nginx代理

1. Nginx代理服务概述

Nginx 作为代理服务可以实现很多的协议代理, 我们主要以 http 代理为主。
20200626183454
正向代理(内部上网)
20200626183500
反向代理
20200626183505

正向代理与反向代理的区别:

  • 代理的对象不一样;
  • 正向代理代理的对象是客户端;
  • 反向代理代理的对象是服务端;

1.1 Nginx代理配置语法

1.1.1 Nginx代理配置语法
Syntax:	proxy_pass	URL;
Default:	—
Context:	location,	if	in	location,	limit_except
http://localhost:8000/uri/
http://192.168.1.1:8000/uri/
http://unix:/tmp/backend.socket:/uri/
1.1.2 类似于nopush缓冲区
//尽可能收集所有头请求,	
Syntax:	proxy_buffering	on	|	off;
Default:				
proxy_buffering	on;
Context:	http,	server,	location
//扩展:
proxy_buffer_size	
proxy_buffers	
proxy_busy_buffer_size
1.1.3 跳转重定向
Syntax:	proxy_redirect	default;
proxy_redirect	off;proxy_redirect	redirect	replacement;
Default:	proxy_redirect	default;
Context:	http,	server,	location
1.1.4 头信息
Syntax:	proxy_set_header	field	value;
Default:	proxy_set_header	Host	$proxy_host;
			proxy_set_header	Connection	close;
Context:	http,	server,	location
//扩展:	
proxy_hide_header
proxy_set_body
1.1.5 代理到后端的TCP连接超时
Syntax:	proxy_connect_timeout	time;
Default:	proxy_connect_timeout	60s;
Context:	http,	server,	location
//扩展
proxy_read_timeout		//以及建⽴
proxy_send_timeout		//服务端请求完,	发送给客户端时间
1.1.6 Proxy常见配置项
$ vim /etc/nginx//proxy_params
proxy_redirect	default;
proxy_set_header	Host	$http_host;
proxy_set_header	X-Real-IP	$remote_addr;
proxy_set_header	X-Forwarded-For	$proxy_add_x_forwarded_for;
proxy_connect_timeout	30;
proxy_send_timeout	60;
proxy_read_timeout	60;
proxy_buffer_size	32k;
proxy_buffering	on;
proxy_buffers	4	128k;
proxy_busy_buffers_size	256k;
proxy_max_temp_file_size	256k;
//具体location实现
location	/	{
		proxy_pass	http://127.0.0.1:8080;
		include	proxy_params;
}

1.2 Nginx正向代理示例

20200626192945

//配置69.113访问限制,仅允许同⽹段访问
location	~	.*\.(jpg|gif|png)$	{
				allow	192.168.69.0/24;
				deny	all;
				root	/soft/code/images;
//配置正向代理
[root@Nginx	~]#	cat	/etc/nginx/conf.d/zy_proxy.conf	
server	{
				listen			80;
				resolver	233.5.5.5;       // 正向代理使用的DNS
				location	/	{
								proxy_pass	http://$http_host$request_uri;          //写到这里就可以实现正向代理的作用,下面的信息是为了捕捉客户端头部信息
								proxy_set_header	Host	$http_host;
								proxy_set_header	X-Real-IP	$remote_addr;
								proxy_set_header	X-Forwarded-For	$proxy_add_x_forwarded_for;
				}
}

由于没有安装正向代理相关软件,所以本地无法测试!

1.3 Nginx反向代理示例

20200626193309

$ vim proxy.conf 
server {
    listen 80;
    server_name proxy.lzj.com;
    index index.html;
    location / {
        proxy_pass http://192.168.1.2:8080;
        include proxy_params;  // 这里引用的是1.1.6步骤定义的常见配置选项
    }
}

$ vim images.conf 
server {
    listen 8080;
    server_name image.lzj.com;
    location ~ .*\.(png|jpg|gif)$ {
        gzip on;
        root /usr/share/nginx/html/images;
    }
}

20200626195448

2. 负载均衡

负载均衡主要就是为了提升吞吐量、提升请求性能、提高容灾!

2.1 实现Nginx负载均衡

Nginx实现负载均衡用到了proxy_pass代理模块核心配置,将客户端请求代理转发到一组upstream虚拟服务池!

upstream虚拟配置语法:

Syntax:	upstream	name	{	...	}
Default:	-
Context:	http
//upstream例⼦
upstream	backend	{
				server	backend1.example.com							weight=5;
				server	backend2.example.com:8080;
				server	unix:/tmp/backend3;
				server	backup1.example.com:8080			backup;
}
server	{
				location	/	{
								proxy_pass	http://backend;
				}
}
2.1.1 创建对应的html文件
$ mkdir /usr/share/nginx/html/{code1,code2,code3}
$ vim /usr/share/nginx/html/code1/index.html
<html>
    <title>Code1</title>
    <body bgcolor="red">
        <h1>Code1-8081</h1>
    </body>
</html>

$ vim /usr/share/nginx/html/code2/index.html
<html>
    <title> Coder2</title>
    <body bgcolor="blue">
        <h1>Code1-8082</h1>
    </body>
</html>

$  vim /usr/share/nginx/html/code3/index.html
<html>
    <title> Coder3</title>
    <body bgcolor="green">
        <h1>Code1-8083</h1>
    </body>
</html>
2.1.2 创建对应的conf文件
$ vim releserver.conf
server {
    listen 8081;
    root /usr/share/nginx/html/code1;
    index index.html;
}
server {
    listen 8082;
    root /usr/share/nginx/html/code2;
    index index.html;
}
server {
    listen 8083;
    root /usr/share/nginx/html/code3;
    index index.html;
}
2.1.3 配置Nginx反向代理
$ vim proxy_pass.conf
upstream node {
    server 192.168.1.2:8081;
    server 192.168.1.2:8082;
    server 192.168.1.2:8083;
}

server {
    server_name proxy_pass.lzj.com;
    listen 80;
    location / {
        proxy_pass http://node;
        include proxy_params;
    }
}
2.1.4 浏览器验证

20200626201517
20200626201443
20200626201450

2.2 Nginx负载均衡状态配置

后端服务器在负载均衡调度中的状态

状态 概述
down 当前的server暂时不参与负载均衡
backup 预留的备份服务器
max_fails 允许请求失败的次数
fail_timeout 经过max_fails失败后,服务暂停时间
max_conns 限制最大的接收连接数

测试 backup以及down状态

$ vim proxy_pass.conf
upstream	load_pass	{
				server	192.168.1.1:8001	down;
				server	192.168.1.2:8002	backup;
				server	192.168.1.3:8003	max_fails=1	fail_timeout=10s;
}
location		/	{
				proxy_pass	http://load_pass;
				include	proxy_params;
}

//关闭8003进行测试

2.3 Nginx负载均衡调度策略

调度算法 概述
轮询 按时间顺序逐⼀分配到不同的后端服务器(默认)
weight 加权轮询,weight值越⼤,分配到的访问⼏率越⾼
ip_hash 每个请求按访问IP的hash结果分配,这样来⾃同⼀IP的固定访问⼀个后端服务器
url_hash 按照访问URL的hash结果来分配请求,是每个URL定向到同⼀个后端服务器
least_conn 最少链接数,那个机器链接数少就分发
hash关键数值 hash⾃定义的key

权重轮询配置

upstream	load_pass	{
				server	192.168.1.1:8001;
				server	192.168.1.2:8002	weight=5;
				server	192.168.1.3:8003;
}

ip_hash配置

//如果客户端都⾛相同代理,	会导致某⼀台服务器连接过多
upstream	load_pass	{
				ip_hash;
				server	192.168.1.1:8001;
				server	192.168.1.2:8002;
				server	192.168.1.3:8003;
}
//如果出现通过代理访问会影响后端节点接收状态均衡

url_hash配置

upstream	load_pass	{
				hash	$request_uri;
				server	192.168.1.1:8001;
				server	192.168.1.2:8002;
				server	192.168.1.3:8003;
}

//针对三台服务器添加相同⽂件
/usr/share/nginx/html/code1/url1.html	url2.html	url3.html
/usr/share/nginx/html/code2/url1.html	url2.html	url3.html
/usr/share/nginx/html/code3/url1.html	url2.html	url3.html

2.4 Nginx负载均衡TCP配置

Nginx四层代理仅能存在于main段,不可定义在http字段中!

$ vim /etc/nginx/nginx.conf
stream	{
		upstream	ssh_proxy	{
			hash $remote_addr	consistent;
		    server 192.168.1.2:22;
		}
		upstream	mysql_proxy	{
			hash $remote_addr	consistent;
			server 192.168.1.2:3306;
		}
		server	{
			listen 6666;
			proxy_connect_timeout 1s;
			proxy_timeout 300s;
			proxy_pass	ssh_proxy;
		}
		server	{
			listen 5555;
			proxy_connect_timeout 1s;
			proxy_timeout 300s;
			proxy_pass	mysql_proxy;
		}
}

3. Nginx动静分离

动静分离,通过中间件将动态请求和静态请求进⾏分离, 分离资源, 减少不必要的请求消耗, 减少请求延时。

好处: 动静分离后, 即使动态服务不可⽤, 但静态资源不会受到影响

通过中间件将动态请求和静态请求分离!

20200626212836

3.1 Nginx动静分离应用案例

20200626212845

3.1.1 环境准备
OS service IP
Centos 7.2 proxy 192.168.1.1
Centos 7.2 nginx 192.168.1.2
Centos 7.2 tomcat 192.168.1.2
3.1.2 在192.168.1.2准备静态资源
$ vim /etc/nginx/conf.d/access.conf
server{
    listen  80;
    root /usr/share/nginx/html/code;
    index index.html;
    location ~.*\.(png|jpg|gif)$    {
        gzip on;
        root /usr/share/nginx/html/code/images;
    }
}
$ mkdir /usr/share/nginx/html/code/images -p
$ wget -O /usr/share/nginx/html/code/images/nginx.png   http://nginx.org/nginx.png
$ nginx -t
$ systemctl reload nginx
# 准备目录以及静态相关图片
3.1.3 在192.168.1.2上准备动态资源
$ wget https://mirrors.bfsu.edu.cn/apache/tomcat/tomcat-9/v9.0.36/bin/apache-tomcat-9.0.36.tar.gz
$ mkdir -p /soft/app
$ tar zxf apache-tomcat-9.0.36.tar.gz -C /soft/app/
$ vim /soft/app/apache-tomcat-9.0.36/webapps/ROOT/java_test.jsp
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<HTML>
        <HEAD>
            <TITLE>JSP Test Page</TITLE>
        </HEAD>
            <BODY>
            <%
            Random rand = new Random();
            out.println("<h1>Random number:</h1>");
            out.println(rand.nextInt(99)+100);
            %>
            </BODY>
</HTML>
$ /soft/app/apache-tomcat-9.0.36/bin/startup.sh   # 启动tomcat
3.1.4 192.168.1.2访问动态资源测试

20200626215010

3.1.5 在192.168.1.2配置负载均衡,实现访问jsp和png资源
$ yum install nginx -y
$ vim /etc/nginx/proxy_params 
proxy_redirect  default;
proxy_set_header    Host    $http_host;
proxy_set_header    X-Real-IP   $remote_addr;
proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout   30;
proxy_send_timeout  60;
proxy_read_timeout  60;
proxy_buffer_size   32k;
proxy_buffering on;
proxy_buffers   4   128k;
proxy_busy_buffers_size 256k;
proxy_max_temp_file_size    256k;

$ vim /etc/nginx/conf.d/proxy.conf 
upstream static {
    server 192.168.1.2:80;
}

upstream java {
    server 192.168.1.2:8080;
}

server {
    listen 80;

    location / {
        root /soft/code;
        index index.html;
    }

    location ~.*\.(png|jpg|gif)$ {
        proxy_pass http://static;
        include proxy_params;
    }

    location ~.*\.jsp$ {
        proxy_pass http://java;
        include proxy_params;
    }
}
$ nginx -t
$ systemctl start nginx
3.1.6 访问测试

20200626221922
20200626221943

posted @ 2020-11-22 22:53  吕振江  阅读(618)  评论(0编辑  收藏  举报
浏览器标题切换
浏览器标题切换end