nginx反向代理与负载均衡
第1章 nginx反向代理与负载均衡
1.1 nginx反向代理环境部署准备
01. 准备好lb01 10.0.0.5 安装好nginx 1.10.3 编译参数和web01上面一样
02. 准备好三台web服务器,三台web服务器安装好nginx即可
web01(10.0.0.8) web02(10.0.0.7) web03(10.0.0.9)
03. 安装好wireshark软件(群文件中wireshark-win64-2.2.2)
1.2 Nginx反向代理知识概念说明:
集群概念介绍说明:一堆干相同事情的服务器,称为集群
集群概念的特点说明:高可用 高性能 (核心特点说明)
集群的分类说明:负载均衡集群 高可用集群
负载均衡集群概念说明:前面是负载均衡器,后面是集群的节点
负载均衡集群:会出现雪崩效应
高可用集群:利用keepalived实现,一个机器宕机了,另一个机器可以顶替上
反向代理实现软件为:nginx(7层http https )层次进行回顾---Nginx支持7层,1.9以后也支持4层了
LVS支持4层,负载均衡架构学习haproxy(4层和7层 属于反向代理软件)
硬件负载均衡设备说明:
硬件和软件使用场景(企业中软硬件选型),中小型场景;
门户网站 (LVS Tnginx)大型企业网站;
授课选择Nginx进行负载均衡学习即可
nginx常用的模块:
upstream 实现负载均衡和反向代理
proxy
rewrite
1.3 快速部署nginx负载均衡环境
①. 安装部署nginx过程(一键自动化安装脚本)
yum install -y pcre-devel openssl-devel
mkdir -p /server/tools
cd /server/tools
wget -q http://nginx.org/download/nginx-1.10.2.tar.gz
ls -l nginx-1.10.2.tar.gz
useradd nginx -s /sbin/nologin -M
tar xf nginx-1.10.2.tar.gz
cd nginx-1.10.2
./configure --user=nginx --group=nginx --prefix=/application/nginx-1.10.2 --with-http_stub_status_module --with-http_ssl_module
make
make install
ln -s /application/nginx-1.10.2 /application/nginx
# 安装部署完成进行检查
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx
curl localhost
# ②. 统一编写nginx配置(web服务器端)
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
listen 80;
server_name bbs.etiantian.org;
location / {
root html/bbs;
index index.html index.htm;
}
access_log logs/access_bbs.log main;
}
server {
listen 80;
server_name www.etiantian.org;
location / {
root html/www;
index index.html index.htm;
}
access_log logs/access_www.log main;
}
}
# ③. 统一nginx测试环境(web服务器端)
mkdir -p /application/nginx/html/{www,bbs}
for name in www bbs; do echo $name `hostname` >/application/nginx/html/$name/xiaoxinxin.html;done
for name in www bbs; do cat /application/nginx/html/$name/xiaoxinxin.html;done
说明:在浏览器测试前,重启或启动nginx服务程序(lb01 web01 web02)
# ④. 浏览器测试web服务(利用IP地址进行访问)
curl www.etiantian.org/xiaoxinxin.html
curl bbs.etiantian.org/xiaoxinxin.html
curl -H host:www.etiantian.org 10.0.0.7/xiaoxinxin.html
curl -H host:bbs.etiantian.org 10.0.0.7/xiaoxinxin.html
curl -H host:www.etiantian.org 10.0.0.9/xiaoxinxin.html
curl -H host:bbs.etiantian.org 10.0.0.9/xiaoxinxin.html
# ⑤. 编辑配置负载服务文件
upstream模块: 类似于一个池塘,将nginx节点放置到池塘中
相当于ansible的hosts文件定义
[www]
172.16.1.41
172.16.1.31
proxy模块: 用池塘里面的nginx节点,利用proxy进行调用
proxy_pass == ansible剧本中 - hosts:
- hosts: www
# 配置文件编写内容
####lb01 nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream server_pools {
server 10.0.0.7:80;
server 10.0.0.8:80;
server 10.0.0.9:80;
}
server {
listen 80;
server_name bbs.etiantian.org;
location / {
proxy_pass http://server_pools;
}
}
}
## 负载均衡配置完毕后,进行负载测试
[root@lb01 ~]# curl 10.0.0.5/oldboy.html
1.4 反向代理拍错思路
01. 在lb01上访问后端节点进行测试(curl)
02. 在lb01上访问本地地址进行测试 (curl -H host:www.etiantian.org 10.0.0.5/xiaoxinxin.html)
03. 在浏览器上进行测试
a 缓存 b 域名解析
1.5 负载均衡参数介绍-深入参数说明
########lb01 nginx.conf multi hosts
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
upstream server_pools {
server 10.0.0.7 weight=1 max_fails=3 fail_timeout=10s;
server 10.0.0.8 weight=1 max_fails=3 fail_timeout=10s;
server 10.0.0.9 weight=1 max_fails=3 fail_timeout=10s;
}
server {
listen 80;
server_name www.etiantian.org;
location / {
proxy_pass http://server_pools;
}
access_log logs/access_www.log main;
}
server {
listen 80;
server_name blog.etiantian.org;
location / {
proxy_pass http://server_pools;
}
access_log logs/access_blog.log main;
}
}
1.6 # 编写负载均衡多虚拟主机配置
## 说明:负载配置信息可以参见官方说明 http://nginx.org/en/docs/http/load_balancing.html
####lb01 nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream server_pools {
server 10.0.0.7:80;
server 10.0.0.8:80;
}
server {
listen 80;
server_name bbs.etiantian.org
location / {
proxy_pass http://server_pools;
proxy_set_header Host $host
}
}
server {
listen 80;
server_name www.etiantian.org
location / {
proxy_pass http://server_pools;
proxy_set_header Host $host
}
}
}
说明:多虚拟主机信息配置完毕,需要修改windows的hosts文件进行域名映射
第2章 nginx负载均衡核心组件(模块)
2.1 upstrean模块调度算法种类
01. rr算法(默认调度算法)
轮循调度算法
02. wrr算法
权重调度算法--weight
03. ip_hash算法(静态调度算法)
已经登录的用户,就分配到同一台服务器,从而避免需要重新登录,但会造成负载不均的结果
04. fair算法(动态调度算法)
哪台服务器处理请求能力强,就优先分配给哪台服务器
05. lest_conn算法
根据后端节点的连接数来决定分配情况,哪个机器连接数少,就分配给哪台服务器。
2.2 nginx upstrean模块
更多的Nginx upstream模块参数请参考:
http://nginx.org/en/docs/http/ngx_http_ups-tream_module.html
upstream模块内参数 |
参数说明 |
server 10.0.10.8:80 |
负载均衡后面的 RS配置,可以是 IP或域名,如果端□不写,默认是80端口。 高并发场景下,ip可换成域名,通过 DNS做负载均衡 |
weigth = l |
代表服务器的权重,默认值是1。权重数字越大表示接受的清求比例越大 |
max_ fails=5 |
Nginx尝试连接后端主机失败的次数,这个值是配合 proxy_next_upstream、 fastcgi_next_upstreann 和 memcached_next_upstream 这三个参数来使用的。 当nginx接收后端服务器返回这三个参数定义的状态码时,会将这个请求转发给正常工作的后端服务器,例如404、502、503、 Max_ fails的默认值是1 ; 企业场景下建议 2-3次。如京东 1次,蓝汛 10次,根据业物需求去配置 |
fail_ timeout=10s |
在max_ fails定义的失败次数后,距离下次检查的间隔时间,默认是10s ;如果 max_ fails是5 ,它就检测5次,如果5次都是502 ,那么,它就会根据 fail_timeout 的值,等待10s再去检查,还是只检查一次,如果持续502 ,在不重新加载 Nginx 配置的情况下,每隔 10s都只检查一次。常规业务2~3秒比较合理,比如京东3 秒,蓝汛3秒,可根据业务需求去配置 |
backup |
热备配置( RS芍点的高可用),当前面激活的 RS都失败后会自动后用热备 RS 这标志着这个服务器作为备份服务器,若主服务器全部宕机了,就会向它转发请求 注意:当负载调度算法为 ip_hash时,后端服务器在负载均衡调度中的状态不能是 weight 和 backup |
down==# |
这标志着服务器永远不可用,这个参数可配合 ip_hash使用;类似注释效果 |
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream server_pools {
server 10.0.0.7 weight=1 max_fails=3 fail_timeout=10s;
server 10.0.0.8 weight=1 max_fails=3 fail_timeout=10s;
server 10.0.0.9 weight=1 max_fails=3 fail_timeout=10s;
}
2.3 http_proxy_module 模块
server {
listen 80;
server_name bbs.etiantian.org
location / {
proxy_pass http://server_pools;
proxy_set_header Host $host; 显示主机信息
proxy_set_header X-Forwarded-For $remote_addr; 显示访问端地址
}
}
2.3.1 反向代理重要参数
第3章 nginx负载均衡配置实践
3.1 根据URL中的目录地址实现代理转发
第一个里程碑: 规划 分类
/upload 10.0.0.8:80 html/www/upload upload服务器
/static 10.0.0.7:80 html/www/static static静态服务器
/ 10.0.0.9:80 html/www 默认
第二个里程碑: 创建/设置
upstream upload_pools {
server 10.0.0.8:80;
}
upstream static_pools {
server 10.0.0.7:80;
}
upstream default_pools {
server 10.0.0.9:80;
}
第三个里程碑:如何调用upstream信息
location /static/ {
proxy_pass http://static_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /upload/ {
proxy_pass http://upload_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location / {
proxy_pass http://default_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
第四个里程碑:配置lb负载均衡集群的配置文件
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
upstream upload_pools {
server 10.0.0.8:80;
}
upstream static_pools {
server 10.0.0.7:80;
}
upstream default_pools {
server 10.0.0.9:80;
}
server {
listen 80;
server_name www.etiantian.org;
location /static/ {
proxy_pass http://static_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /upload/ {
proxy_pass http://upload_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location / {
proxy_pass http://default_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
access_log logs/access_www.log main;
}
}
第五个里程碑-创建环境
www.etiantian.org/nana.html
www.etiantian.org/upload/nana.html
www.etiantian.org/static/nana.html
##web01
mkdir -p /application/nginx/html/www/upload
echo "web01 upload" >/application/nginx/html/www/upload/xxx.html
##web02
mkdir -p /application/nginx/html/www/static
echo "web02 static" >/application/nginx/html/www/static/xxx.html
##web03
echo "web03 default" >/application/nginx/html/www/xxx.html
第六个里程碑-进行测试
[root@lb01 conf]# curl www.etiantian.org/nana.html
web03 default
[root@lb01 conf]# curl www.etiantian.org/static/nana.html
web02 static
[root@lb01 conf]# curl www.etiantian.org/upload/nana.html
web01 upload
3.2 根据客户端的设备(user_agent)转发实践
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
upstream upload_pools {
server 10.0.0.8:80;
}
upstream static_pools {
server 10.0.0.7:80;
}
upstream default_pools {
server 10.0.0.9:80;
}
server {
listen 80;
server_name www.etiantian.org;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
if ($http_user_agent ~* "iphone")
{
proxy_pass http://static_pools;
}
if ($http_user_agent ~* "Chrome")
{
proxy_pass http://upload_pools;
}
proxy_pass http://default_pools;
}
access_log logs/access_www.log main;
}
}