Nginx 反向代理
反向代理实验
1 准备 node1,node2 两台节点, node1 反向至 node2,node2 配置 wed 服务
2node2 启动 web 服务
3 配置 node1 的 nginx 反向代理
3.1 备份配置文件
- [root@qq nginx]# cd conf.d/
- [root@qq conf.d]# cp default.conf{,.bak}
3.2 node1 配置反向代理至后端服务器
- [root@qq conf.d]# vim default.conf
- location / {
- #root /usr/share/nginx/html;
- proxy_pass http://10.201.106.22/;
3.3 重载 nginx 服务
- [root@qq conf.d]# service nginx configtest
- nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
- nginx: configuration file /etc/nginx/nginx.conf test is successful
- [root@qq conf.d]# service nginx reload
- Reloading nginx: [ OK ]
3.4 测试访问 http://10.201.106.21 能够成功跳转至 node2 的网页
3.5 查看 node2 访问日志, 记录的是 Client 的 IP
- [root@ww ~]# tail -1 /var/log/httpd/access_log
- 10.201.106.1 - - [12/Dec/2016:00:10:31 +0800] "GET /favicon.ico HTTP/1.1" 404 288 "http://10.201.106.22/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
4 只代理某个请求
4.1 node2 节点配置新的网站目录
- [root@ww ~]# cd /var/www/html/
- [root@ww html]# ls
- index.html
- [root@ww html]# mkdir bbs
- [root@ww html]# vim bbs/index.html
- <h1>bbs on node2</h1>
4.2 node1 配置反向代理
- location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
- # example
- #ModSecurityEnabled on;
- #ModSecurityConfig /etc/nginx/modsecurity.conf;
- }
- location /bbs/ {
- proxy_pass http://10.201.106.22/bbs/;
- }
- [root@qq conf.d]# service nginx reload
- Reloading nginx: [ OK ]
4.3 访问 http://10.201.106.21/bbs / 能够跳转到 node2 的界面
4.4 测试将 node1 的反向配置, 前端改成错误的后再测试
- location /qqq/ {
- proxy_pass http://10.201.106.22/bbs/;
- }
- [root@qq conf.d]# service nginx reload
- Reloading nginx: [ OK ]
测试: http://10.201.106.21/qqq/
可以访问到 node2 的 bbs 页面
实际是 node1 请求的
- [root@ww html]# tail -1 /var/log/httpd/access_log
- 10.201.106.21 - - [12/Dec/2016:02:10:01 +0800] "GET /bbs/ HTTP/1.0" 200 22 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
4.5 只有前端, 没有后端测试
- location /forum/ {
- proxy_pass http://10.201.106.22/;
- }
- [root@qq conf.d]# service nginx reload
- Reloading nginx: [ OK ]
测试后跳转到主页了, 这也是一个 URL
4.6 匹配后缀名, 跳转
- location ~* \.(jpg|png|gif)$ {
- proxy_pass http://10.201.106.22;
- }
语法检查:
- [root@qq conf.d]# service nginx configtest
- nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
- nginx: configuration file /etc/nginx/nginx.conf test is successful
- [root@qq conf.d]#
重载服务
- [root@qq conf.d]# service nginx reload
- Reloading nginx: [ OK ]
- [root@qq conf.d]#
上传图片到 node2 节点
访问: http://10.201.106.21/bg.jpg 可以访问到 node2 的图片
4.7 放到目录下的图片访问
上传图片到 node2 节点;
- [root@ww html]# mkdir images
- [root@ww html]# cd images/
- [root@ww images]# ls
- 2.jpg
- [root@ww images]#
访问测试, 可以看到图片
http://10.201.106.21/images/2.jpg
4.8 修改后端路径, 期望放到 / images 下
- location ~* \.(jpg|png|gif)$ {
- proxy_pass http://10.201.106.22/images/;
- }
第一种例外
语法错误, 模式匹配, 后面就不能再跟上 URL, 连 / 也不能加
- [root@qq conf.d]# service nginx configtest
- nginx: [emerg] "proxy_pass" cannot have URI part in location given by regular expression, or inside named location, or inside "if" statement, or inside "limit_except" block in /etc/nginx/conf.d/default.conf:25
- nginx: configuration file /etc/nginx/nginx.conf test failed
- [root@qq conf.d]#
4.9 第二种例外, location 如果有重写, 重写后的结果
发送到后端的值, 向后端发送特定首部
1 反向服务器将客户端真实 IP 发送给 node2 网站服务器
1.1 node1 配置
- [root@qq conf.d]# vim default.conf
- location /forum/ {
- proxy_pass http://10.201.106.22/;
- proxy_set_header HOST $host;
- proxy_set_header X-Real-IP $remote_addr;
- }
- location ~* \.(jpg|png|gif)$ {
- proxy_pass http://10.201.106.22;
- proxy_set_header X-Real-IP $remote_addr;
- }
1.2 服务重载
- [root@qq conf.d]# service nginx configtest
- nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
- nginx: configuration file /etc/nginx/nginx.conf test is successful
- [root@qq conf.d]#
- [root@qq conf.d]# service nginx reload
- Reloading nginx: [ OK ]
- [root@qq conf.d]#
1.3 定义 node2 后端服务器的日志格式
记录日志首部的值
- [root@ww images]# vim /etc/httpd/conf/httpd.conf
- #LogFormat "%h %l %u %t \"%r\"%>s %b \"%{Referer}i\"\"%{User-Agent}i\"" combined
- LogFormat "%{X-Real-IP}i %l %u %t \"%r\"%>s %b \"%{Referer}i\"\"%{User-Agent}i\"" combined
重启服务
- [root@ww images]# service httpd restart
- Stopping httpd: [ OK ]
- Starting httpd: [ OK ]
- [root@ww images]#
1.4 更改日志格式后, 相比前两条, 最后两条的访问日志记录已经变成真正的客户端主机 IP 了
- 10.201.106.21 - - [12/Dec/2016:06:57:21 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
- 10.201.106.21 - - [12/Dec/2016:06:57:39 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
- 10.201.106.1 - - [12/Dec/2016:07:05:37 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
- 10.201.106.1 - - [12/Dec/2016:07:05:38 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
- [root@ww images]#
Nginx 缓存
1 定义 node1 节点缓存配置, 1 条命令
- [root@node1 ~]# cd /etc/nginx/
- [root@node1 nginx]# vim nginx.conf
- http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- log_format main $remote_addr - $remote_user [$time_local] "$request"
- $status $body_bytes_sent "$http_referer"
- "$http_user_agent" "$http_x_forwarded_for";
- access_log /var/log/nginx/access.log main;
- proxy_cache_path /cache/nginx/ levels=1:1 keys_zone=mycache:32m;
- sendfile on;
创建缓存目录, 修改权限
- [root@node1 nginx]# mkdir -pv /cache/nginx
- mkdir: created directory `/cache
- mkdir: created directory `/cache/nginx
- [root@node1 nginx]# chown -R nginx:nginx /cache/nginx/
- [root@node1 nginx]#
2 调用缓存
- [root@node1 nginx]# vim conf.d/default.conf
- location /forum/ {
proxy_cache mycache; 调用缓存区域
proxy_cache_valid 200 1d; 200 的缓存一天
proxy_cache_valid 301 302 10m; 301 缓存 10 分钟
proxy_cache_valid any 1m; 其他缓存 1 分钟
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; 如果有这些情况, 使用旧缓存
- proxy_pass http://10.201.106.22/;
- proxy_set_header HOST $host;
- proxy_set_header X-Real-IP $remote_addr;
- }
3 重载服务
- [root@node1 nginx]# service nginx configtest
- nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
- nginx: configuration file /etc/nginx/nginx.conf test is successful
- [root@node1 nginx]#
- [root@node1 nginx]#
- [root@node1 nginx]# service nginx reload
- Reloading nginx: [ OK ]
- [root@node1 nginx]#
4 测试
访问网页后, 相应缓存目录有产生文件
- [root@node1 nginx]# cd /cache/nginx/
- [root@node1 nginx]# ls
- [root@node1 nginx]# ls
- c
- [root@node1 nginx]# ls
- 7 c
- [root@node1 nginx]# ls -lht
- total 8.0K
- drwx------ 3 nginx nginx 4.0K Nov 24 11:21 7
- drwx------ 3 nginx nginx 4.0K Nov 24 11:21 c
- [root@node1 nginx]# cd 7
- [root@node1 7]# ls
- c
- [root@node1 7]# cd c
- [root@node1 c]# ls
- 99cd97b13b9069e769098b964e66bbc7
- [root@node1 c]# ls -lht
- total 12K
- -rw------- 1 nginx nginx 8.4K Nov 24 11:21 99cd97b13b9069e769098b964e66bbc7
- [root@node1 c]#
缓存后,
Nginx 负载均衡
1 关闭缓存
- [root@node1 ~]# vim /etc/nginx/nginx.conf
- #proxy_cache_path /cache/nginx/ levels=1:1 keys_zone=mycache:32m;
2 定义第三个节点的网页
- [root@master1 ~]# vim /var/www/html/index.htm
- <h1>nginx on node3</h1>
3 编辑前端配置
全局配置
- [root@node1 ~]# vim /etc/nginx/nginx.conf
- upstream upservers {
- server 10.201.106.22;
- server 10.201.106.130;
- }
web 配置
- [root@node1 ~]# vim /etc/nginx/conf.d/default.conf
- location /forum/ {
- proxy_pass http://upservers/;
- }
4 访问 http://10.201.106.21/forum / 已经可以在两个节点中切换
5 修改负载后端的某台主机权重
- [root@node1 ~]# vim /etc/nginx/nginx.conf
- upstream upservers {
- server 10.201.106.22; weight=2;
- server 10.201.106.130;
- }
6 访问网页, 22 访问 2 次, 130 才访问一次
- 7
- [root@node1 ~]# vim /etc/nginx/nginx.conf
- upstream upservers {
- ip_hash;
- server 10.201.106.22 weight=2;
- server 10.201.106.130;
- }
- 8
- upstream upservers {
- server 10.201.106.22 max_fails=2 fail_timeout=1;
- server 10.201.106.130 max_fails=2 fail_timeout=1;
- }
将其中一个节点关系服务
- [root@node2 ~]# service httpd stop
- Stopping httpd: [ OK ]
测试后: 只会在好的节点访问了
重新打开服务后, 又能在两个节点间切换了;
9 标记为备用节点
- upstream upservers {
- server 10.201.106.22 max_fails=2 fail_timeout=1;
- server 10.201.106.130 max_fails=2 fail_timeout=1 backup;
- }
- 10
来源: http://www.bubuko.com/infodetail-2528581.html