weight 和访问率成正比,用于后端服务器性能不均的情况。
配置
upstream myserver {
server 127.0.0.1:8080 weight=1;
server 127.0.0.1:8081 weight=10;
}
效果
ip_hash
每个请求按访问 ip 的 hash 结果分配,这样每个访客固定访问一个后端服务器,可以解决 session 的问题。
配置
upstream myserver {
ip_hash;
server 127.0.0.1:8080;
server 127.0.0.1:8081;
}
fair
按后端服务器的响应时间来分配请求,响应时间短的优先分配。
配置
upstream myserver {
server 127.0.0.1:8080;
server 127.0.0.1:8081;
fair;
}