Fork me on GitHub

Nginx反向代理

网站URL:

svn-------dev.qingfeng.com/svn(10.0.0.8:801/svn)

svn web---dev.qingfeng.com/submin(10.0.0.8:801/submin)

网站------www.qingfeng.com(10.0.0.7:80&10.0.0.8:80)

oa--------oa.qingfeng.com(10.0.0.7:802&10.0.0.8:802)

反向代理总结:

多域名指向是通过虚拟主机的不同server实现;

同一域名的不同虚拟目录通过每个server下面的不同location实现;

反向代理到后端的服务器需要在vhost/LB.conf下面配置upstream,

然后在server或location中通过proxy_pass引用.

1.安装nginx

mkdir -p /server/tools
cd /server/tools
yum install -y pcre pcre-devel openssl openssl-devel gcc gcc+
wget http://nginx.org/download/nginx-1.8.0.tar.gz
useradd www -M -s /sbin/nologin
tar xf nginx-1.8.0.tar.gz
cd nginx-1.8.0/
sed -i "179s/#//" auto/cc/gcc
mkdir /application
./configure --prefix=/application/nginx-1.8.0 --user=www \
--group=www --with-http_stub_status_module --with-http_ssl_module
make && make install
ln -s /application/nginx-1.8.0/ /application/nginx

2.10.0.0.8最简配置

cat nginx.conf
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    
    include vhosts/*.conf;
}

cat www.conf
server {
    listen 80;
    server_name www.qingfeng.com;

    access_log logs/www_access.log main;
    error_log  logs/www_error.log;

    location / {
        root html/www;
        index index.html index.php;
    }
}

cat svn.conf
server {
    listen 801;
    server_name dev.qingfeng.com;

    access_log logs/svn_submin_access.log main;
    error_log  logs/svn_submin_error.log;

    location / {
        root html;
        index index.html;
    }
}

cat oa.conf
server {
    listen 802;
    server_name oa.qingfeng.com;

    access_log logs/www_access.log main;
    error_log  logs/www_error.log;

    location / {
        root html/oa;
        index index.html index.php index.htm;
    }
}
# 10.0.0.7的主配文件、辅助文件(oa.conf)跟10.0.0.8一样

3.创建目录及首页文件

mkdir /application/nginx/conf/vhosts
# 10.0.0.7
mkdir /application/nginx/html/{oa,www}
cd /application/nginx/html/
echo "oa-10.0.0.7:802" > oa/index.html
echo "www-10.0.0.7:80" > www/index.html
# 10.0.0.8
mkdir /application/nginx/html/{oa,www,svn,submin}
cd /application/nginx/html/
echo "oa-10.0.0.8:802" > oa/index.html
echo "www-10.0.0.8:80" > www/index.html
echo "this is the page of svn-10.0.0.8" > svn/index.html
echo "this is the page of submin-10.0.0.8" > submin/index.html

# 经典错误示范:
location /svn/ {
	root html/svn;
	index index.html;
}
如果写成这样的格式,将无法访问到页面,因为location不仅是url,还要把它拼接到网站根路径后,
去掉根路径后面跟的字符即可正常访问.
location /svn/ {
	root html;
	index index.html;
}

4.负载均衡(10.0.0.5)最简配置

cat LB.conf
upstream LB-WWW {
      # ip_hash;
      server 10.0.0.7:80;
      server 10.0.0.8:80;
    }
    
upstream LB-OA {
      # ip_hash;
      server 10.0.0.7:802;
      server 10.0.0.8:802;
}
server {
    listen      80;
    server_name dev.qingfeng.com;

    access_log  logs/dev-access.log main;
    error_log  logs/dev-error.log;

    location /svn/ {
        proxy_pass http://10.0.0.8:801/svn/;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
    
    location /submin/ {
        proxy_pass http://10.0.0.8:801/submin/;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}
server {
    listen      80;
    server_name www.qingfeng.com;
    
    access_log  logs/www-access.log main;
    error_log   logs/www-error.log;

    location / {
        proxy_pass http://LB-WWW;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

server {
    listen      80;
    server_name oa.qingfeng.com;

    access_log  logs/oa-access.log main;
    error_log   logs/oa-error.log;

    location / {
        proxy_pass http://LB-OA;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

5.解决问题

a.如果location中不加proxy_set_header Host $host;会导致客户端发来的请求头的

host中没有域名,只会返回第一个匹配到的页面;

b.反向代理到web01(nginx),返回403,是因为没有创建首页文件,创建后,可以正常访问,

反向代理到web02(apache),返回400,是因为没有在lb01配置文件中添加$host,发送了空请求.

c.解决web集群会话保持的方法:前端用ip_hash或后端搭一个memcache共享session.

 

posted @ 2018-12-24 13:37  法外狂徒  阅读(306)  评论(0编辑  收藏  举报