CentOS 7.6 configuration Nginx Reverse Proxy

First, the experiment introduction

192.168.2.76 nginx load balancer

192.168.2.82 web01 server

192.168.2.78 web02 server

Second, install nginx software (the following three virtual machines should be carried out)

Some Centos 7.6 which is not installed wget command, so to install their own:

yum -y install wget

Install nginx server software required to install three :()

$ rpm -ivh epel-release-latest-7.noarch.rpm

$ Yum install nginx (direct yum install)

It's that easy to install, the installation is complete, you can use systemctl to control the start nginx

$ Systemctl enable nginx (adding boot)
$ systemctl Start nginx (open nginx)
$ systemctl Status nginx (View Status)

After three servers are installed nginx test whether the normal operation, provide web services. If the error may be the cause of the firewall, see the final steps on the firewall.

Modify the proxy server nginx configuration file, load balancing. As the name suggests is to distribute requests to the plurality of different services, achieve a balanced load, reducing the pressure of a single service.

$ Vi /etc/nginx/nginx.conf (modifying the configuration file, global configuration file)

 

# For more information on configuration, see:
#  * Official English Documentation: http://nginx.org/en/docs/
#  * Official Russian Documentation: http://nginx.org/ru/docs/


Nginx User;
worker_processes Auto; (default is automatic, can set their own, generally not more than the number of cpu core)
the error_log /var/log/nginx/error.log; (error log path)
PID /run/nginx.pid; (PID file path)


# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;


{Events
    accept_mutex ON; (Fi sequences provided, and to prevent occurrence of the phenomenon of shock group, the default is ON)
    multi_accept ON; (whether a process is provided simultaneously receiving a plurality of network connections, the default is OFF)
    worker_connections 1024; maximum (a process connections)
}


http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';


    access_log  /var/log/nginx/access.log  main;


    ON the sendfile;
    # tcp_nopush ON; (commented here)
    TCP_NODELAY ON;
    keepalive_timeout 65; (connection time)
    types_hash_max_size 2048;
    the gzip ON; (open compression)
    the include /etc/nginx/mime.types;
    default_type file application / OCTET-Stream;


    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;


# Set here load balancing, load balancing how the policy, nginx has a built-in polling, weight, ip-hash, response time and other rough.
# The default is http split the load for the round-robin fashion.
# Weights are weights according to the distribution request, the high weight load is heavy
# ip-hash, allocated according to ip, ip maintaining the same points on the same server.
# Response time, according to the response time of the server nginx, priority distributed fast response speed server.
Centralized policy may be appropriately combined
    upstream tomcat {(tomcat load balancing rule name for the custom)
        ip_hash; (ip_hash was ip-hash method)

      server 192.168.2.78:80 weight=3 fail_timeout=20s;
      server 192.168.2.82:80 weight=4 fail_timeout=20s;

 

## can define multiple sets of rules
}

 


    {Server
        the listen 80 the default_server; (default listening port 80)
        the listen localhost; (monitor server)
        server_name _;
        the root / usr / Share / Nginx / HTML;


        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;


        location / {(/ indicates that all requests can be customized for different domain name to a different set of rules and load service)
  proxy_pass HTTP: // Tomcat; (reverse proxy, fill in your own load balancing rule name)
  proxy_redirect OFF; (Here are some settings can be copied directly in the past, do not, then there could lead to some not certification issues)
  proxy_set_header Host $ Host;
          proxy_set_header the X--Real-IP $ REMOTE_ADDR;
          proxy_set_header the X--Forwarded-the For $ proxy_add_x_forwarded_for;
          proxy_connect_timeout 90; ( these are just some of the following time-out settings, may not)
          proxy_send_timeout 90;
          proxy_read_timeout 90;
        }
  . # LOCATION ~ \ (GIF | JPG | PNG) {$ (for example, to write a regular expression) 
  # root / Home / root / Images;
  #}


        error_page 404 /404.html;
            location = /40x.html {
        }


        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }


# Settings for a TLS enabled server.
#
#    server {
#        listen      443 ssl http2 default_server;
#        listen      [::]:443 ssl http2 default_server;
#        server_name  _;
#        root        /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }
}

After updating the configuration, you can reload configuration to take effect without restarting the service

nginx -s reload

If you can not access, it may be due to a firewall turned on, the port is not open:

Start: systemctl start firewalld
closed: systemctl stop firewalld
view status: systemctl status firewalld
boot disabled: systemctl disable firewalld
Power On: systemctl enable firewalld

Open a port:

Add
firewall-cmd --zone = public --add- port = 80 / tcp --permanent (--permanent permanent, this argument does not fail after the restart)
reload
firewall-cmd --reload
view
firewall-cmd - zone = public --query-port = 80 / tcp
delete
firewall-cmd --zone = public --remove- port = 80 / tcp --permanent

Guess you like

Origin www.linuxidc.com/Linux/2019-06/158982.htm