nginx负载均衡配置实战
一、配置基于域名虚拟主机的web节点
web02和web01做同样的操作,nginx配置文件如下:
[root@web01 conf]# cat nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } access_log logs/access.log main; } } 接下来创建站点目录及对应测试文件并把域名加入到hosts解析并进行测试
二、nginx负载均衡反向代理实践
LB01 nginx配置文件如下:
[root@lb01 conf]# cat nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream www_server_pools { server 192.168.100.107:80 weight=1; server 192.168.100.108:80 weight=1; } server { listen 80; server_name www.dmtest.com; location / { proxy_pass http://www_server_pools; } } }
之后配置hosts解析到代理的IP或VIP上,重新加载服务即可
[root@lb01 conf]# tail -1 /etc/hosts 192.168.100.105 www.dmtest.com [root@lb01 conf]# systemctl restart nginx [root@lb01 conf]# curl www.dmtest.com 192.168.100.107 [root@lb01 conf]# curl www.dmtest.com 192.168.100.108
反向代理虚拟主机节点服务器案例
在代理向后端服务器发送的http请求头中加入host字段信息后,若后端服务器配置有多个虚拟主机,他就可以识别代理的是哪个虚拟主机。这是节点服务器多虚拟主机时的关键配置,整个nginx代理配置为:
[root@lb01 conf]# cat nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream www_server_pools { server 192.168.100.107:80 weight=1; server 192.168.100.108:80 weight=1; } server { listen 80; server_name www.dmtest.com; location / { proxy_pass http://www_server_pools; proxy_set_header Host $host; #在代理向后端服务器发送的http请求头中加入host字段信息后,若后端服务器配置有多个虚拟主机,他就可以识别代理的是哪个虚拟主机。这是节点服务器多虚拟主机时的关键配置. } } }
经过反向代理后的节点服务器记录用户IP案例
在反向代理中节点服务器对站点的访问日志的第一个字段记录的并不是客户端的IP,而是反向代理服务器的IP,最后一个字段也是"-",日志如下:
[root@web01 conf]# tail -2 ../logs/access.log 192.168.100.105 - - [14/Sep/2018:13:41:02 +0800] "GET / HTTP/1.0" 200 16 "-" "curl/7.29.0" "-" 192.168.100.105 - - [16/Sep/2018:13:57:45 +0800] "GET / HTTP/1.0" 200 16 "-" "curl/7.29.0" "-"
在反向代理请求后端服务器节点的请求头中增加获取的客户端IP的字段信息,然后节点后端可以通过程序或相关的配置接受X-Forwarded-For传过来的用户真实IP信息。
在LB01上配置如下:
[root@lb01 conf]# cat nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream www_server_pools { server 192.168.100.107:80 weight=1; server 192.168.100.108:80 weight=1; } server { listen 80; server_name www.dmtest.com; location / { proxy_pass http://www_server_pools; proxy_set_header X-Forwarded-For $remote_addr; #在代理向后端服务器发送的http请求头中加入X-Forwarded-For字段信息,用于后端服务器程序、日志等接收记录真实用户的IP,而不是代理服务器上的IP; } } }
注意,节点服务器上需要的让问日志,如果要记录用户的真实IP,还必须进行日志格式配置,这样才能把代理传过来的X-Forwarded_For头信息记录下来,具体配置为:
在web01 上操作
[root@web01 conf]# cat nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; #"$http_x_forwarded_for",如果希望在第一行显示,可以替换掉第一行的'$remote_addr变量 server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } access_log logs/access.log main; } }
再次查看站点日志效果如下:
[root@web01 conf]# tail -5 ../logs/access.log 192.168.100.105 - - [16/Sep/2018:14:24:28 +0800] "GET / HTTP/1.0" 200 16 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" "192.168.100.1" 192.168.100.105 - - [16/Sep/2018:14:24:30 +0800] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" "192.168.100.1" 192.168.100.105 - - [16/Sep/2018:14:24:30 +0800] "GET / HTTP/1.0" 200 16 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" "192.168.100.1" 192.168.100.105 - - [16/Sep/2018:14:24:31 +0800] "GET / HTTP/1.0" 200 16 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" "192.168.100.1" 192.168.100.105 - - [16/Sep/2018:14:24:32 +0800] "GET / HTTP/1.0" 200 16 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" "192.168.100.1"
nginx反向代理相关重要基础参数如下:
proxy_pass http://blog_server_pools; 用于指定反向代理的服务器池。
proxy_set_header Host $host; 当后端Web服务器上也配置有多个虚拟主机时,需要用该 Header来区分反向代理哪个主机名。
proxy_ set_ header X-Forwarded-For $remote_addr; 如果后端Web服务器上的程序需要获取用户P,从该Heard头获取。