Use limit_rate limit the speed of data transfer client **
1, edit /etc/nginx/nginx.conf
location / {
root /var/www/nginx/;
index index.html index.htm;
limit_rate 2k; #对每个连接的限速为2k/s
}
2 Enable nginx proxy agent
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://192.168.62.157:80;
# proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
}
}
proxy_pass :真实服务器的地址,可以是ip也可以是域名和url地址
#proxy_redirect :如果真实服务器使用的是的真实IP:非默认端口。则改成IP:默认端口。(可选)
proxy_set_header:重新定义或者添加发往后端服务器的请求头
proxy_set_header X-Real-IP :启用客户端真实地址(否则日志中显示的是代理在访问网站)
proxy_set_header X-Forwarded-For:记录代理地址
proxy_connect_timeout:后端服务器连接的超时时间发起三次握手等候响应超时时间
proxy_send_timeout:后端服务器数据回传时间就是在规定时间之内后端服务器必须传完所有的数据
proxy_read_timeout :nginx接收upstream(上游/真实) server数据超时, 默认60s, 如果连续的60s内没有收到1个字节, 连接关闭。像长连接
2, load balancing upstream configuration
upstream youngfitapp {
server 192.168.62.157:8080; #也可以是域名
server 192.168.62.158:8080 backup; #热备
ip_hash; ip_hash:nginx会让相同的客户端ip请求相同的服务器。
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://youngfitapp;
}
}
server 192.168.62.157:8080 weight=2 max_fails=2 fail_timeout=2;
- down,表示当前的server暂时不参与负载均衡。
- backup,预留的备份机器。当其他所有的非backup机器出现故障或者忙的时候,才会请求backup机器,因此这台机器的压力最轻。
- max_fails,允许请求失败的次数,默认为1。当超过最大次数时,返回错误。
- fail_timeout,在经历了max_fails次失败后,暂停服务的时间单位秒。max_fails可以和fail_timeout一起使用。
1.9.0 nginx in time, adds a stream module configured to implement a four-layer protocol (network layer and transport layer) forwarding agents, load balancing. Usage stream modules with similar usage of http allows us to configure a set of protocols such as TCP or UDP listener, and then to forward our request by proxy_pass, upstream by adding multiple back-end services, load balancing.
#4层tcp负载
stream {
upstream myweb {
hash $remote_addr consistent;
server 172.17.14.2:8080;
server 172.17.14.3:8080;
}
server {
listen 80;
proxy_connect_timeout 10s;
proxy_timeout 30s;
proxy_pass myweb;
}
}
1、ip_hash
ip_hash using the source address hashing algorithm, the same client requests are always sent to the same back-end server, unless the server is unavailable.
ip_hash syntax:
upstream backend {
ip_hash;
server backend1.example.com;
server backend2.example.com;
server backend3.example.com down;
}
2、sticky_cookie_insert
Use sticky_cookie_insert enable session affinity, which can lead to requests from the same client to the same server is passed a group of servers. And ip_hash difference is that it is not based on IP to determine the client, but on the cookie to judge. So avoid these ip_hash in from the same client lead to load imbalances. (Need to introduce third-party modules to achieve)
sticky module (can also be interpreted based on the domain name to access)
upstream backend {
server backend1.example.com;
server backend2.example.com;
sticky_cookie_insert srv_id expires=1h domain=3evip.cn path=/;
} #访问域名 3evip.cn 会转到上面两台服务器上
server {
listen 80;
server_name 3evip.cn;
location / {
proxy_pass http://backen;
}
}
expires:设置浏览器中保持cookie的时间
domain:定义cookie的域
path:为cookie定义路径
Anti-theft chain configuration
[root@nginx-server ~]# vim /etc/nginx/nginx.conf
# 日志格式添加"$http_referer"
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# valid_referers 使用方式
Syntax: valid_referers none | blocked | server_names | string ...;
Default: —
Context: server, location
server {
listen 80;
server_name localhost;
location ~ .*\.(gif|jpg|png|jpeg)$ {
root /usr/share/nginx/html;
valid_referers none blocked *.qf.com 192.168.1.10;
if ($invalid_referer) {
return 403;
}
}
}
因为none允许为空值访问,所以加不加ip都可以访问,如果把none擦除,就不可以了
重载nginx服务
- none : 允许没有http_refer的请求访问资源;
- blocked : 允许不是http://开头的,不带协议的请求访问资源---被防火墙过滤掉的;
- server_names : 只允许指定ip/域名来的请求访问资源(白名单);
准备两台机器,一张图片网站服务器
2.2、Rewrite flag
rewrite command according to the expression to redirect URI, or modify the string. It can be applied to server, location, if each line of the last rewrite command environment with a flag marker flag labeled with the support of:
last 相当于Apache里的[L]标记,表示完成rewrite。默认为last。 还继续匹配
break 本条规则匹配完成后,终止匹配,不再匹配后面的规则
redirect 返回302临时重定向,浏览器地址会显示跳转后的URL地址
permanent 返回301永久重定向,浏览器地址会显示跳转后URL地址
http://www.testpm.com/a/1.html ==> http://www.testpm.com/b/2.html
server {
listen 80;
server_name www.testpm.com;
location /a {
root /html;
index 1.html index.htm;
rewrite .* /b/2.html permanent;
}
location /b {
root /html;
index 2.html index.htm;
}
}
# http://www.youngfit.com/a/1.html ==> http://jd.com/a/1.html
location /a {
root /html;
if ( $host ~* youngfit.com ){
rewrite .* http://jd.com$request_uri permanent;
}
}
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/last.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /break/ {
root /usr/share/nginx/html;
rewrite .* /test/break.html break;
}
location /last/ {
root /usr/share/nginx/html;
rewrite .* /test/last.html last;
}
location /test/ {
root /usr/share/nginx/html;
rewrite .* /test/test.html break;
}
}
[root@localhost conf.d]# cd /usr/share/nginx/html/
[root@localhost html]# mkdir test
[root@localhost html]# echo "last" > test/last.html
[root@localhost html]# echo "break" > test/break.html
[root@localhost html]# echo "test" > test/test.html
http://192.168.1.247/break/break.html break
http://192.168.62.159/last/last.html test
- last 标记在本条 rewrite 规则执行完后,会对其所在的 server { … } 标签重新发起请求;
- break 标记则在本条规则匹配完成后,停止匹配,不再做后续的匹配;
root, alias command difference **
location /img/ {
alias /var/www/image/;
}
#若按照上述配置的话,则访问/img/目录里面的文件时,ningx会自动去/var/www/image/目录找文件
location /img/ {
root /var/www/image;
}
#若按照这种配置的话,则访问/img/目录下的文件时,nginx会去/var/www/image/img/目录下找文件。
- alias alias is a defined directory,
- root is defined top level directory.
