nginx代理
1. Nginx代理服务概述
Nginx 作为代理服务可以实现很多的协议代理, 我们主要以 http 代理为主。
正向代理(内部上网)
反向代理
正向代理与反向代理的区别:
- 代理的对象不一样;
- 正向代理代理的对象是客户端;
- 反向代理代理的对象是服务端;
1.1 Nginx代理配置语法
1.1.1 Nginx代理配置语法
Syntax: proxy_pass URL;
Default: —
Context: location, if in location, limit_except
http://localhost:8000/uri/
http://192.168.1.1:8000/uri/
http://unix:/tmp/backend.socket:/uri/
1.1.2 类似于nopush缓冲区
//尽可能收集所有头请求,
Syntax: proxy_buffering on | off;
Default:
proxy_buffering on;
Context: http, server, location
//扩展:
proxy_buffer_size
proxy_buffers
proxy_busy_buffer_size
1.1.3 跳转重定向
Syntax: proxy_redirect default;
proxy_redirect off;proxy_redirect redirect replacement;
Default: proxy_redirect default;
Context: http, server, location
1.1.4 头信息
Syntax: proxy_set_header field value;
Default: proxy_set_header Host $proxy_host;
proxy_set_header Connection close;
Context: http, server, location
//扩展:
proxy_hide_header
proxy_set_body
1.1.5 代理到后端的TCP连接超时
Syntax: proxy_connect_timeout time;
Default: proxy_connect_timeout 60s;
Context: http, server, location
//扩展
proxy_read_timeout //以及建⽴
proxy_send_timeout //服务端请求完, 发送给客户端时间
1.1.6 Proxy常见配置项
$ vim /etc/nginx//proxy_params
proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffer_size 32k;
proxy_buffering on;
proxy_buffers 4 128k;
proxy_busy_buffers_size 256k;
proxy_max_temp_file_size 256k;
//具体location实现
location / {
proxy_pass http://127.0.0.1:8080;
include proxy_params;
}
1.2 Nginx正向代理示例
//配置69.113访问限制,仅允许同⽹段访问
location ~ .*\.(jpg|gif|png)$ {
allow 192.168.69.0/24;
deny all;
root /soft/code/images;
//配置正向代理
[root@Nginx ~]# cat /etc/nginx/conf.d/zy_proxy.conf
server {
listen 80;
resolver 233.5.5.5; // 正向代理使用的DNS
location / {
proxy_pass http://$http_host$request_uri; //写到这里就可以实现正向代理的作用,下面的信息是为了捕捉客户端头部信息
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
由于没有安装正向代理相关软件,所以本地无法测试!
1.3 Nginx反向代理示例
$ vim proxy.conf
server {
listen 80;
server_name proxy.lzj.com;
index index.html;
location / {
proxy_pass http://192.168.1.2:8080;
include proxy_params; // 这里引用的是1.1.6步骤定义的常见配置选项
}
}
$ vim images.conf
server {
listen 8080;
server_name image.lzj.com;
location ~ .*\.(png|jpg|gif)$ {
gzip on;
root /usr/share/nginx/html/images;
}
}
2. 负载均衡
负载均衡主要就是为了提升吞吐量、提升请求性能、提高容灾!
2.1 实现Nginx负载均衡
Nginx实现负载均衡用到了proxy_pass
代理模块核心配置,将客户端请求代理转发到一组upstream
虚拟服务池!
upstream虚拟配置语法:
Syntax: upstream name { ... }
Default: -
Context: http
//upstream例⼦
upstream backend {
server backend1.example.com weight=5;
server backend2.example.com:8080;
server unix:/tmp/backend3;
server backup1.example.com:8080 backup;
}
server {
location / {
proxy_pass http://backend;
}
}
2.1.1 创建对应的html文件
$ mkdir /usr/share/nginx/html/{code1,code2,code3}
$ vim /usr/share/nginx/html/code1/index.html
<html>
<title>Code1</title>
<body bgcolor="red">
<h1>Code1-8081</h1>
</body>
</html>
$ vim /usr/share/nginx/html/code2/index.html
<html>
<title> Coder2</title>
<body bgcolor="blue">
<h1>Code1-8082</h1>
</body>
</html>
$ vim /usr/share/nginx/html/code3/index.html
<html>
<title> Coder3</title>
<body bgcolor="green">
<h1>Code1-8083</h1>
</body>
</html>
2.1.2 创建对应的conf文件
$ vim releserver.conf
server {
listen 8081;
root /usr/share/nginx/html/code1;
index index.html;
}
server {
listen 8082;
root /usr/share/nginx/html/code2;
index index.html;
}
server {
listen 8083;
root /usr/share/nginx/html/code3;
index index.html;
}
2.1.3 配置Nginx反向代理
$ vim proxy_pass.conf
upstream node {
server 192.168.1.2:8081;
server 192.168.1.2:8082;
server 192.168.1.2:8083;
}
server {
server_name proxy_pass.lzj.com;
listen 80;
location / {
proxy_pass http://node;
include proxy_params;
}
}
2.1.4 浏览器验证
2.2 Nginx负载均衡状态配置
后端服务器在负载均衡调度中的状态
状态 | 概述 |
---|---|
down | 当前的server暂时不参与负载均衡 |
backup | 预留的备份服务器 |
max_fails | 允许请求失败的次数 |
fail_timeout | 经过max_fails失败后,服务暂停时间 |
max_conns | 限制最大的接收连接数 |
测试 backup以及down状态
$ vim proxy_pass.conf
upstream load_pass {
server 192.168.1.1:8001 down;
server 192.168.1.2:8002 backup;
server 192.168.1.3:8003 max_fails=1 fail_timeout=10s;
}
location / {
proxy_pass http://load_pass;
include proxy_params;
}
//关闭8003进行测试
2.3 Nginx负载均衡调度策略
调度算法 | 概述 |
---|---|
轮询 | 按时间顺序逐⼀分配到不同的后端服务器(默认) |
weight | 加权轮询,weight值越⼤,分配到的访问⼏率越⾼ |
ip_hash | 每个请求按访问IP的hash结果分配,这样来⾃同⼀IP的固定访问⼀个后端服务器 |
url_hash | 按照访问URL的hash结果来分配请求,是每个URL定向到同⼀个后端服务器 |
least_conn | 最少链接数,那个机器链接数少就分发 |
hash关键数值 | hash⾃定义的key |
权重轮询配置
upstream load_pass {
server 192.168.1.1:8001;
server 192.168.1.2:8002 weight=5;
server 192.168.1.3:8003;
}
ip_hash配置
//如果客户端都⾛相同代理, 会导致某⼀台服务器连接过多
upstream load_pass {
ip_hash;
server 192.168.1.1:8001;
server 192.168.1.2:8002;
server 192.168.1.3:8003;
}
//如果出现通过代理访问会影响后端节点接收状态均衡
url_hash配置
upstream load_pass {
hash $request_uri;
server 192.168.1.1:8001;
server 192.168.1.2:8002;
server 192.168.1.3:8003;
}
//针对三台服务器添加相同⽂件
/usr/share/nginx/html/code1/url1.html url2.html url3.html
/usr/share/nginx/html/code2/url1.html url2.html url3.html
/usr/share/nginx/html/code3/url1.html url2.html url3.html
2.4 Nginx负载均衡TCP配置
Nginx四层代理仅能存在于main段,不可定义在http字段中!
$ vim /etc/nginx/nginx.conf
stream {
upstream ssh_proxy {
hash $remote_addr consistent;
server 192.168.1.2:22;
}
upstream mysql_proxy {
hash $remote_addr consistent;
server 192.168.1.2:3306;
}
server {
listen 6666;
proxy_connect_timeout 1s;
proxy_timeout 300s;
proxy_pass ssh_proxy;
}
server {
listen 5555;
proxy_connect_timeout 1s;
proxy_timeout 300s;
proxy_pass mysql_proxy;
}
}
3. Nginx动静分离
动静分离,通过中间件将动态请求和静态请求进⾏分离, 分离资源, 减少不必要的请求消耗, 减少请求延时。
好处: 动静分离后, 即使动态服务不可⽤, 但静态资源不会受到影响
通过中间件将动态请求和静态请求分离!
3.1 Nginx动静分离应用案例
3.1.1 环境准备
OS | service | IP |
---|---|---|
Centos 7.2 | proxy | 192.168.1.1 |
Centos 7.2 | nginx | 192.168.1.2 |
Centos 7.2 | tomcat | 192.168.1.2 |
3.1.2 在192.168.1.2准备静态资源
$ vim /etc/nginx/conf.d/access.conf
server{
listen 80;
root /usr/share/nginx/html/code;
index index.html;
location ~.*\.(png|jpg|gif)$ {
gzip on;
root /usr/share/nginx/html/code/images;
}
}
$ mkdir /usr/share/nginx/html/code/images -p
$ wget -O /usr/share/nginx/html/code/images/nginx.png http://nginx.org/nginx.png
$ nginx -t
$ systemctl reload nginx
# 准备目录以及静态相关图片
3.1.3 在192.168.1.2上准备动态资源
$ wget https://mirrors.bfsu.edu.cn/apache/tomcat/tomcat-9/v9.0.36/bin/apache-tomcat-9.0.36.tar.gz
$ mkdir -p /soft/app
$ tar zxf apache-tomcat-9.0.36.tar.gz -C /soft/app/
$ vim /soft/app/apache-tomcat-9.0.36/webapps/ROOT/java_test.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<HTML>
<HEAD>
<TITLE>JSP Test Page</TITLE>
</HEAD>
<BODY>
<%
Random rand = new Random();
out.println("<h1>Random number:</h1>");
out.println(rand.nextInt(99)+100);
%>
</BODY>
</HTML>
$ /soft/app/apache-tomcat-9.0.36/bin/startup.sh # 启动tomcat
3.1.4 192.168.1.2访问动态资源测试
3.1.5 在192.168.1.2配置负载均衡,实现访问jsp和png资源
$ yum install nginx -y
$ vim /etc/nginx/proxy_params
proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffer_size 32k;
proxy_buffering on;
proxy_buffers 4 128k;
proxy_busy_buffers_size 256k;
proxy_max_temp_file_size 256k;
$ vim /etc/nginx/conf.d/proxy.conf
upstream static {
server 192.168.1.2:80;
}
upstream java {
server 192.168.1.2:8080;
}
server {
listen 80;
location / {
root /soft/code;
index index.html;
}
location ~.*\.(png|jpg|gif)$ {
proxy_pass http://static;
include proxy_params;
}
location ~.*\.jsp$ {
proxy_pass http://java;
include proxy_params;
}
}
$ nginx -t
$ systemctl start nginx
3.1.6 访问测试
*************** 当你发现自己的才华撑不起野心时,就请安静下来学习吧!***************