nginx四层负载均衡

1、七层负载均衡:

根据url 调度不同的集群   url.yangdan.com
10.0.0.5
10.0.0.7		/pass
10.0.0.8		/user

#1.web01和web02配置  (只不过代码不一样)
[root@web01 conf.d]# cat url.yangdan.com.conf 
server {
	listen 80;
	server_name url.yangdan.com;
	root /code;

	location / {
		index index.html;
	}
}

#2.lb配置
[root@lb01 conf.d]# cat proxy_url.yangdan.com.conf 
upstream user {
	server 172.16.1.8;
}
upstream pass {
	server 172.16.1.7;
}

server {
	listen 80;
	server_name url.yangdan.com;
	location / {
		proxy_pass http://user;
		include proxy_params;
	}
	location /user {
                proxy_pass http://user;
                include proxy_params;
	}
	location /pass {
                proxy_pass http://pass;
                include proxy_params;
	}
}
[root@lb01 conf.d]# systemctl restart nginx
	
	PS: 在使用proxy_pass反向代理时,最后结尾添加/和不添加/有什么区别?
	
	1.不添加 / 
		用户如果请求:    http://url.yangdan.com/user
		会被代理至后端:  http://url.yangdan.com/user
	
	1.添加 / 
		用户如果请求: http://url.yangdan.com/user
		会被代理至后端:  http://url.yangdan.com/

根据设备调度不同的集群   			( 浏览器 )  ( 手机 )
10.0.0.5
10.0.0.7		pc
10.0.0.8		phone

#1.所有的web都需要配置   ( 代码不一样)
[root@web01 conf.d]# cat /etc/nginx/conf.d/agent.yangdan.com.conf 
server {
	listen 80;
	server_name agent.yangdan.com;
	root /code;

	location / {
		index index.html;
	}

}

2.代理的配置
[root@lb01 conf.d]# cat proxy_agent.yangdan.com.conf 
upstream pc {
	server 172.16.1.7:80;
}

upstream phone {
	server 172.16.1.8:80;
}

server {
	listen 80;
	server_name agent.yangdan.com;       #agent.oldxu.com
	location / {
		#默认都走pc
		proxy_pass http://pc;
		include proxy_params;
		default_type text/html;
		charset utf-8;

		#如果是安卓或iphone,则走phone
		if ( $http_user_agent ~* "android|iphone|iPad" ) {
			proxy_pass http://phone;
		}

		#如果是IE浏览器,要么拒绝,要么返回一个好的浏览器下载页面
		if ( $http_user_agent ~*  "MSIE" ) {
			return 200 '<a href="http://download.xuliangwei.com/gitlab-ce-8.3.4-ce.0.el7.x86_64.rpm" target="_blank">点击下载正版浏览器google.exe</a>';
		}
	}
}

2、四层负载均衡

#1.什么是四层  OSI  传输层  TCP/IP     UDP/TCP
	四层是基于转发方式:
	
#2.四层负载均衡使用场景
	#1.四层负载均衡 + 七层负载均衡
	#2.dns + 多机房 + 四层负载均衡+七层负载均衡
	#3.SOA 松耦合架构
		登录		passport.jd.com
		注册		reg.jd.com
		商品详情	pro.jd.com

#4.基于端口的转发
				nginx 7层		web01		MySQL
nginx 4层  + 					web02		NFS
				nginx 7层		web03		Redis
				10.0.0.6

10.0.0.4
	#nginx是1.9版本以后才引入的四层负载均衡
	stream模块实现,但stream不能出现在http层
		--with-stream
		-with-stream_ssl_module
		-with-stream_realip_module
		
	
	stream {
		upstream backend {
			hash $remote_addr consistent;
			server backend1.example.com:12345 weight=5;
			server 127.0.0.1:12345 max_fails=3 fail_timeout=30s;
			server unix:/tmp/backend3;
		}
		server {
			listen 12345;
			proxy_connect_timeout 1s;
			proxy_timeout 3s;
			proxy_pass backend;
		}
	}

#nginx四层+nginx七层+web集群--->场景    

#1.定义四层配置文件路径:
[root@lb-4 nginx]# vim /etc/nginx/nginx.conf
include /etc/nginx/conf.c/*.conf;   

#2.进行初始化操作
[root@lb-4 ~]# rm -f /etc/nginx/conf.d/default.conf
[root@lb-4 nginx]# mkdir /etc/nginx/conf.c

#3.配置四层负载均衡
[root@lb-4 ~]# cat /etc/nginx/conf.c/all.conf 
stream {
	upstream blog {
		server 172.16.1.5:80;
		server 172.16.1.6:80;
	}

	server {
		listen 80;
		proxy_pass blog;
		proxy_timeout 3s;
		proxy_connect_timeout 3s;
	}
}

3、基于端口的转发:

需求: 用户连接10.0.0.4的6666端口,其实连接的是172.16.1.7的22/TCP端口
需求: 用户连接10.0.0.4的5555端口,其实连接的是172.16.1.51的3306/TCP端口

[root@lb-4 conf.c]# cat blog.yangdan.com.conf 
stream {
	upstream ssh {
		server 172.16.1.7:22;
	}
	upstream mysql {
		server 172.16.1.51:3306;
	}
	
	server {
		listen 6666;
		proxy_pass ssh;
	}

	server {
		listen 5555;
		proxy_pass mysql;
	}
}

4、四层负载均衡怎么记录日志 必须在stream层,不能出现在http层?

log_format  proxy '$remote_addr -  [$time_local]  $status $protocol'
            '   "$upstream_addr" "$upstream_bytes_sent" "$upstream_connect_time"' ;

    access_log /var/log/nginx/tcp.log proxy;

#配置阿里云四层负载均衡   实现端口转发  
		公网666转到内网的22
		公网80 转到内网的多台7层负载均衡的80  ?