nginx
概念:
正向代理:需要客户端进行配置,例如fiddler客户端配置。
反向代理:在服务端配置。例如nginx。
nginx的下载安装
一、下载:wget http://nginx.org/download/nginx-1.9.9.tar.gz 二、配置nginx安装所需的环境: 1、yum install gcc-c++ 2、yum install -y pcre pcre-devel 3、yum install -y zlib zlib-devel 4、yum install -y openssl openssl-devel 三、解压:tar -zxvf nginx-1.9.9.tar.gz 四、进入解压文件 cd nginx-1.9.9 五、使用默认配置 ./configure 六、编译安装:make && make install
注:默认安装路径:/usr/local/nginx。
nginx常用命令
nginx命令必须在安装目录的sbin目录下执行
查看版本 ./nginx -v 查看进程 ps -ef|grep nginx 停止 ./nginx -s stop 启动 ./nginx 热部署重加载 ./nginx -s reload
配置文件
路径:/usr/local/nginx/conf/nginx.conf
#user nobody; worker_processes 1;#并发处理的任务数 #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; #每个worker_processes支持与客户最大连接数 } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; #负载均衡配置,平均分配访问 #默认策略:轮询,服务器挂了就自动剔除 #weight策略:权重策略,权重越高,被分配的越多,默认为1。weight是weight策略才加 #ip_hash策略:每个请求按访问ip的hash结果分配,这样每个访客固定访问一个后端服务器,可以解决session的问题。 #fair策略:根据响应时间来分配,响应时间短的优先分配 upstream myserver{ ip_hash fair server 192.168.110.128:8080 weight=5; server 192.168.110.128:8081 weight=10; } #反向代理配置 server { listen 80; #对外接口 server_name 192.168.110.128; #主机名称,客户端访问的ip #charset koi8-r; #access_log logs/host.access.log main; location / { #跳转配置 root html;#动静分离时,静态资源的路径 /data/ autoindex on; #列出访问目录列表 proxy_pass http://127.0.0.1:8080; #跳转路径 # proxy_pass http://myserver:8080; #跳转路径(负载均衡) index index.html index.htm; } location ~/edu/ { #跳转配置,路径中包含edu的进,区分大小写。~路径中包含正则表达式,区分大小写。~*路径中包含正则表达式,不区分大小写。=不包含正则表达式,一旦匹配停止往下搜寻。 root html; proxy_pass http://127.0.0.1:8081; #跳转路径 index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
反向代理配置步骤
1、在windos系统的hosts文件里配置域名与ip的映射关系。(网络上可以DNS配置) 2、在ngin配置中修改配置 http server 中加 【proxy_pass 转发路径(http://127.0.0.1:8080)】 3、重启nginx
负载均衡配置
动静分离:是把动态请求与静态请求分开,而不只是单纯的把动态页面与静态页面分开请求。nginx处理静态页面,tomcat处理动态页面
策略
1、默认策略:轮询,服务器挂了就自动剔除
2、weight策略:权重策略,权重越高,被分配的越多,默认为1。weight是weight策略才加
3、ip_hash策略:每个请求按访问ip的hash结果分配,这样每个访客固定访问一个后端服务器,可以解决session的问题。
4、fair策略:根据响应时间来分配,响应时间短的优先分配
高可用集群(防止nginx挂掉)
安装keepalived
命令:yum install keepalived -y
验证显示版本:rpm -q -a keepalived
配置文件 /etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL #相当于域名 在host中配置 } #检测脚本与权重参数 vrrp_script chk_http_port{ script "/usr/local/src/nginx_check.sh" interval 2 #(检测脚本执行的间隔,2秒) weight -2 # 一旦挂了,本机权重降低2 } vrrp_instance VI_1 { state MASTER # 备份服务器上将MASTER改为BACKUP interface eth0 // 网卡 eth0、ens33。keepalived安装时就设置好了。linux查网卡,ifconfig。对应ip地址的那个就是 virtual_router_id 51 # 主、备机的virtual_router_id必须相同 priority 100 # 主、备机取不同的优先级,主机值较大,备机值较小 advert_int 1 #每1秒发心跳 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { //VRRP H虚拟地址。配一个就行 192.168.200.16 192.168.200.17 192.168.200.18 } } virtual_server 192.168.200.100 443 { delay_loop 6 lb_algo rr lb_kind NAT nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP real_server 192.168.201.100 443 { weight 1 SSL_GET { url { path / digest ff20ad2481f97b1754ef3e12ecd3a9cc } url { path /mrtg/ digest 9b3a0c85a887a256d6939da88aabd8cd } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 10.10.10.2 1358 { delay_loop 6 lb_algo rr lb_kind NAT persistence_timeout 50 protocol TCP sorry_server 192.168.200.200 1358 real_server 192.168.200.2 1358 { weight 1 HTTP_GET { url { path /testurl/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl2/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl3/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.200.3 1358 { weight 1 HTTP_GET { url { path /testurl/test.jsp digest 640205b7b0fc66c1ea91c463fac6334c } url { path /testurl2/test.jsp digest 640205b7b0fc66c1ea91c463fac6334c } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 10.10.10.3 1358 { delay_loop 3 lb_algo rr lb_kind NAT nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP real_server 192.168.200.4 1358 { weight 1 HTTP_GET { url { path /testurl/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl2/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl3/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.200.5 1358 { weight 1 HTTP_GET { url { path /testurl/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl2/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl3/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
配置文件解析
虚拟服务器virtual_server定义块 virtual_server:定义一个虚拟服务器,这个ip是virtual_ipaddress中定义的其中一个,后面一个空格,然后加上虚拟服务的端口号。 1> delay_loop:健康检查时间间隔,单位:秒 2> lb_algo:负载均衡调度算法,互联网应用常用方式为wlc或rr 3> lb_kind:负载均衡转发规则。包括DR、NAT、TUN 3种,一般使用路由(DR)转发规则。 4> persistence_timeout:http服务会话保持时间,单位:秒 5> protocol:转发协议,分为TCP和UDP两种 real_server:真实服务器IP和端口,可以定义多个 1> weight:负载权重,值越大,转发的优先级越高 2> notify_down:服务停止后执行的脚本 3> TCP_CHECK:服务有效性检测 * connect_port:服务连接端口 * connect_timeout:服务连接超时时长,单位:秒 * nb_get_retry:服务连接失败重试次数 * delay_before_retry:重试连接间隔,单位:秒
脚本文件nginx_check.sh
#!/bin/bash A='ps -C nginx -no-header |wc -l' if [ $A -eq 0 ];then /usr/local/nginx/sbin/nginx sleep 2 if [ 'ps -C nginx --no-header |wc -l' -eg 0 ];then killall keepalived fi fi
keepalived启动命令:
linux7.x:systemctl start keepalived.service
linux6.x:service keepalived start/stop
验证命令:ip a
nginx原理
花出去的时间,总会有收获
