一、nginx代理
1) 什么是代理
代理理财 代理收货 代理租房
2) 代理模式
正向代理 ( 科学上网 \ 共享上网 )
反向代理 ( 企业 )
3) 反向代理支持模式
http 用户请求 响应 JAVA
smtp
websocket 用户可以请求, 服务端响应 服务端可以推送数据
uwsgi Python
fastcgi PHP
https
4) 代理配置语法
proxy_pass
proxy_pass http://127.0.0.1:8080;
1.web节点的配置 10.0.0.201
[root@node2 ~]# cd /etc/nginx/conf.d/
[root@node2 conf.d]# cat proxy.oldboyedu.com.conf
server {
listen 80;
server_name proxy.oldboyedu.com;
root /code/proxy;
location / {
index index.html;
}
}
[root@node2 conf.d]# mkdir /code/proxy -p
[root@node2 conf.d]# echo "node2...." >> /code/proxy/index.html
[root@node2 conf.d]# nginx -t
[root@node2 conf.d]# systemctl reload nginx
2.代理节点的配置 10.0.0.100
hostnamectl set-hostname proxy
vim /etc/sysconfig/network-scripts/ifcfg-ens32
IPADDR=10.0.0.100
systemctl restart network
[root@proxy ~]# systemctl disable firewalld
[root@proxy ~]# systemctl stop firewalld
[root@proxy ~]# setenforce 0
[root@proxy ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
#安装epel\nginx
[root@proxy ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@proxy ~]# yum install vim wget unzip nginx -y
# 清理nginx.conf 无用的配置
vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
}
# 将nginx加入开机自启\ 启动nginx
[root@proxy ~]# systemctl start nginx
[root@proxy ~]# systemctl enable nginx
# 编写proxy配置文件
[root@proxy ~]# vim /etc/nginx/conf.d/proxy_proxy.oldboyedu.com.conf
server {
listen 80;
server_name proxy.oldboyedu.com;
location / {
proxy_pass http://10.0.0.201; # 后端是什么端口根本不重要
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
}
}
# 检查语法,重载服务
[root@proxy ~]# nginx -t
[root@proxy ~]# systemctl restart nginx
3.用户请求代理
抓包分析: 提炼了几个参数:
proxy_set_header Host $http_host; # 将用户请求的域名携带到后端
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 将用户的真实IP地址,携带到后端,后端有对应的变量解析结果
proxy_http_version 1.1;
二、nginx负载均衡
1) 什么是负载均衡
2) 为什么要用负载均衡
3) 负载均衡demo演示
4) 将多台相同应用服务(集群)接入负载均衡,进行轮询调度
upstream 定义虚拟资源池 ( 将应用服务器逻辑定义为资源池 )
proxy_pass 代理
tail -f /var/log/nginx/access.log
1.多个应用服务器节点:
node1: 10.0.0.200
node2: 10.0.0.201
域名: proxy.oldboyedu.com
node1 nginx配置:
[root@node1 conf.d]# cat /etc/nginx/conf.d/proxy.oldboyedu.com.conf
server {
listen 80;
server_name proxy.oldboyedu.com;
root /code/proxy;
location / {
index index.html;
}
}
mkdir /code/proxy -p
echo "node1...." > /code/proxy/index.html
systemctl reload nginx
node2 nginx配置:
[root@node1 conf.d]# cat /etc/nginx/conf.d/proxy.oldboyedu.com.conf
server {
listen 80;
server_name proxy.oldboyedu.com;
root /code/proxy;
location / {
index index.html;
}
}
mkdir /code/proxy -p
echo "node2...." > /code/proxy/index.html
systemctl reload nginx
2.通过nginx负载均衡进行轮询调度:
proxy: 10.0.0.100
域名: proxy.oldboyedu.com
[root@proxy ~]# cat /etc/nginx/conf.d/proxy_proxy.oldboyedu.com.conf
upstream node {
server 10.0.0.200:80;
server 10.0.0.201:80;
}
server {
listen 80;
server_name proxy.oldboyedu.com;
location / {
proxy_pass http://node;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
}
}
[root@proxy ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@proxy ~]# systemctl reload nginx
三、给wordpress、edusoho配置nginx负载均衡
1).准备好wordpress两台应用节点
2).准备好edusoho两台应用节点
3).配置nginx负载均衡,调度
1.blog配置
[root@proxy ~]# cat /etc/nginx/conf.d/proxy_blog.oldboyedu.com.conf
upstream blog {
server 10.0.0.200:80;
server 10.0.0.201:80;
}
server {
listen 80;
server_name blog.oldboyedu.com;
location / {
proxy_pass http://blog;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
2.edu配置
[root@proxy ~]# cat /etc/nginx/conf.d/proxy_edu.oldboyedu.com.conf
upstream edu {
server 10.0.0.200:80;
server 10.0.0.201:80;
}
server {
listen 80;
server_name edu.oldboyedu.com;
location / {
proxy_pass http://edu;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
3. 调度算法:
轮询: 默认
加权轮询:
[root@proxy ~]# vim /etc/nginx/conf.d/proxy_proxy.oldboyedu.com.conf
upstream node {
server 10.0.0.200:80 weight=5;
server 10.0.0.201:80 weight=1;
}
在200所对应的页面出现5次后出现1次201所对应的页面
ip_hash: 固定将请求调度至某一个节点. ( session会话保存 )
upstream node {
ip_hash;
server 10.0.0.200:80;
server 10.0.0.201:80;
}
优势: 解决会话问题
缺陷:
如果来源的都是同一个IP地址,则会造成某一个节点非常的繁忙,而其他的节点没有流量
造成负载不均衡的现象.
四、nginx_proxy + web应用节点(多台) + Redis会话保持 phpmyadmin
1.搭建好应用节点 ( 所有节点保持一致 )
[root@oldboy-pythonedu ~]# wget https://files.phpmyadmin.net/phpMyAdmin/5.0.3/phpMyAdmin-5.0.3-all-languages.zip
2.准备phpmyadmin的Nginx配置文件
[root@cwj-python ~]# vim /etc/nginx/conf.d/phpadmin.oldboyedu.com.conf
server {
listen 80;
server_name phpmyadmin.oldboyedu.com;
root /code/phpmyadmin;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@oldboy-pythonedu ~]# systemctl reload nginx
[root@oldboy-pythonedu ~]# unzip phpMyAdmin-5.0.3-all-languages.zip
[root@oldboy-pythonedu ~]# mv phpMyAdmin-5.0.3-all-languages /code/phpmyadmin
3.配置phpmyadmin连接数据库地址
[root@oldboy-pythonedu ~]# cp /code/phpmyadmin/config.sample.inc.php /code/phpmyadmin/config.inc.php
[root@oldboy-pythonedu ~]# vim /code/phpmyadmin/config.inc.php
/* Server parameters */
$cfg['Servers'][$i]['host'] = '10.0.0.202';
4.授权session存储本地目录为进程的用户身份
[root@oldboy-pythonedu ~]# chown -R nginx.nginx /var/lib/php/session
5.部署node2节点的phpmyadmin, 需要将代码和nginx配置拷贝一份
[root@node2 code]# scp -rp [email protected]:/code/phpmyadmin /code/
[root@node2 code]# chown -R nginx.nginx /code/phpmyadmin/
[root@node2 code]# scp [email protected]:/etc/nginx/conf.d/phpadmin.oldboyedu.com.conf /etc/nginx/conf.d/
[root@node2 code]# chown -R nginx.nginx /var/lib/php/session/
[root@node2 code]# nginx -t
[root@node2 code]# systemctl reload nginx
6.为应用节点,接入负载均衡
[root@proxy ~]# cat /etc/nginx/conf.d/proxy_phpadmin.oldboyedu.com.conf
upstream php {
server 10.0.0.200:80;
server 10.0.0.201:80;
}
server {
listen 80;
server_name phpmyadmin.oldboyedu.com;
location / {
proxy_pass http://php;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
7.检查轮询是否会造成无法登陆情况, 配置IP_hash测试是否能正常登陆
轮询一定会造成无法登陆成功.
可以采用ip_hash的方式解决.
upstream php {
ip_hash;
server 10.0.0.200:80;
server 10.0.0.201:80;
}
ll /var/lib/php/session/
rm -f /var/lib/php/session/*
8.采用Redis共享的方式来解决会话无法登陆的问题, 需要先将负载均衡恢复至轮询模式,然后在继续.
1) 安装Redis 10.0.0.202
[root@node-mysql ~]# yum install redis -y
[root@node-mysql ~]# vim /etc/redis.conf # 添加本机的内网IP地址 ( 不要写错了 )
bind 127.0.0.1 10.0.0.202
[root@node-mysql ~]# systemctl enable redis
[root@node-mysql ~]# systemctl start redis
[root@node-mysql ~]# netstat -lntp | grep redis
tcp 0 0 10.0.0.202:6379 0.0.0.0:* LISTEN 10699/redis-server
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 10699/redis-server
2) 通过其他的节点测试是否能正常访问Redis
[root@node2 ~]# yum install redis -y
[root@node2 ~]# redis-cli -h 10.0.0.202
3) 配置应用节点接入Redis, [ 应用程序php必须有redis的模块,否则无法正常连接 ] 两个节点配置一样,都需要操作
# 将应用程序解析器连接至 Redis
[root@oldboy-pythonedu ~]# vim /etc/php.ini
[Session]
;session.save_handler = files #注释掉
session.save_handler = redis
session.save_path = "tcp://10.0.0.202:6379?weight=1&timeout=2.5"
# 注释如下两行内容
[root@oldboy-pythonedu ~]# vim /etc/php-fpm.d/www.conf
;php_value[session.save_handler] = files
;php_value[session.save_path] = /var/lib/php/session
# 重启php-fpm
[root@oldboy-pythonedu ~]# systemctl restart php-fpm
在node2-201也操作一遍以上两个内容
9.测试是否能正常登陆,然后检查浏览器中的session是否与redis中存储的session一致.
[root@node-mysql ~]# redis-cli
127.0.0.1:6379> keys *
1) "python_key"
2) "PHPREDIS_SESSION:23f87a2b337659dcedc22d68a63f0734"
域名解析:
10.0.0.100 proxy.oldboyedu.com blog.oldboyedu.com edu.oldboyedu.com
10.0.0.100 phpmyadmin.oldboyedu.com