Nginx reverse proxy and cache
lab environment
- nginx reverse proxy server: Centos7 192.168.10.123
- LAMP:Centos7 192.168.10.121
- LNMP:Centos7 192.168.10.124
NOTE: This experiment based on previous configuration environment, if the reference interest may Nginx acquaintance , Nginx acquaintance 2
Nginx proxy module
- proxy module, the module is supported by ngx_http_proxy
- upstream module, the module is supported by ngx_http_upstream
- fastcgi module, supported by the module
Nginx reverse proxy configuration
Using yum install nginx Service
Modify the configuration to enable proxy module reverse proxy functionality
location / { if ( $request_filename ~* \.php$ ) { proxy_pass http://192.168.10.121; } if ( $request_filename !~* \.php$ ) { proxy_pass http://192.168.10.124; } }
Check the configuration syntax and start the service
Access tests
The proxy server to be forwarded connection request .php suffix to the host 192.168.10.121 processing request is forwarded to the other host processing 192.168.10.124
When using this method to reverse proxy logging backend can not collect the source address of the client will only record a reverse proxy server ip address, not an accurate log analysis
LNMP server can not collect the correct source address of the client will only record a reverse proxy server ip
Modify nginx reverse proxy configuration
location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $remote_addr; #HTTP的请求端真实的IP if ( $request_filename ~* \.php$ ) { proxy_pass http://192.168.10.121; } if ( $request_filename !~* \.php$ ) { proxy_pass http://192.168.10.124; } } #标准格式:X-Forwarded-For: client1, proxy1, proxy2... #X-Forwarded-For头信息可以有多个,中间用逗号分隔,第一项为真实的客户端ip,其余为经过的代理或负载均衡的ip地址,经过几个就会出现几个 #$proxy_add_x_forwarded_for变量包含客户端请求头中的"X-Forwarded-For",与$remote_addr用逗号分开 #$remote_addr变量的值是客户端的IP #$http_x_forwarded_for变量,保存了请求中的X-Forwarded-For信息 参考:https://blog.51cto.com/wjw7702/1150225
If there are suggested represent additional add additional information that exceeds the size of hash bucket size, need to be adjusted
proxy_headers_hash_max_size 1024; proxy_headers_hash_bucket_size 128;
Modify LAMP server Apache log format services
Access test, view the log results
LNMP server logs
Apache Server Log
Nginx reverse proxy cache server configuration
Modify the Reverse Proxy Server Configuration
located at http vessel proxy_cache_path
http { ... proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=xcache:10M max_size=500M; ... location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $remote_addr; proxy_cache xcache; #使用xcache类型缓存 proxy_cache_valid 200 1d; #响应状态码为200的页面缓存1天 proxy_cache_valid 301 302 1m; #响应状态码为301、302的页面缓存1分钟 proxy_cache_valid any 1m; #其余的缓存1分钟 proxy_cache_revalidate on; #指示NGINX在刷新来自服务器的内容时使用GET请求 proxy_cache_use_stale error timeout http_500 http_502 http_504; #若请求出现timeout、500、502、504s时使用过期的缓存响应请求 add_header X_cache_hit $upstream_cache_status; #添加缓存命中状态到报文首部 ... } #内容参考来自:https://www.cnblogs.com/howhy/p/6732216.html
Create the specified cache storage directory, and given the appropriate permissions
Browser to view the results
Check the cache files are stored
proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=xcache:10M max_size=500M; #proxy_cache_path 定义缓存目录 #目录的生成对应levels=1:2 #:隔离目录,一个分号表示有两级目录 #1表示父目录为1个字符,目录名为缓存文件名的最后一个字符 #2表示子目录下为2个字符,目录名为倒数第3和倒数第2两个字符 #keys_zone 定义缓存名称和内存空间大小 #max_size 定义缓存硬盘空间大小
upstream load balancing
Modify the proxy server nginx configuration
http { ... upstream webservers{ [rr|wrr|ip_hash|least_conn] server 192.168.10.121 max_fails=3 fail_timeout=30s weight=1; server 192.168.10.124 max_fails=3 fail_timeout=30s weight=1; server 192.168.10.122 backup; #backup 备用服务器 } ... location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Real-IP $remote_addr; # proxy_cache xcache; # proxy_cache_valid 200 1d; # proxy_cache_valid 301 302 1m; # proxy_cache_valid any 1m; # proxy_cache_revalidate on; # proxy_cache_use_stale error timeout http_500 http_502 http_504; # add_header X_cache_hit $upstream_cache_status; proxy_pass http://webservers; } ... } #Nginx的调度算法: # rr:轮询,轮流分配请求 # wrr:加权轮询,参考权重轮分配请求(如:定义upsteam_server默认算法就是wrr) # ip_hash源地址hash,对源ip地址计算hash值,一样的hash值将请求送到相同服务器,实现session绑定 # least_conn:最少连接调度算法 #后端服务器状态 #down:表示当前server暂时不参与负载均衡。 #backup:预留的备份机,当其他所有非backup机器出现故障或者繁忙的时候,才会请求backup机器 #max_fails:允许请求的失败次数,默认为1,配合fail_timeout一起使用 #fail_timeout:经过max_fails次请求失败后服务将会暂定fail_timeout时间不向请求失败的主机发送请求
Add the test page for all the servers in the cluster
192.168.10.121 LAMP server
192.168.10.124 LNMP server
Access tests