Nginx四层负载均衡概述
目录
Nginx四层负载均衡概述
什么是四层负载均衡
# 四层负载均衡是基于传输层协议包来封装的(如:TCP/IP),那我们前面使用到的七层是指的应用层,他的组装在四层的基础之上,无论四层还是七层都是指的OSI网络模型。
四层负载均衡应用场景
四层负载均衡总结
1、四层负载均衡仅能转发TCP/IP协议、UDP协议、通常用来转发端口,如:tcp/22、udp/53;
2、四层负载均衡可以用来解决七层负载均衡端口限制问题;(七层负载均衡最大使用65535个端口号)
3、四层负载均衡可以解决七层负载均衡高可用问题;(多台后端七层负载均衡能同事的使用)
4、四层的转发效率比七层的高得多,但仅支持tcp/ip协议,不支持http和https协议;
5、通常大并发场景通常会选择使用在七层负载前面增加四层负载均衡。
Nginx四层负载均衡场景实践
1.环境准备
| 主机 | IP | 身份 |
| lb3 | 172.16.1.3,10.0.0.3 | 四层负载均衡 |
| lb01 | 172.16.1.4,10.0.0.4 | 七层负载均衡 |
| lb02 | 172.16.1.5,10.0.0.5 | 七层负载均衡 |
2.测试lb01
lb01负载均衡确认没有问题
3.lb4和lb02搭建nginx
1.配置yum源
2.安装 (nginx官方源安装)
3.配置nginx
4.创建用户
5.启动
4.将lb01配置同步到lb02
[root@lb01 ~]# scp /etc/nginx/conf.d/* 172.16.1.5:/etc/nginx/conf.d/
[root@lb01 ~]# scp /etc/nginx/proxy_params 172.16.1.5:/etc/nginx/
5.测试lb02的负载均衡
[root@lb02 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb02 ~]# systemctl restart nginx
#配置hosts测试
10.0.0.5 linux.wp.com
6.配置四层负载均衡
1)四层负载均衡语法
Syntax: stream { ... }
Default: —
Context: main
#示例:四层负载均衡stream模块跟http模块在同一级别,不能配置在http里面
stream {
upstream backend {
server backend1.example.com:12345 weight=5;
server 127.0.0.1:12345 max_fails=3 fail_timeout=30s;
}
server {
listen 12345;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass backend;
}
}
2)配置nginx主配置文件
[root@lb3 ~]# vim /etc/nginx/nginx.conf
#注释http层所有内容
user www;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
#添加一个包含文件
include /etc/nginx/conf.c/*.conf;
#http {
# include /etc/nginx/mime.types;
# default_type application/octet-stream;
# log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# access_log /var/log/nginx/access.log main;
# sendfile on;
# #tcp_nopush on;
# keepalive_timeout 65;
# #gzip on;
# include /etc/nginx/conf.d/*.conf;
#}
3)配置四层负载均衡
#创建目录
[root@lb3 ~]# mkdir /etc/nginx/conf.c
#配置
[root@lb3 ~]# vim /etc/nginx/conf.c/linux.lb4.com.conf
stream {
upstream lbserver {
server 10.0.0.4:80;
server 10.0.0.5:80;
}
server {
listen 80;
proxy_pass lbserver;
proxy_connect_timeout 1s;
proxy_timeout 3s;
}
}
4)启动服务
[root@lb3 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb4 ~]# systemctl start nginx
5)配置hosts访问
10.0.0.3 linux.wp.com linux.lb.com
#访问
http://linux.wp.com/
6)四层负载均衡配置日志
#四层负载均衡是没有access的日志的,因为在nginx.conf的配置中,access的日志格式是配置在http下的,而四层负载均衡配置是在http以外的;
#如果需要日志则需要配置在stream下面
[root@lb4 ~]# vim /etc/nginx/conf.c/linux.lb4.com.conf
stream {
log_format proxy '$remote_addr $remote_port - [$time_local] $status $protocol '
'"$upstream_addr" "$upstream_bytes_sent" "$upstream_connect_time"';
access_log /var/log/nginx/proxy.log proxy;
upstream lbserver {
server 10.0.0.4:80;
server 10.0.0.5:80;
}
server {
listen 80;
proxy_pass lbserver;
proxy_connect_timeout 1s;
proxy_timeout 3s;
}
}
#查看所有web服务器日志
[root@web01 ~]# tail -f /var/log/nginx/access.log
[root@web02 ~]# tail -f /var/log/nginx/access.log
四层负载端口转发
1.请求负载均衡的5555端口,跳转到web01的22端口
#简单配置
stream {
server {
listen 5555;
proxy_pass 172.16.1.7:22;
}
}
#一般配置
stream {
upstream ssh_7 {
server 10.0.0.7:22;
}
server {
listen 5555;
proxy_pass ssh_7;
}
}
2.请求负载均衡的6666端口,跳转至172.16.1.51:3306
stream {
upstream db_51 {
server 172.16.1.51:3306;
}
server {
listen 6666;
proxy_pass db_51;
}
}
3.数据库从库的负载均衡
stream {
upstream dbserver {
server 172.16.1.51:3306;
server 172.16.1.52:3306;
server 172.16.1.53:3306;
server 172.16.1.54:3306;
server 172.16.1.55:3306;
server 172.16.1.56:3306;
}
server {
listen 5555;
proxy_pass dbserver;
}
}
Nginx四层负载均衡场景(源码包安装)
1、下载源代码包
wget https://nginx.org/download/nginx-1.20.1.tar.gz
2、解压
tar -xf nginx-1.20.1.tar.gz
3、进入nginx源码包中编译安装
cd nginx-1.20.1
./configure --with-stream --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=www --group=www
make && make install
#创建统一用户
[root@lb02 nginx-1.20.1]# groupadd www -g 666
[root@lb02 nginx-1.20.1]# useradd www -u 666 -g 666 -M -r -s /sbin/nologin
4、修改配置文件
user www;
worker_processes auto;
error_log /var/log/nginx/error.log info;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
stream {
upstream lbtcp {
server 172.16.1.5:80;
server 172.16.1.6:80;
}
server {
listen 80;
proxy_pass lbtcp; # 转发的链接池
proxy_connect_timeout 1s; # 连接池中的IP链接的超时时间
proxy_timeout 3s; # 返回数据的超时时间
}
}
5、增加system管理配置
[root@lb03 ~]# cat /usr/lib/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server !
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
ExecStopPost=/usr/bin/rm -f /root/nginx
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
6、启动
systemctl daemon-reload
systemctl start nginx