Nginx reverse proxy principle and

1.1 nginx basic introduction

1. What is nginx

• Deploy web project was a container, common web container must have: nginx, Apache, Tomcat

• Officials say nginx can handle one hundred thousand concurrent (when you can deal with static resources have to reach this level)

2. nginx high concurrency principle (multi-process + epoll achieve high concurrency)

• Nginx after the start, there will be a master process and several independent worker process.

• Each child process only one thread (coroutine), IO multiplexing epoll model used to achieve high concurrency.

3. epoll principle to achieve high concurrency

• epoll () in the kernel maintains a list, epoll_wait ways to get to the chain length is not zero know the file descriptor is ready.

• Epoll kernel implementation is achieved in accordance with established callback function of each device driver sockfd above.

• When an event occurs on a sockfd, with its corresponding callback function is called, sockfd to join this list, the other is in the "idle" state will not.

• epoll file described above to obtain the list, here using memory mapping (mmap) technology, avoid copying a large number of file descriptors the overhead

　　Memory mapping (the mmap) : memory mapped files, a file is mapped to a memory, the file will not have to perform I / O operations

 

1.2 nginx proxy Forward & Reverse Proxy

1. Forward Proxy

• I can not access a website, but I was able to access a proxy server, the proxy server does, he can not visit the sites I visit

• So I first connected to the proxy server, tell him I need that can not access the site's content, the proxy server to get back, and then return to me

• The client must be set up forward proxy server, of course, the premise is to know the IP address of the forward proxy server, as well as port agent.

• For example through the use of such software before such as CCproxy, http://www.ccproxy.com/ need to configure the proxy address in the browser.

 

　　Forward proxy role:

• • 　　1) Resource Access originally inaccessible, such as google

  • 　　2) can do caching, to accelerate access to resources

  • 　　3) access authorization to the client, Internet authentication

  • 　　4) proxy can record user access records (access management), external users to hide information

 

 

 

 

 

2. Reverse Proxy

• 1. Reverse proxy transparent to the user, the client without any configuration to access services.

• 2. the actual operation mode refers to the proxy server to accept connection requests on the internet, and then forwards the request to the server on the internal network.

• 3. and returns the result obtained from the server to the client requesting a connection to the internet, when the external proxy server is a server performance.

 

 

 

 

 

 

1.3 nginx common configuration

1. nginx configuration file parsing

# User running 
the User the nobody;
 # start the process, and usually set to equal the number of cpu 
worker_processes 1 ; 
 
# global error log file and PID 
# error_log logs / error.log; 
# error_log logs / error.log Notice; 
# error_log logs / error info .log; 
 
# PID logs / nginx.pid; 
 
# operation mode and limit the number of connections 
Events {
     # the epoll is a way of multiplexing IO (I / O multiplexing) is, 
    # only for kernel more linux2.6 , can greatly improve the performance of nginx 
    use epoll; 
 
    # single background process worker process maximum number of concurrent links     
    worker_connections 1024 ; 
 
    # complicated by the total number of the product is worker_processes and worker_connections 
    #That worker_processes = * worker_connections max_clients 
    # In the case of reverse proxy set up under, max_clients = worker_processes * worker_connections / 4 Why 
    # why the above reverse proxy to be divided by 4, it should be said is an empirical value 
    # Based on the above conditions, under normal circumstances the maximum number of connections Nginx Server can handle are: 4 * 8000 = 32000 
    # set with the physical memory size worker_connections value of about 
    # because concurrency by IO bound value max_clients must be less than the maximum number of file systems that can be opened 
    # and the system can be opened the maximum number of files and memory proportional to the size, number of files on the general 1GB memory machines can be opened is about 100,000 
    # we look at the number of file handles 360M memory VPS can open a number: 
    # $ CAT / proc / SYS / FS / file-max 
    # output 34336 
    # 32000 <34336, i.e. concurrent connections that total less than the total number of file handles system can be opened, so that within the operating system can withstand a range of 
    # Therefore, the value of worker_connections needs according to the number worker_processes process and the total maximum file system can be adapted to open Local settings 
    #So that the operating system can be less than the total number of concurrent maximum number of open files 
    # and its essence is configured according to the physical host CPU and memory of 
    # course, the theoretical and the actual total number of concurrent may be biased, because there are a host of other work processes We need to consume system resources. 
    # The ulimit -SHn 65535 
 
} 
 
 
HTTP { 
    # set the mime type, file type defined by the mime.type 
    the include the mime.types; 
    default_type file application / OCTET - Uninterpreted Stream;
     # set log format 
    log_format main   ' $ REMOTE_ADDR - $ REMOTE_USER [$ time_local] "$ Request" ' 
                      ' $ $ body_bytes_sent Status "$ HTTP_REFERER" ' 
                      ' "$ HTTP_USER_AGENT" "$ HTTP_X_FORWARDED_FOR" ' ; 
 
    access_log logs / the access.log main;
 
    nginx sendfile directive specifies whether to call sendfile function (zero copy mode) to output file 
    # for general application, must be set to ON, 
    # if used to download applications such as disk IO heavy load applications, it can be set to OFF, 
    # to balance disk and network I / O processing speed and reduce the system uptime. 
    the sendfile ON;
     # tcp_nopush ON; 
 
    # timeout Interval 
    # keepalive_timeout 0; 
    keepalive_timeout 65 ; 
    TCP_NODELAY ON; 
 
    # open gzip compression 
    gzip ON; 
    gzip_disable " MSIE [1-6]. " ; 
 
    # setting request buffer 
    client_header_buffer_size 128K; 
    large_client_header_buffers   . 4 128K; 
 
 
    # sets a virtual host configuration
    {Server
         # listening on port 80 
        the listen 80 ;
         # definitions used www.nginx.cn access 
        server_name www.nginx.cn; 
 
        # default web root directory location defined server 
        root HTML; 
 
        # setting this virtual hosts access log 
        access_log logs / main nginx.access.log; 
 
        # default request 
        LOCATION / { 
            
            # define the name of the home index file 
            index the index.php index.html index.htm;    
 
        } 
 
        # define error page 
        error_page 500 502 503 504 / 50x.html; 
        LOCATION = / {50x.html 
        } 
 
        # static files, nginx deal with their own
        ~ ^ LOCATION / (ImagesRF Royalty Free | JavaScript | JS | CSS | Flash | Media | static) / { 
            
            # expire 30 days, less static file updates, expired can be set larger, 
            # if frequent updates, you can set smaller. 
            30d Expires; 
        } 
 
        # the PHP script request is forwarded to all FastCGI FastCGI process using the default configuration.. 
        LOCATION ~ .php $ { 
            fastcgi_pass 127.0.0.1:9000 ; 
            fastcgi_index the index.php; 
            fastcgi_param SCRIPT_FILENAME $ $ DOCUMENT_ROOT fastcgi_script_name; 
            the include fastcgi_params; 
        } 
 
        # prohibition file access .htxxx 
            LOCATION ~ / .ht { 
            the deny All; 
        } 
 
    } 
}

nginx configuration file comments

nginx configuration file parsing

 

 

1.4 nginx load balancing configuration

1.  build experimental environment (using nginx docker deploy two containers)

1 ) using nginx to build the first service 
[root @ Linux -node4 ~] # Docker Container RUN --name web01 -d -p 81:80 nginx 
test access: HTTP: //192.168.56.14: 81 / 
root @ c58a7f1fb89d: / # Docker Exec -it web01 bash 
root @ c58a7f1fb89d: / # echo web01> /usr/share/nginx/html/index.html

2 ) Use docker to build a second nginx service 
[root @ Linux -node4 ~] # docker Container RUN --name web02 -d -p 82:80 nginx 
test access: HTTP: //192.168.56.14: 82 / 
root @ a3440d30f27c : / #   Docker Exec -it web02 bash 
root @ a3440d30f27c: / #   echo web02> /usr/share/nginx/html/index.html

2.  The default in rotation (nginx installed in the real host and configure load balancing)

In rotation: each request individually assigned to a different time order back-end server, if the back-end server down off automatically removed.

 

[Node4 the root-Linux @ ~] # yum the install Nginx -Y 
[Node4 the root-Linux @ ~] # Vim /etc/nginx/nginx.conf 
# ### in rotation is #### to modify the default nginx.conf 

'' ' 
# 1. upstream is to write, must be placed outside the Server 
upstream myservers { 
    Server 192.168.56.14:81; 
    Server 192.168.56.14:82; 
} 

# Server 2. in fact, there has been a default, only need to modify the location of the configuration, forwarding agent can specify 
Server { 
    LOCATION / { 
       proxy_pass HTTP: // myservers; 
    } 
} 
'' ' 
[the root @ Linux -node4 Nginx] # systemctl Start Nginx

 

3.  Load balancing common configuration comb

 

1 , the polling (default) 
each request individually assigned to a different time order back-end server, if the back-end server is down, can be automatically removed. {backserver upstream 
    Server

 192.168.0.14;
    Server 192.168.0.15;
}

 2 , the weight Weight 
polling a probability proportional to weight ratio and access, for the case where unevenness backend server performance. {backserver upstream 
    Server

 192.168.0.14 weight =. 3;
    Server = 192.168.0.15 weight. 7;
}

 . 3 , ip_hash (the IP binding) 
has a problem in the above-described embodiment is to say, in the load balancing system, if a user is logged on the server , then when the user requests a second time, because we are load-balancing system,
every request will be relocated to one of the servers in the cluster, then the server has logged one user and then relocated to another server, its Login information will be lost, this is clearly inappropriate. 
We can use ip_hash instructions to solve this problem, if the customer has visited a server, when the user accesses again, the request is through a hashing algorithm, to automatically locate the server. 
Each request is assigned according ip hash result of the visit, so that each visitor to access a fixed back-end server, can solve the problem of session. upstream backserver {


    ip_hash; 
    Server 192.168.0.14:88; 
    Server 192.168.0.15:80; 
} 

. 4 , Fair (third-party plug) 
according to the response time of the allocation request to the backend server, a short response time priority allocation. {backserver upstream 
    Server server1; 
    Server Server2; 
    Fair; 
} 



. 5 , url_hash (third-party plug) 
according to the results of hash access url allocation request to the url each directed to the same back-end server, the back end server is effective when the cache . {backserver upstream 
    Server squid1:

 3128; 
    Server squid2: 3128; 
    the hash $ REQUEST_URI; 
    hash_method CRC32; 
}