Nginx配置反向代理实例及Keepalived主从切换
概述
工作中经常需要帮同事配置反向代理,反向代理的使用场景一般为办公网跨网访问生产网应用资源。今天简单记录下操作步骤,以备之后查阅。
NGX配置
nginx的配置一般放置在 /etc/nginx/nginx.conf下,可以使用whereis nginx查看nginx的具体位置
 [root@NGXapp01 ~]# whereis nginx
nginx: /usr/sbin/nginx /usr/lib64/nginx /etc/nginx /usr/local/nginx.bak /usr/share/nginx /usr/share/man/man3/nginx.3pm.gz /usr/share/man/man8/nginx.8.gz
sbin下代表nginx可执行程序
etc/nginx下有nginx.conf配置文件
usr/share下有html文件夹,可配置nginx的静态资源/页面
简单 查看下nginx.conf文件配置
144144.163: [root@NGXapp01 ~]# cat /etc/nginx/nginx.conf
144144.168: # For more information on configuration, see:
144144.168: #   * Official English Documentation: http://nginx.org/en/docs/
144144.168: #   * Official Russian Documentation: http://nginx.org/ru/docs/
144144.168: 
144144.168: user nginx;
144144.168: worker_processes auto;
144144.168: error_log /var/log/nginx/error.log;
144144.168: pid /run/nginx.pid;
144144.168: 
144144.168: # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
144144.168: include /usr/share/nginx/modules/*.conf;
144144.168: worker_rlimit_nofile 50000;
144144.168: events {
144144.168:     worker_connections 50000;
144144.168: }
144144.168: stream {
144144.168:         log_format  stream  '$remote_addr - [$time_local] $status $bytes_received $bytes_received $hostname $msec';
144144.168:         include /app/xxxxx/conf.d/stream/*.conf;
144144.168: }
144144.168: http {
144144.168:     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
144144.168:                       '$status $body_bytes_sent "$http_referer" '
144144.168:                       '"$http_user_agent" "$http_x_forwarded_for"';
144144.168: 
144144.168:     access_log  /var/log/nginx/access.log  main;
144144.168:     client_max_body_size 1024M; 
144144.168: 
144144.168:     sendfile            on;
144144.168:     tcp_nopush          on;
144144.168:     tcp_nodelay         on;
144144.168:     keepalive_timeout   65;
144144.168:     types_hash_max_size 2048;
144144.168:     server_names_hash_bucket_size 128;
144144.168:     underscores_in_headers on;
144144.168: 
144144.168: 
144144.168:     default_type        application/octet-stream;
144144.168:     include             /etc/nginx/mime.types;
144144.168: 
144144.173:     # Load modular configuration files from the /etc/nginx/conf.d directory.
144144.173:     # See http://nginx.org/en/docs/ngx_core_module.html#include
144144.173:     # for more information.
144144.173:     include /etc/nginx/conf.d/*.conf;
144144.173:     include /app/xxxxxx/xxx/conf.d/http/*.conf;
144144.173:     include /app/xxxxxx/xxx/conf.d/https/*.conf;
144144.173: 
144144.173: 
144144.173: }
从配置文件可以看出,关于http、https和Stream的反向代理配置主要放置在
/app/xxxxx/xxxx/conf.d/http/.conf;
/app/xxxxx/xxxx/conf.d/https/.conf;
/app/xxxxxx/xxxx/conf.d/stream/*.conf;
stream主要是用来对TCP/UDP进行反向代理和负载均衡的。
Http及Https反向代理配置
进入/app/ngx/xxx/conf.d/http/,可以看到有许多http配置,拿一个http配置举例供大家参考
144622.340: [root@NGXapp01 stream]# cat ../http/xxxxx.conf
144622.345: 
144622.345: upstream backserver {
144622.345:     ip_hash;   
144622.345:     server xxx.xxx.xxx.xxx:8080 ;
144622.345:     server xxx.xxx.xxx.xxx:8080 ;
144622.345: }
144622.345: server {
144622.345:     listen       80 ;
144622.345:     server_name  xxx. xxx.com;
144622.345:     access_log  /app/xxxx/xxx/log/http/xxx/access.log  main;
144622.345:     error_log /app/xxx/xxx/log/http/xxx/error.log;
144622.345:     
144622.345: 
144622.345:     location / {
144622.350:         proxy_pass http://backserver;
144622.350:         proxy_redirect     off;
144622.350:         proxy_set_header   Host $host:$server_port;
144622.350:         proxy_set_header X-Real-IP $remote_addr;
144622.350:         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
144622.350:     }
144622.350: }
- upstream backserver 是用来做负载均衡 location这里引用了backupserver的两台服务器
- server 用来注明NGX服务器监听的地址,Servername可以是域名也可以是具体的IP,这里是监听的域名80端口
144648.905: [root@NGXapp01 stream]# cat ../http/xxxxx.conf
144648.905: 
144648.905: server {
144648.905:     listen       80 ;
144648.905:     server_name  xxx.com;
144648.905:     access_log  /app/xxxx/xxx/log/http/xxxx/access.log  main;
144648.905:     error_log /app/xxxx/xxx/log/http/xxxx/error.log;
144648.905:     
144648.905: 
144648.905:     location / {
144648.905:         proxy_pass http://xxx.xxx.xxx.xxx:70;
144648.905:         proxy_redirect     off;
144648.910:         proxy_set_header   Host $host:$server_port;
144648.910:         proxy_set_header X-Real-IP $remote_addr;
144648.910:         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
144648.910:     }
144648.910: }
- server是监听的地址 servername可以是ip地址或者域名
- locattion是nginx转发的地址
修改配置
一般来说,以上配置对于简单的日常使用就够了,以ngx所在用户根据需求修改好自己的配置,保存后需要进行如下操作
su - root
nginx -t # 检测配置文件是否正常
nginx -s reload # 热刷新,不重启应用的情况下将配置读取到内存
keepalived主从切换,用来针对某节点配置是否正常
由于NGX是主从架构,因此 server 模块中的server name 最好使用keepalived的虚拟地址,申请域名解析的时候最好也将域名指向虚拟地址。
以下提供仅申请了一台NGX服务器的地址域名解析,或仅指向其中一台IP地址的情况下,用来测试配置是否成功的情况。
ip a  # 查看谁是keepalived的主节点,若申请的主节点的访问策略,无需对keepalived进行操作,仅测试这台主节点转发配置是否生效
# 如果配置的是从节点的反向代理,那么需要测试从节点反向代理配置是否生效
# 在主节点执行以下操作,主节点关闭后,虚拟地址自动漂移到从节点。
systemctl stop keepalived
 
                    
                     
                    
                 
                    
                 
                
            
         
 
         浙公网安备 33010602011771号
浙公网安备 33010602011771号