nginx代理
代理和负载均衡的区别
代理:负责把连接请求直接转发到后台某个web节点
负载均衡:负责把请求使用某种调度算法分散发布给后台所有web节点
环境
192.168.1.20 nginx1
192.168.1.22 web1
1.配置nginx代理服务器lb1
[root@nginx1 ~]# vim /etc/yum.repos.d/nginx.repo
添加:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@nginx1 ~]# yum -y install nginx
[root@nginx1 ~]# systemctl start nginx
[root@nginx1 ~]# systemctl enable nginx
2.创建代理配置文件,添加优化项
vim /etc/nginx/conf.d/lb1.conf
添加:
server {
listen 80;
server_name blog.benet.com;
location / {
proxy_pass http://192.168.1.102;
proxy_set_header Host $http_host; #转发请求时,包含头部“HOST”信息
proxy_set_header X-Real-IP $remote_addr; #和下行一起,共同实现追踪客户端原ip
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30; #代理和后端服务器连接超时时间
proxy_send_timeout 60; #后端服务器传回代理的超时时间
proxy_read_timeout 60; #代理等待后端服务器的响应时间
proxy_buffering on; #启用缓存,后端返回内容先缓存,再给客户端,收到多少转多少
proxy_buffer_size 32k; #代理缓存用户头信息的缓存区大小
proxy_buffers 4 128k; #缓存区的设置
}
}
server {
listen 80;
server_name zh.benet.com;
location / {
proxy_pass http://192.168.1.102;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
保存退出重启nginx服务
[root@nginx ~]# systemctl restart nginx
3.搭建web
web
[root@web1 ~]# vim /etc/yum.repos.d/nginx.repo
添加:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@web1 ~]# yum -y install nginx
备份
[root@web1 ~]# cd /etc/nginx/conf.d/
[root@web1 conf.d]# ls
default.conf
[root@web1 conf.d]# mv default.conf default.conf.bak
创建配置文件
[root@web1 conf.d]# vim web1.conf
添加:
server {
listen 80;
server_name web1.benet.com;
location / {
root /www;
index index.html;
}
}
启动nginx
[root@web1 conf.d]# systemctl start nginx
添加index.html文件
[root@web1 conf.d]# mkdir /www
[root@web1 conf.d]# echo "<h1>web1web1web1</h1>" > /www/index.html
4.修改hosts文件指向lb1,测试访问
我的电脑 > 本地磁盘 > Windows > system32 > drivers > etc > hosts >添加:192.168.1.20 web1.benet.com
浏览器访问http://web1.benet.com
5.扩展:创建优化项文件,网站配置文件直接调用
[root@nginx1 nginx]# vim nginx_params
添加:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
6.网站配置调用
[root@lb1 ~]# vim /etc/nginx/conf.d/lb1.conf
添加:
server {
listen 80;
server_name web1.benet.com;
location / {
proxy_pass http://192.168.1.22;
include nginx_params;
}
}
重启systemctl restart nginx
这种方法也可以做到代理转发,这种其实就是用变量的方法。
扫描二维码关注公众号,回复:
12461951 查看本文章
负载均衡
负载均衡(Load Balance),简写LB
面对高并发web请求,使用各种调度算法(rr,wrr,lc,wlc,ip_hash),分散转发到后台web群集节点,提高数据吞吐量,高容灾
常见的LB:
软件:lvs nginx haproxy
硬件:F5
云LB:阿里云SLB 腾讯云CLB 青云QLB ucloud ULB
四层负载:ip地址 tcp/udp 端口号
七层负载:HTTP https ftp SMTP
实验环境:
192.168.1.20 lb1
192.168.1.22 web1
192.168.1.23 web2
1.在搭建一台web
[root@web1 ~]# vim /etc/yum.repos.d/nginx.repo
添加:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@web1 ~]# yum -y install nginx
备份
[root@web1 ~]# cd /etc/nginx/conf.d/
[root@web1 conf.d]# ls
default.conf
[root@web1 conf.d]# mv default.conf default.conf.bak
创建配置文件
[root@web1 conf.d]# vim web2.conf
添加:
server {
listen 80;
server_name web2.benet.com;
location / {
root /www;
index index.html;
}
}
启动nginx
[root@web1 conf.d]# systemctl start nginx
添加index.html文件
[root@web1 conf.d]# mkdir /www
[root@web1 conf.d]# echo "<h1>web2web2web2222222</h1>" > /www/index.html
2.修改lb1的配置文件,添加负载均衡功能
[root@lb1 ~]# vim /etc/nginx/conf.d/lb1.conf
添加:
upstream web_cluster {
server 192.168.1.22:80;
server 192.168.1.23:80;
}
server {
listen 80;
server_name web1.benet.com;
location / {
proxy_pass http://web_cluster;
include nginx_params;
}
}
server {
listen 80;
server_name web2.benet.com;
location / {
proxy_pass http://web_cluster;
include nginx_params;
}
}
重启nginx
systemctl restart nginx
3.浏览器访问
4.nginx负载均衡后端状态
down 当前节点服务器不参与负载均衡
backup 备份服务器
max_fails 允许请求失败的次数
fails_timeout 经过max_fails失败后,服务的暂停时间
max_conns 同一ip最大连接数
例子:
vim /etc/nginx/conf.d/lb1.conf
修改为:
upstream web_cluster {
server 192.168.1.22:80 max_fails=2 fails_timeout=10s max_conns=1;
server 192.168.1.23:80 down; #一般用于停机维护
}
配置4层负载均衡,发布内部服务器的ssh和mysql
vim /etc/nginx/nginx.conf
插入数据到http字段上方:
stream {
upstream sshweb1 {
server 192.168.1.22:22;
}
upstream mysql {
server 192.168.1.23:3306;
}
server {
listen 5555;
proxy_pass sshweb1;
proxy_connect_timeout 30;
proxy_timeout 60;
}
server {
listen 7777;
proxy_pass mysql;
proxy_connect_timeout 30;
proxy_timeout 60;
}
}
重启验证一下
我这里是通过Xshell登录lb1 5555端口,就可以登录到web1上面,这里的mysql我没有部署就暂时不算了
高可用
高可用-增加容错性(HA:High availability)
协议:VRRP(虚拟路由冗余协议) 公有协议 224.0.0.18
HSRP(热备份路由协议) 私有协议,Cisco公司
高可用软件:
keepalived:使用vrrp实现多台主机高可用群集
高可用角色:master 主服务器
backup 备服务器
实施步骤:
目的:实现两台负载均衡器的高可用
环境:两台负载均衡器
lb1:192.168.1.20
lb2:192.168.1.21
web1:192.168.1.22
web2:192.168.1.23
1.安装keepalived(两台lb都装)
[root@lb1 ~]# yum -y install keepalived
[root@lb2 ~]# yum -y install keepalived
2.配置keepalived
主服务器:lb1
[root@lb1 ~]# vim /etc/keepalived/keepalived.conf
修改为:
global_defs {
router_id lb1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.254
}
}
备服务器:lb2
[root@lb2 ~]# vim /etc/keepalived/keepalived.conf
修改为:
global_defs {
router_id lb2 #路由id号,和主服务器必须不同
}
vrrp_instance VI_1 {
state BACKUP #状态:BACKUP备 MASTER主
interface ens33
virtual_router_id 51
priority 99 #优先级:备比主要小
advert_int 1 #心跳时间,主master和backup每隔1秒,会检测对方是否存活,如果master死了,backup会成为主服务器
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.254 #虚拟路由ip,公共ip
}
}
重启
[root@lb1 ~]# systemctl restart keepalived
[root@lb2 ~]# systemctl restart keepalived
3.查看虚拟ip(漂移ip地址)
~]# ip a show dev ens33
4. 复制lb1(192.168.1.20)关于nginx的配置到lb2(192.168.1.21)
在lb2安装nginx:
[root@lb2 ~]# yum -y install nginx
在lb1上scp复制nginx的所有配置:
[root@lb1 ~]# scp -rp /etc/nginx/* [email protected]:/etc/nginx
然后,在lb2上启动nginx服务:
[root@lb1 ~]# systemctl restart nginx
5.修改hosts文件,访问验证
hosts文件修改为:
192.168.1.254 web1.benet.com web2.benet.com
浏览器访问 http://web1.benet.com
关闭主服务器漂移地址就会跑到备用服务器,
3.高可用裂脑
高可用节点之间互相失去联系,自认为自己是主服务器,就会出现多主现象,即裂脑现象
裂脑出现的原因:
心跳线松动或网卡故障
服务器硬件故障,崩溃
节点服务器开启防火墙,却没有做vrrp例外
nginx服务死掉,不会出现裂脑现象,但整个集群都无法正常运作
1.检测裂脑脚本(在备用服务器:192.168.1.21运行)
[root@lb2 ~]# vim sclit_brain.sh
添加:
#!/bin/sh
while true
do
ping -c 2 -W 3 192.168.1.20 &> /dev/null
if [ $? -eq 0 -a `ip add|grep 192.168.1.254|wc -l` -eq 1 ]
then
echo "split brain....."
else
echo "HA is ok"
fi
sleep 5
done
赋权执行
[root@lb2 ~]# chmod +x sclit_brain.sh
[root@lb2 ~]# sh sclit_brain.sh
[root@lb2 ~]# sh sclit_brain.sh
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
开启防火墙验证:
systemctl start firewalld
[root@lb2 ~]# sh sclit_brain.sh
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
解决因为防火墙出现的裂脑现象:
[root@lb2 ~]# firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
[root@lb2 ~]# firewall-cmd --reload
[root@lb2 ~]# sh sclit_brain.sh
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
HA is ok
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
split brain.....
HA is ok
HA is ok
HA is ok
解决nginx故障造成群集无法工作
1.编辑nginx监控脚本
[root@lb1 ~]# mkdir /sh
[root@lb1 sh]# vim /sh/check_nginx_proxy.sh
添加:
#!/bin/bash
killall -0 nginx
if [ $? -ne 0 ];then
systemctl stop keepalived
fi
2.添加脚本追踪模块到keepalived配置文件
[root@lb1 sh]# vim /etc/keepalived/keepalived.conf
添加:
global_defs {
router_id lb1
}
vrrp_script check_nginx_proxy {
script "/sh/check_nginx_proxy.sh"
interval 2
weight 5
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.254
}
track_script {
check_nginx_proxy
}
}
重启keepalived:systemctl restart keepalived
现在关闭nginx
[root@lb1 ~]# systemctl stop nginx
master就会停止,backup就会成为主,漂移地址跑到backup上