day65:nginx代理&nginx负载均衡&
目录
5.nginx_proxy + web应用节点(多台) + Redis会话保持
0.nginx流程图
0.5 项目运作示意图
1.nginx代理
1.nginx代理模式
正向代理:Science上网,共享上网
反向代理:企业
2.反向代理支持模式
http | 用户请求 响应 JAVA |
smtp | |
websocket | 用户可以请求 服务端响应 服务端可以推送数据 |
uwsgi | Python |
fastcgi | PHP |
https |
3.代理配置语法
proxy_pass http://127.0.0.1:8080;
2.nginx代理与配置
1.web节点的配置:10.0.0.201
[root@node2 conf.d]# cat proxy.oldboyedu.com.conf server { listen 80; server_name proxy.oldboyedu.com; root /code/proxy; location / { index index.html; } } [root@node2 conf.d]# mkdir /code/proxy -p [root@node2 conf.d]# echo "node2...." >> /code/proxy/index.html [root@node2 conf.d]# nginx -t [root@node2 conf.d]# systemctl reload nginx
2.代理节点的配置:10.0.0.100
# 1.关闭防火墙 [root@proxy ~]# systemctl disable firewalld [root@proxy ~]# systemctl stop firewalld [root@proxy ~]# setenforce 0 # 2.安装epel\nginx [root@proxy ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo [root@proxy ~]# yum install vim wget unzip nginx -y # 3.清理nginx.conf 无用的配置 # 4.将nginx加入开机自启\ 启动nginx [root@proxy ~]# systemctl start nginx [root@proxy ~]# systemctl enable nginx # 5.编写proxy配置文件:proxy_proxy.oldboyedu.com.conf [root@proxy ~]# vim /etc/nginx/conf.d/proxy_proxy.oldboyedu.com.conf server { listen 80; server_name proxy.oldboyedu.com; location / { proxy_pass http://10.0.0.201; # 后端是什么端口根本不重要 proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; } } # 6.检查语法,重载服务 [root@proxy ~]# nginx -t [root@proxy ~]# systemctl restart nginx
在用户请求代理中,抓包分析,提炼了几个参数:
proxy_set_header Host $http_host; # 将用户请求的域名携带到后端 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 将用户的真实IP地址,携带到后端,后端有对应的变量解析结果 proxy_http_version 1.1; # 代理请求后端默认走http1.0, 可以调整为http1.1 长连接
3.nginx负载均衡调度多web节点(静态页面)
1.node1-nginx配置
[root@node1 conf.d]# cat /etc/nginx/conf.d/proxy.oldboyedu.com.conf server { listen 80; server_name proxy.oldboyedu.com; root /code/proxy; location / { index index.html; } } [root@oldboy-pythonedu ~]# mkdir /code/proxy -p [root@oldboy-pythonedu ~]# echo "node1...." > /code/proxy/index.html [root@oldboy-pythonedu ~]# systemctl reload nginx
2.node2-nginx配置
[root@node2 conf.d]# cat /etc/nginx/conf.d/proxy.oldboyedu.com.conf server { listen 80; server_name proxy.oldboyedu.com; root /code/proxy; location / { index index.html; } } [root@oldboy-pythonedu ~]# mkdir /code/proxy -p [root@oldboy-pythonedu ~]# echo "node2...." > /code/proxy/index.html [root@oldboy-pythonedu ~]# systemctl reload nginx
3.通过nginx负载均衡进行轮询调度–>proxy-nginx配置
# proxy: 10.0.0.100 # 域名: proxy.oldboyedu.com [root@proxy ~]# cat /etc/nginx/conf.d/proxy_proxy.oldboyedu.com.conf upstream node { server 10.0.0.200:80; server 10.0.0.201:80; } server { listen 80; server_name proxy.oldboyedu.com; location / { proxy_pass http://node; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; } } [root@proxy ~]# nginx -t [root@proxy ~]# systemctl reload nginx
Tip:加权轮询
upstream node { server 10.0.0.200:80 weight=5; server 10.0.0.201:80 weight=1; }
Tip:ip_hash:固定将请求调度到某一个节点(session会话保存)
upstream node { ip_hash; server 10.0.0.200:80; server 10.0.0.201:80; }
对于ip_hash:
优点:可以解决会话问题
缺点:如果来源的都是同一个IP地址,则会造成某一个节点非常的繁忙,而其他的节点没有流量,造成负载不均衡的现象.
4.nginx负载均衡调度多应用节点(blog)
实现步骤
1.准备好wordpress两台应用节点
2.准备好edusoho两台应用节点
3.配置nginx负载均衡,调度
在10.0.0.100进行blog配置
upstream blog { server 10.0.0.200:80; server 10.0.0.201:80; } server { listen 80; server_name blog.oldboyedu.com; location / { proxy_pass http://blog; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
通过查看访问日志,即可看到轮询的效果
Tip:查看访问日志的命令
[root@python31-centos var]# tail -f /var/log/nginx/access.log
5.nginx_proxy + web应用节点(多台) + Redis会话保持
1.搭建好应用节点(所有节点保持一致) 10.0.0.200
[root@oldboy-pythonedu ~]# wget https://files.phpmyadmin.net/phpMyAdmin/5.0.3/phpMyAdmin-5.0.3-all-languages.zip
2.准备phpmyadmin的Nginx配置文件 10.0.0.200
server { listen 80; server_name phpmyadmin.oldboyedu.com; root /code/phpmyadmin; location / { index index.php; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } [root@oldboy-pythonedu ~]# systemctl reload nginx [root@oldboy-pythonedu ~]# unzip phpMyAdmin-5.0.3-all-languages.zip [root@oldboy-pythonedu ~]# mv phpMyAdmin-5.0.3-all-languages /code/phpmyadmin
3.配置phpmyadmin连接数据库地址 10.0.0.200
[root@oldboy-pythonedu ~]# cp /code/phpmyadmin/config.sample.inc.php /code/phpmyadmin/config.inc.php [root@oldboy-pythonedu ~]# vim /code/phpmyadmin/config.inc.php /* Server parameters */ $cfg['Servers'][$i]['host'] = '10.0.0.202';
4.授权session存储本地目录为进程的用户身份 10.0.0.200
[root@oldboy-pythonedu ~]# chown -R nginx.nginx /var/lib/php/session
5.部署node2节点的phpmyadmin, 需要将代码和nginx配置拷贝一份 10.0.0.201
[root@node2 code]# scp -rp root@10.0.0.200:/code/phpmyadmin /code/ [root@node2 code]# chown -R nginx.nginx /code/phpmyadmin/ [root@node2 code]# scp root@10.0.0.200:/etc/nginx/conf.d/phpadmin.oldboyedu.com.conf /etc/nginx/conf.d/ [root@node2 code]# chown -R nginx.nginx /var/lib/php/session/ [root@node2 code]# nginx -t [root@node2 code]# systemctl reload nginx
6.为应用节点,接入负载均衡 10.0.0.201
[root@proxy ~]# cat /etc/nginx/conf.d/proxy_phpadmin.oldboyedu.com.conf upstream php { server 10.0.0.200:80; server 10.0.0.201:80; } server { listen 80; server_name phpmyadmin.oldboyedu.com; location / { proxy_pass http://php; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
7.检查轮询是否会造成无法登陆情况, 配置IP_hash测试是否能正常登陆
# 轮询一定会造成无法登陆成功. # 可以采用ip_hash的方式解决. upstream php { ip_hash; server 10.0.0.200:80; server 10.0.0.201:80; }
8.采用Redis共享的方式来解决会话无法登陆的问题,
注意!!!需要先将负载均衡恢复至轮询模式,然后在继续.
8.1 安装Redis
[root@node-mysql ~]# yum install redis -y [root@node-mysql ~]# vim /etc/redis.conf # 添加本机的内网IP地址 ( 不要写错了 ) bind 127.0.0.1 10.0.0.202 [root@node-mysql ~]# systemctl enable redis [root@node-mysql ~]# systemctl start redis [root@node-mysql ~]# netstat -lntp | grep redis tcp 0 0 10.0.0.202:6379 0.0.0.0:* LISTEN 10699/redis-server tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 10699/redis-server
8.2 通过其他的节点测试是否能正常访问Redis
[root@node2 ~]# yum install redis -y [root@node2 ~]# redis-cli -h 10.0.0.202
8.3 配置应用节点接入Redis
# 1.将应用程序解析器连接至 Redis [root@oldboy-pythonedu ~]# vim /etc/php.ini [Session] ;session.save_handler = files #注释掉 session.save_handler = redis session.save_path = "tcp://10.0.0.202:6379?weight=1&timeout=2.5" # 2.注释如下两行内容 [root@oldboy-pythonedu ~]# vim /etc/php-fpm.d/www.conf ;php_value[session.save_handler] = files ;php_value[session.save_path] = /var/lib/php/session # 3.重启php-fpm [root@oldboy-pythonedu ~]# systemctl restart php-fpm
9.测试是否能正常登陆,然后检查浏览器中的session是否与redis中存储的session一致.
[root@node-mysql ~]# redis-cli 127.0.0.1:6379> keys * 1) "python_key" 2) "PHPREDIS_SESSION:f0ad1e364f79a85bd93b46883403f6ec"