Nginx反向代理
网站URL:
svn-------dev.qingfeng.com/svn(10.0.0.8:801/svn)
svn web---dev.qingfeng.com/submin(10.0.0.8:801/submin)
网站------www.qingfeng.com(10.0.0.7:80&10.0.0.8:80)
oa--------oa.qingfeng.com(10.0.0.7:802&10.0.0.8:802)
反向代理总结:
多域名指向是通过虚拟主机的不同server实现;
同一域名的不同虚拟目录通过每个server下面的不同location实现;
反向代理到后端的服务器需要在vhost/LB.conf下面配置upstream,
然后在server或location中通过proxy_pass引用.
1.安装nginx
mkdir -p /server/tools cd /server/tools yum install -y pcre pcre-devel openssl openssl-devel gcc gcc+ wget http://nginx.org/download/nginx-1.8.0.tar.gz useradd www -M -s /sbin/nologin tar xf nginx-1.8.0.tar.gz cd nginx-1.8.0/ sed -i "179s/#//" auto/cc/gcc mkdir /application ./configure --prefix=/application/nginx-1.8.0 --user=www \ --group=www --with-http_stub_status_module --with-http_ssl_module make && make install ln -s /application/nginx-1.8.0/ /application/nginx
2.10.0.0.8最简配置
cat nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; include vhosts/*.conf; } cat www.conf server { listen 80; server_name www.qingfeng.com; access_log logs/www_access.log main; error_log logs/www_error.log; location / { root html/www; index index.html index.php; } } cat svn.conf server { listen 801; server_name dev.qingfeng.com; access_log logs/svn_submin_access.log main; error_log logs/svn_submin_error.log; location / { root html; index index.html; } } cat oa.conf server { listen 802; server_name oa.qingfeng.com; access_log logs/www_access.log main; error_log logs/www_error.log; location / { root html/oa; index index.html index.php index.htm; } } # 10.0.0.7的主配文件、辅助文件(oa.conf)跟10.0.0.8一样
3.创建目录及首页文件
mkdir /application/nginx/conf/vhosts # 10.0.0.7 mkdir /application/nginx/html/{oa,www} cd /application/nginx/html/ echo "oa-10.0.0.7:802" > oa/index.html echo "www-10.0.0.7:80" > www/index.html # 10.0.0.8 mkdir /application/nginx/html/{oa,www,svn,submin} cd /application/nginx/html/ echo "oa-10.0.0.8:802" > oa/index.html echo "www-10.0.0.8:80" > www/index.html echo "this is the page of svn-10.0.0.8" > svn/index.html echo "this is the page of submin-10.0.0.8" > submin/index.html # 经典错误示范: location /svn/ { root html/svn; index index.html; } 如果写成这样的格式,将无法访问到页面,因为location不仅是url,还要把它拼接到网站根路径后, 去掉根路径后面跟的字符即可正常访问. location /svn/ { root html; index index.html; }
4.负载均衡(10.0.0.5)最简配置
cat LB.conf upstream LB-WWW { # ip_hash; server 10.0.0.7:80; server 10.0.0.8:80; } upstream LB-OA { # ip_hash; server 10.0.0.7:802; server 10.0.0.8:802; } server { listen 80; server_name dev.qingfeng.com; access_log logs/dev-access.log main; error_log logs/dev-error.log; location /svn/ { proxy_pass http://10.0.0.8:801/svn/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } location /submin/ { proxy_pass http://10.0.0.8:801/submin/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } } server { listen 80; server_name www.qingfeng.com; access_log logs/www-access.log main; error_log logs/www-error.log; location / { proxy_pass http://LB-WWW; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } } server { listen 80; server_name oa.qingfeng.com; access_log logs/oa-access.log main; error_log logs/oa-error.log; location / { proxy_pass http://LB-OA; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } }
5.解决问题
a.如果location中不加proxy_set_header Host $host;会导致客户端发来的请求头的
host中没有域名,只会返回第一个匹配到的页面;
b.反向代理到web01(nginx),返回403,是因为没有创建首页文件,创建后,可以正常访问,
反向代理到web02(apache),返回400,是因为没有在lb01配置文件中添加$host,发送了空请求.
c.解决web集群会话保持的方法:前端用ip_hash或后端搭一个memcache共享session.