|
Nginx反向代理
一.七层反向代理
1.1环境配置
主机IP地址主要软件后端服务器tomcat1192.168.111.35Tomcat后端服务器tomcat2192.168.111.35Tomcat后端服务器tomcat3192.168.111.10Tomcat负载均衡和反向代理nginx192.168.111.30Ngnix
1.2实验
1.2.1配置tomcat后端服务器
[root@www ~]# netstat -lntp | grep java
tcp6 0 0 :::8009 :::* LISTEN 10149/java
tcp6 0 0 :::8010 :::* LISTEN 10212/java
tcp6 0 0 :::8080 :::* LISTEN 10149/java
tcp6 0 0 :::8081 :::* LISTEN 10212/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 10149/java
tcp6 0 0 127.0.0.1:8006 :::* LISTEN 10212/java
[root@www ~]# cd /usr/local/tomcat/tomcat1
[root@www tomcat1]# ls
bin BUILDING.txt conf CONTRIBUTING.md lib LICENSE logs NOTICE README.md RELEASE-NOTES RUNNING.txt temp webapps work
[root@www tomcat1]# cd webapps/
[root@www webapps]# ls
docs examples host-manager manager ROOT
[root@www webapps]# mkdir test
[root@www webapps]# cd test
[root@www test]# ls
[root@www test]# vim index.jsp #在tomcat服务器上配置tomcat1动态页面
[root@www test]# ls
index.jsp
[root@www test]# cd /usr/local/tomcat/tomcat2
[root@www tomcat2]# ls
bin BUILDING.txt conf CONTRIBUTING.md lib LICENSE logs NOTICE README.md RELEASE-NOTES RUNNING.txt temp webapps work
[root@www tomcat2]# cd webapps/
[root@www webapps]# mkdir test
[root@www webapps]# ls
docs examples host-manager manager ROOT test
[root@www webapps]# cd test/
[root@www test]# vim index.jsp #在tomcat服务器上配置tomcat1动态页面
[root@www test]# netstat -lntp | grep java #查看tomcat端口是否开启
tcp6 0 0 :::8009 :::* LISTEN 10149/java
tcp6 0 0 :::8010 :::* LISTEN 10212/java
tcp6 0 0 :::8080 :::* LISTEN 10149/java
tcp6 0 0 :::8081 :::* LISTEN 10212/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 10149/java
tcp6 0 0 127.0.0.1:8006 :::* LISTEN 10212/java
[root@www test]# ls
index.jsp
[root@www test]# vim index.jsp
[root@www test]# cat index.jsp
JSP test2 page
1.2.2配置后端tomca服务器
[root@localhost opt]# ls
apache-tomcat-9.0.16 hosts mysql-boost-5.7.41.tar.gz passwd php-7.1.10 test wordpress-4.9.4-zh_CN.tar.gz
apache-tomcat-9.0.16.tar.gz jdk-8u201-linux-x64.rpm nginx-1.24.0 passwdaa php-7.1.10.tar.bz2 txt
dis local.repo nginx-1.24.0.tar.gz passwdab rh user.tar.gz
Discuz_X3.4_SC_UTF8.zip mysql-5.7.41 num.tar.gz passwdac shell wordpress
[root@localhost opt]# rpm -ivh jdk-8u201-linux-x64.rpm #通过rpm包安装jdk环境
警告:jdk-8u201-linux-x64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID ec551f03: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:jdk1.8-2000:1.8.0_201-fcs ################################# [100%]
Unpacking JAR files...
tools.jar...
plugin.jar...
javaws.jar...
deploy.jar...
rt.jar...
jsse.jar...
charsets.jar...
localedata.jar...
[root@localhost opt]#
[root@localhost opt]# vim /etc/profile.d/java.sh #将java加入到全局环境变量中
[root@localhost opt]# source /etc/profile.d/java.sh
[root@localhost opt]# java -version
java version "1.8.0_201"
Java(TM) SE Runtime Environment (build 1.8.0_201-b09)
Java HotSpot(TM) 64-Bit Server VM (build 25.201-b09, mixed mode)
[root@localhost opt]# mv apache-tomcat-9.0.16 /usr/local/tomcat
[root@localhost opt]# /usr/local/tomcat/bin/startup.sh
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/java/jdk1.8.0_201-amd64/jre
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Tomcat started.
[root@localhost opt]# netstat -lntp | grep java
tcp6 0 0 :::8009 :::* LISTEN 15594/java
tcp6 0 0 :::8080 :::* LISTEN 15594/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 15594/java
[root@localhost opt]# vim /usr/lib/systemd/system/tomcat.service #通过配置tomcat.service文件将tomcat加入system目录,通过systemctl管理服务
[root@localhost opt]# /usr/local/tomcat/bin/shutdown.sh #通过绝对路径启动服务
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/java/jdk1.8.0_201-amd64/jre
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
[root@localhost opt]# netstat -lntp | grep java
[root@localhost opt]# systemctl start tomcat.service
[root@localhost opt]# netstat -lntp | grep java
tcp6 0 0 :::8009 :::* LISTEN 15897/java
tcp6 0 0 :::8080 :::* LISTEN 15897/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 15897/java
[root@localhost opt]# cd /usr/local/tomcat/
[root@localhost tomcat]# ls\
> ^C
[root@localhost tomcat]# ls
bin BUILDING.txt conf CONTRIBUTING.md lib LICENSE logs NOTICE README.md RELEASE-NOTES RUNNING.txt temp webapps work
[root@localhost tomcat]# cd webapps/
[root@localhost webapps]# ls
docs examples host-manager manager ROOT
[root@localhost webapps]# mkdir test
[root@localhost webapps]# cd test/
[root@localhost test]# vim index.jsp #给tomcat服务器配置动态页面
[root@localhost test]# cat index.jsp
JSP test3 page
1.2.3nginx服务器配置
[root@loclahost ~]# netstat -lntp | grep nginx
[root@loclahost ~]# cd /etc/yum.repos.d/
[root@loclahost yum.repos.d]# ls
local.repo local.sh repo.bak
[root@loclahost yum.repos.d]# vim nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@loclahost yum.repos.d]# yum install -y nginx #通过nginx.repo在本地用yum安装nginx
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
file:///mnt/repodata/repomd.xml: [Errno 14] curl#37 - "Couldn't open file /mnt/repodata/repomd.xml"
正在尝试其它镜像。
nginx-stable | 2.9 kB 00:00:00
nginx-stable/x86_64/primary_db FAILED
http://nginx.org/packages/centos/7/x86_64/repodata/4807322451763034497ab184c35370e7e8cdd8dc4509e3279d10c7e44c6dc811-primary.sqlite.bz2: [Errno 14] curl#7 - "Failed to connect to 2a05:d014:edb:5702::6: Network is unreachable"
正在尝试其它镜像。
nginx-stable/x86_64/primary_db | 85 kB 00:00:01
正在解决依赖关系
--> 正在检查事务
---> 软件包 nginx.x86_64.1.1.24.0-1.el7.ngx 将被 安装
--> 解决依赖关系完成
依赖关系解决
=================================================================================================================================================================
Package 架构 版本 源 大小
=================================================================================================================================================================
正在安装:
nginx x86_64 1:1.24.0-1.el7.ngx nginx-stable 804 k
事务概要
=================================================================================================================================================================
安装 1 软件包
总下载量:804 k
安装大小:2.8 M
Downloading packages:
nginx-1.24.0-1.el7.ngx.x86_64.rpm | 804 kB 00:00:10
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : 1:nginx-1.24.0-1.el7.ngx.x86_64 1/1
----------------------------------------------------------------------
Thanks for using nginx!
Please find the official documentation for nginx here:
* https://nginx.org/en/docs/
Please subscribe to nginx-announce mailing list to get
the most important news about nginx:
* https://nginx.org/en/support.html
Commercial subscriptions for nginx are available on:
* https://nginx.com/products/
----------------------------------------------------------------------
验证中 : 1:nginx-1.24.0-1.el7.ngx.x86_64 1/1
已安装:
nginx.x86_64 1:1.24.0-1.el7.ngx
完毕!
[root@loclahost yum.repos.d]# netstat -lntp | grep 80
tcp6 0 0 :::80 :::* LISTEN 8979/httpd
[root@loclahost yum.repos.d]# systemctl start nginx
[root@loclahost yum.repos.d]# netstat -lntp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 10449/nginx: master
[root@loclahost yum.repos.d]# systemctl disable --now firewalld #关闭防火墙
[root@loclahost yum.repos.d]# setenforce 0
[root@loclahost yum.repos.d]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@loclahost yum.repos.d]# cd /etc/nginx/
[root@loclahost nginx]# ls
conf.d fastcgi_params mime.types modules nginx.conf scgi_params uwsgi_params
[root@loclahost nginx]# cd conf.d/
[root@loclahost conf.d]# ls
default.conf
[root@loclahost conf.d]# vim default.conf
#定义后端服务器组的名称和节点配置
upstream backend_server {
server 192.168.111.35:8080 weight=1;
server 192.168.111.35:8081 weight=1;
server 192.168.111.10:8080 weight=1;
}
#使用location匹配用户发来的.jsp动态页面请求给后端服务器组
location ~* .*\.jsp$ {
proxy_pass http://backend_server;
#在转发报文里添加头部记录真实的客户端地址
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
[root@loclahost conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@loclahost conf.d]# cd /usr/share/nginx/
[root@loclahost nginx]# ls
html
[root@loclahost nginx]# cd html/
[root@loclahost html]# mkdir test
[root@loclahost html]# ls
50x.html index.html test
[root@loclahost html]# cd test/
[root@loclahost test]# ls
[root@loclahost test]# vim index.html
[root@loclahost test]# cat index.html
this is nginx static web
[root@loclahost test]# systemctl restart nginx
  
二.四层方向代理
2.1环境配置
主机IP地址主要软件后端服务器tomcat1192.168.111.35Tomcat后端服务器tomcat2192.168.111.35Tomcat后端服务器tomcat3192.168.111.10Tomcat动静分离和七层反向代理192.168.111.30Ngnix动静分离和七层反向代理192.168.111.40Ngnix负载均衡192.168.111.45Ngnix
2.2.实验
2.2.1步骤
在七层代理上继续配置,添加两台服务器,动静分离和七层反向代理;另一台做负载均衡。
2.2.1配置第二台动静分离和七层反向代理
[root@www ~]# cd /etc/yum.repos.d/
[root@www yum.repos.d]# ls
CentOS-Base.repo CentOS-CR.repo CentOS-Debuginfo.repo CentOS-fasttrack.repo CentOS-Media.repo CentOS-Sources.repo CentOS-Vault.repo nginx.repo
[root@www yum.repos.d]# yum install -y nginx #安装nginx 服务
已加载插件:fastestmirror, langpacks
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
nginx-stable | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
nginx-stable/x86_64/primary_db | 85 kB 00:00:01
Loading mirror speeds from cached hostfile
* base: mirrors.ustc.edu.cn
* extras: mirrors.ustc.edu.cn
* updates: mirrors.ustc.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 nginx.x86_64.1.1.24.0-1.el7.ngx 将被 安装
--> 解决依赖关系完成
依赖关系解决
=================================================================================================================================================================
Package 架构 版本 源 大小
=================================================================================================================================================================
正在安装:
nginx x86_64 1:1.24.0-1.el7.ngx nginx-stable 804 k
事务概要
=================================================================================================================================================================
安装 1 软件包
总下载量:804 k
安装大小:2.8 M
Downloading packages:
nginx-1.24.0-1.el7.ngx.x86_64.rpm | 804 kB 00:00:04
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : 1:nginx-1.24.0-1.el7.ngx.x86_64 1/1
----------------------------------------------------------------------
Thanks for using nginx!
Please find the official documentation for nginx here:
* https://nginx.org/en/docs/
Please subscribe to nginx-announce mailing list to get
the most important news about nginx:
* https://nginx.org/en/support.html
Commercial subscriptions for nginx are available on:
* https://nginx.com/products/
----------------------------------------------------------------------
验证中 : 1:nginx-1.24.0-1.el7.ngx.x86_64 1/1
已安装:
nginx.x86_64 1:1.24.0-1.el7.ngx
完毕!
[root@www test]# vim index.html # 准备nginx的静态页面
[root@www share]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ #将nginx服务加入全局配置
[root@www share]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@www test]# vim /etc/nginx/nginx.conf #将两台nginx的服务长连接设置为0
[root@www share]# systemctl daemon-reload #重载配置文件
[root@www share]# systemctl restart nginx #重启nginx服务
[root@www share]# netstat -lntp | grep :80 #服务开启
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2472/nginx: master
[root@www yum.repos.d]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon 关闭防火墙
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
2.2.2配置四层负载均衡
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
CentOS-Base.repo CentOS-CR.repo CentOS-Debuginfo.repo CentOS-fasttrack.repo CentOS-Media.repo CentOS-Sources.repo CentOS-Vault.repo nginx.repo
[root@localhost yum.repos.d]# yum install -y nginx #安装nginx服务
已加载插件:fastestmirror, langpacks
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
nginx-stable | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/5): base/7/x86_64/group_gz | 153 kB 00:00:00
(2/5): base/7/x86_64/primary_db | 6.1 MB 00:00:01
(3/5): extras/7/x86_64/primary_db | 249 kB 00:00:01
(4/5): nginx-stable/x86_64/primary_db | 85 kB 00:00:02
(5/5): updates/7/x86_64/primary_db | 21 MB 00:00:05
Determining fastest mirrors
* base: mirrors.ustc.edu.cn
* extras: mirrors.ustc.edu.cn
* updates: mirrors.nju.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 nginx.x86_64.1.1.24.0-1.el7.ngx 将被 安装
--> 解决依赖关系完成
依赖关系解决
=================================================================================================================================================================
Package 架构 版本 源 大小
=================================================================================================================================================================
正在安装:
nginx x86_64 1:1.24.0-1.el7.ngx nginx-stable 804 k
事务概要
=================================================================================================================================================================
安装 1 软件包
总下载量:804 k
安装大小:2.8 M
Downloading packages:
nginx-1.24.0-1.el7.ngx.x86_64.rpm | 804 kB 00:00:09
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : 1:nginx-1.24.0-1.el7.ngx.x86_64 1/1
----------------------------------------------------------------------
Thanks for using nginx!
Please find the official documentation for nginx here:
* https://nginx.org/en/docs/
Please subscribe to nginx-announce mailing list to get
the most important news about nginx:
* https://nginx.org/en/support.html
Commercial subscriptions for nginx are available on:
* https://nginx.com/products/
----------------------------------------------------------------------
验证中 : 1:nginx-1.24.0-1.el7.ngx.x86_64 1/1
已安装:
nginx.x86_64 1:1.24.0-1.el7.ngx
完毕!
[root@localhost nginx]# cd conf.d/
[root@localhost conf.d]# vim default.conf #添加配置参数
#四层反向代理模块
stream {
#定义四层代理的后端服务器节点
upstream nginx_server{
server 192.168.111.30:80 weight=1;
server 192.168.111.40:80 weight=1;
}
server {
listen 80;
proxy_pass nginx_server;
}
}
[root@localhost nginx]# vim nginx.conf #将长连接保持设置为0
[root@localhost nginx]# systemctl disable --now firewalld
[root@localhost nginx]# setenforce 0
setenforce: SELinux is disabled
[root@localhost nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@localhost nginx]# systemctl restart nginx
[root@localhost nginx]# netstat -lntp | grep nginx
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 2596/nginx: master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2596/nginx: master
     
三.四层反向代理与七层反向代理对比
3.1应用场景
四层反向代理:基于 IP + PORT 实现的代理转发,通常用于做用户的访问入口和负载均衡器等应用场景
七层反向代理:基于http、https、mail等七层应用协议的代理转发,通常用于动静分离等应用场景
3.2配置
七层反向代理:
1)在 http 配置段里设置 upstream 定义后端应用服务器池的名称和节点参数配置
upstream backend {
server IP:PORT weight=1;
...
[ip_hash;]
}
2)在 server 配置段里用 location 匹配用户的访问路径,使用 proxy_pass 基于协议进行转发
location ~ .*\.jsp$ {
proxy_pass http://backend;
}
四层反向代理:
1)编译安装时需要 --with-stream 添加四层反向代理模块
2)和 http 配置段同层级别,一般在 http 配置段上面添加 stream 配置段,在 stream 配置段中定义服务器池、监听端口和转发等配置
stream {
upstream backend {
server IP:PORT weight=1;
......
}
server {
listen PORT;
proxy_pass backend;
}
}
http {
......
}
四.nginx负载均衡的模式(调度算法/策略)
轮询 round robin rr
加权轮询 weight round robin wrr
least_conn 最小/少连接
ip_hash 根据客户端IP做hash缓存的算法
url_hash 根据客户端访问的url路径做hash缓存的算法
fair 根据服务端的响应时间来分配请求
random 随机分配
hash $remote_addr consistent 一致性hash算法, 客户端IP 哈希算法,是ip_hash算法的加强版
nginx全局变量
五.nginx的反向代理实现会话保持
1)ip_hash url_hash 客户端IP一致性哈希算法 hash $remote_addr consistent 基于客户端IP/访问的URL做哈希缓存实现会话保持
2)sticky_cookie_insert 需要安装第三方的sticky模块,基于cookie来判断实现会话保持
3)配置后端应用服务器共享 session 或使用后端服务器自身通过相关机制保持 session 同步实现会话保持
n 最小/少连接 ip_hash 根据客户端IP做hash缓存的算法 url_hash 根据客户端访问的url路径做hash缓存的算法 fair 根据服务端的响应时间来分配请求 random 随机分配 hash $remote_addr consistent 一致性hash算法, 客户端IP 哈希算法,是ip_hash算法的加强版 nginx全局变量
## 五.nginx的反向代理实现会话保持
1)ip_hash url_hash 客户端IP一致性哈希算法 hash $remote_addr consistent 基于客户端IP/访问的URL做哈希缓存实现会话保持 2)sticky_cookie_insert 需要安装第三方的sticky模块,基于cookie来判断实现会话保持 3)配置后端应用服务器共享 session 或使用后端服务器自身通过相关机制保持 session 同步实现会话保持
|