Nginx反向代理
反向代理實驗
1、準備node1,node2兩台節點,node1反向至node2,node2配置wed服務
2、node2啟動web服務
3、配置node1的nginx反向代理
3.1 備份配置檔案
[[email protected] nginx]# cd conf.d/
[[email protected] conf.d]# cp default.conf{,.bak}
3.2 node1配置反向代理至後端伺服器
[[email protected] conf.d]# vim default.conf
location / {
#root /usr/share/nginx/html;
proxy_pass http://10.201.106.22/;
3.3 重載nginx服務
[[email protected] conf.d]# service nginx configtest
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[[email protected] conf.d]# service nginx reload
Reloading nginx: [ OK ]
3.4 測試通路http://10.201.106.21能夠成功跳轉至node2的網頁
3.5 檢視node2通路日志,記錄的是Client的IP
[[email protected] ~]# tail -1 /var/log/httpd/access_log
10.201.106.1 - - [12/Dec/2016:00:10:31 +0800] "GET /favicon.ico HTTP/1.1" 404 288 "http://10.201.106.22/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
4、隻代理某個請求
4.1 node2節點配置新的網站目錄
[[email protected] ~]# cd /var/www/html/
[[email protected] html]# ls
index.html
[[email protected] html]# mkdir bbs
[[email protected] html]# vim bbs/index.html
<h1>bbs on node2</h1>
4.2 node1配置反向代理
location / {
root /usr/share/nginx/html;
index index.html index.htm;
# example
#ModSecurityEnabled on;
#ModSecurityConfig /etc/nginx/modsecurity.conf;
}
location /bbs/ {
proxy_pass http://10.201.106.22/bbs/;
}
[[email protected] conf.d]# service nginx reload
Reloading nginx: [ OK ]
4.3 通路http://10.201.106.21/bbs/能夠跳轉到node2的界面
4.4 測試将node1的反向配置,前端改成錯誤的後再測試
location /qqq/ {
proxy_pass http://10.201.106.22/bbs/;
}
[[email protected] conf.d]# service nginx reload
Reloading nginx: [ OK ]
測試:http://10.201.106.21/qqq/
可以通路到node2的bbs頁面
實際是node1請求的
[[email protected] html]# tail -1 /var/log/httpd/access_log
10.201.106.21 - - [12/Dec/2016:02:10:01 +0800] "GET /bbs/ HTTP/1.0" 200 22 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
4.5 隻有前端,沒有後端測試
location /forum/ {
proxy_pass http://10.201.106.22/;
}
[[email protected] conf.d]# service nginx reload
Reloading nginx: [ OK ]
測試後跳轉到首頁了,這也是一個URL
4.6 比對字尾名,跳轉
location ~* \.(jpg|png|gif)$ {
proxy_pass http://10.201.106.22;
}
文法檢查:
[[email protected] conf.d]# service nginx configtest
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[[email protected] conf.d]#
重載服務
[[email protected] conf.d]# service nginx reload
Reloading nginx: [ OK ]
[[email protected] conf.d]#
上傳圖檔到node2節點
通路:http://10.201.106.21/bg.jpg可以通路到node2的圖檔
4.7 放到目錄下的圖檔通路
上傳圖檔到node2節點;
[[email protected] html]# mkdir images
[[email protected] html]# cd images/
[[email protected] images]# ls
2.jpg
[[email protected] images]#
通路測試,可以看到圖檔
http://10.201.106.21/images/2.jpg
4.8 修改後端路徑,期望放到/images下
location ~* \.(jpg|png|gif)$ {
proxy_pass http://10.201.106.22/images/;
}
第一種例外
文法錯誤,模式比對,後面就不能再跟上URL,連/也不能加
[[email protected] conf.d]# service nginx configtest
nginx: [emerg] "proxy_pass" cannot have URI part in location given by regular expression, or inside named location, or inside "if" statement, or inside "limit_except" block in /etc/nginx/conf.d/default.conf:25
nginx: configuration file /etc/nginx/nginx.conf test failed
[[email protected] conf.d]#
4.9 第二種例外,location如果有重寫,重寫後的結果
發送到後端的值,向後端發送特定首部
1、反向伺服器将用戶端真實IP發送給node2網站伺服器
1.1 node1 配置
[[email protected] conf.d]# vim default.conf
location /forum/ {
proxy_pass http://10.201.106.22/;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
}
location ~* \.(jpg|png|gif)$ {
proxy_pass http://10.201.106.22;
proxy_set_header X-Real-IP $remote_addr;
}
1.2 服務重載
[[email protected] conf.d]# service nginx configtest
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[[email protected] conf.d]#
[[email protected] conf.d]# service nginx reload
Reloading nginx: [ OK ]
[[email protected] conf.d]#
1.3 定義node2後端伺服器的日志格式
記錄日志首部的值
[[email protected] images]# vim /etc/httpd/conf/httpd.conf
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
重新開機服務
[[email protected] images]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[[email protected] images]#
1.4 更改日志格式後,相比前兩條,最後兩條的通路日志記錄已經變成真正的用戶端主機IP了
10.201.106.21 - - [12/Dec/2016:06:57:21 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
10.201.106.21 - - [12/Dec/2016:06:57:39 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
10.201.106.1 - - [12/Dec/2016:07:05:37 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
10.201.106.1 - - [12/Dec/2016:07:05:38 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
[[email protected] images]#
Nginx緩存
1、定義node1節點緩存配置,1條指令
[[email protected] ~]# cd /etc/nginx/
[[email protected] nginx]# vim nginx.conf
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
proxy_cache_path /cache/nginx/ levels=1:1 keys_zone=mycache:32m;
sendfile on;
建立緩存目錄,修改權限
[[email protected] nginx]# mkdir -pv /cache/nginx
mkdir: created directory `/cache'
mkdir: created directory `/cache/nginx'
[[email protected] nginx]# chown -R nginx:nginx /cache/nginx/
[[email protected] nginx]#
2、調用緩存
[[email protected] nginx]# vim conf.d/default.conf
location /forum/ {
proxy_cache mycache; 調用緩存區域
proxy_cache_valid 200 1d; 200的緩存一天
proxy_cache_valid 301 302 10m; 301緩存10分鐘
proxy_cache_valid any 1m; 其他緩存1分鐘
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; 如果有這些情況,使用舊緩存
proxy_pass http://10.201.106.22/;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
}
3、重載服務
[[email protected] nginx]# service nginx configtest
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[[email protected] nginx]#
[[email protected] nginx]#
[[email protected] nginx]# service nginx reload
Reloading nginx: [ OK ]
[[email protected] nginx]#
4、測試
通路網頁後,相應緩存目錄有産生檔案
[[email protected] nginx]# cd /cache/nginx/
[[email protected] nginx]# ls
[[email protected] nginx]# ls
c
[[email protected] nginx]# ls
7 c
[[email protected] nginx]# ls -lht
total 8.0K
drwx------ 3 nginx nginx 4.0K Nov 24 11:21 7
drwx------ 3 nginx nginx 4.0K Nov 24 11:21 c
[[email protected] nginx]# cd 7
[[email protected] 7]# ls
c
[[email protected] 7]# cd c
[[email protected] c]# ls
99cd97b13b9069e769098b964e66bbc7
[[email protected] c]# ls -lht
total 12K
-rw------- 1 nginx nginx 8.4K Nov 24 11:21 99cd97b13b9069e769098b964e66bbc7
[[email protected] c]#
緩存後,
Nginx負載均衡
1、關閉緩存
[[email protected] ~]# vim /etc/nginx/nginx.conf
#proxy_cache_path /cache/nginx/ levels=1:1 keys_zone=mycache:32m;
2、定義第三個節點的網頁
[[email protected] ~]# vim /var/www/html/index.htm
<h1>nginx on node3</h1>
3、編輯前端配置
全局配置
[[email protected] ~]# vim /etc/nginx/nginx.conf
upstream upservers {
server 10.201.106.22;
server 10.201.106.130;
}
web配置
[[email protected] ~]# vim /etc/nginx/conf.d/default.conf
location /forum/ {
proxy_pass http://upservers/;
}
4、 通路http://10.201.106.21/forum/已經可以在兩個節點中切換
5、修改負載後端的某台主機權重
[[email protected] ~]# vim /etc/nginx/nginx.conf
upstream upservers {
server 10.201.106.22; weight=2;
server 10.201.106.130;
}
6、通路網頁,22通路2次,130才通路一次
7、
[[email protected] ~]# vim /etc/nginx/nginx.conf
upstream upservers {
ip_hash;
server 10.201.106.22 weight=2;
server 10.201.106.130;
}
8、
upstream upservers {
server 10.201.106.22 max_fails=2 fail_timeout=1;
server 10.201.106.130 max_fails=2 fail_timeout=1;
}
将其中一個節點關系服務
[[email protected] ~]# service httpd stop
Stopping httpd: [ OK ]
測試後:隻會在好的節點通路了
重新打開服務後,又能在兩個節點間切換了;
9、标記為備用節點
upstream upservers {
server 10.201.106.22 max_fails=2 fail_timeout=1;
server 10.201.106.130 max_fails=2 fail_timeout=1 backup;
}
10、
轉載于:https://blog.51cto.com/zhongle21/2087740