centos7 upstream+反向代理实现负载均衡

 

 

拓扑图如下：

upstream按照轮询（默认）方式进行负载，每个请求按时间顺序逐一分配到不同的后端服务器，如果后端服务器down掉，能自动剔除。虽然这种方式简便、成本低廉。但缺点是：可靠性低和负载分配不均衡。适用于图片服务器集群和纯静态页面服务器集群。

1、在192.168.40.23安装nginx、关掉firewalld selinx

2、配置/etc/nginx/nginx.conf

# For more information on configuration, see:

# * Official English Documentation: http://nginx.org/en/docs/

# * Official Russian Documentation: http://nginx.org/ru/docs/

 

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

 

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

 

events {

worker_connections 1024;

}

 

http {

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

 

access_log /var/log/nginx/access.log main;

 

sendfile on;

tcp_nopush on;

tcp_nodelay on;

keepalive_timeout 65;

types_hash_max_size 2048;

 

include /etc/nginx/mime.types;

default_type application/octet-stream;

 

# Load modular configuration files from the /etc/nginx/conf.d directory.

# See http://nginx.org/en/docs/ngx_core_module.html#include

# for more information.

include /etc/nginx/conf.d/*.conf;

 

upstream svw {

server 192.168.40.21 weight=50;

server 192.168.40.22 weight=50;

} #upstream按照轮询（默认）方式进行负载

 

server {

listen 8080 default_server;

# listen [::]:80 default_server;

server_name _;

# root /usr/share/nginx/html;

 

# Load configuration files for the default server block.

# include /etc/nginx/default.d/*.conf;

 

# location / {

# }

location / {

client_max_body_size 1025m;#上传文件报文大小限制

proxy_pass http://svw;

}

 

error_page 404 /404.html;

location = /40x.html {

}

 

error_page 500 502 503 504 /50x.html;

location = /50x.html {

}

}

3、systemctl start nginx

4、防火墙NAT转换

5、防火墙做NAT，可在内网访问本网站；（注意）

6、绑定域名，添加A记录；即可

 

7、添加https证书

server {

listen 443 ssl;

server_name _;

ssl on;

ssl_certificate cert/214542036950782.pem;

ssl_certificate_key cert/214542036950782.key;

ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

location / {

client_max_body_size 1025m;

proxy_pass http://svw;

}

}

}