Nginx反向代理

反向代理实验

1、准备node1，node2两台节点，node1反向至node2，node2配置wed服务

2、node2启动web服务

3、配置node1的nginx反向代理

3.1 备份配置文件

[root@qq nginx]# cd conf.d/[root@qq conf.d]# cp default.conf{,.bak}

3.2 node1配置反向代理至后端服务器

[root@qq conf.d]# vim default.conflocation / {    #root   /usr/share/nginx/html;    proxy_pass http://10.201.106.22/;

3.3 重载nginx服务

[root@qq conf.d]# service nginx configtestnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[root@qq conf.d]# service nginx reloadReloading nginx:                                           [  OK  ]

3.4 测试访问http://10.201.106.21能够成功跳转至node2的网页

3.5 查看node2访问日志，记录的是Client的IP

[root@ww ~]# tail -1 /var/log/httpd/access_log10.201.106.1 - - [12/Dec/2016:00:10:31 +0800] "GET /favicon.ico HTTP/1.1" 404 288 "http://10.201.106.22/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"

4、只代理某个请求

4.1 node2节点配置新的网站目录

[root@ww ~]# cd /var/www/html/[root@ww html]# lsindex.html[root@ww html]# mkdir bbs[root@ww html]# vim bbs/index.html
bbs on node2

4.2 node1配置反向代理

location / {    root   /usr/share/nginx/html;    index  index.html index.htm;    # example    #ModSecurityEnabled on;    #ModSecurityConfig /etc/nginx/modsecurity.conf;}location /bbs/ {    proxy_pass http://10.201.106.22/bbs/;}[root@qq conf.d]# service nginx reloadReloading nginx:                                           [  OK  ]

4.3 访问http://10.201.106.21/bbs/能够跳转到node2的界面

4.4 测试将node1的反向配置，前端改成错误的后再测试

location /qqq/ {    proxy_pass http://10.201.106.22/bbs/;}[root@qq conf.d]# service nginx reloadReloading nginx:                                           [  OK  ]测试：http://10.201.106.21/qqq/可以访问到node2的bbs页面实际是node1请求的[root@ww html]# tail -1 /var/log/httpd/access_log10.201.106.21 - - [12/Dec/2016:02:10:01 +0800] "GET /bbs/ HTTP/1.0" 200 22 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"

4.5 只有前端，没有后端测试

location /forum/ {    proxy_pass http://10.201.106.22/;}[root@qq conf.d]# service nginx reloadReloading nginx:                                           [  OK  ]测试后跳转到主页了，这也是一个URL

4.6 匹配后缀名，跳转

location ~* \.(jpg|png|gif)$ {    proxy_pass http://10.201.106.22;}语法检查：[root@qq conf.d]# service nginx configtestnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[root@qq conf.d]# 重载服务[root@qq conf.d]# service nginx reloadReloading nginx:                                           [  OK  ][root@qq conf.d]# 上传图片到node2节点访问：http://10.201.106.21/bg.jpg可以访问到node2的图片

4.7 放到目录下的图片访问

上传图片到node2节点；[root@ww html]# mkdir images[root@ww html]# cd images/[root@ww images]# ls2.jpg[root@ww images]# 访问测试，可以看到图片http://10.201.106.21/images/2.jpg

4.8 修改后端路径，期望放到/images下

location ~* \.(jpg|png|gif)$ {    proxy_pass http://10.201.106.22/images/;}第一种例外语法错误，模式匹配，后面就不能再跟上URL，连/也不能加[root@qq conf.d]# service nginx configtestnginx: [emerg] "proxy_pass" cannot have URI part in location given by regular expression, or inside named location, or inside "if" statement, or inside "limit_except" block in /etc/nginx/conf.d/default.conf:25nginx: configuration file /etc/nginx/nginx.conf test failed[root@qq conf.d]#

4.9 第二种例外，location如果有重写，重写后的结果

发送到后端的值，向后端发送特定首部

1、反向服务器将客户端真实IP发送给node2网站服务器

1.1 node1 配置

[root@qq conf.d]# vim default.conflocation /forum/ {    proxy_pass http://10.201.106.22/;    proxy_set_header HOST $host;    proxy_set_header X-Real-IP $remote_addr;}location ~* \.(jpg|png|gif)$ {     proxy_pass http://10.201.106.22;    proxy_set_header X-Real-IP $remote_addr;}

1.2 服务重载

[root@qq conf.d]# service nginx configtestnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[root@qq conf.d]# [root@qq conf.d]# service nginx reloadReloading nginx:                                           [  OK  ][root@qq conf.d]#

1.3 定义node2后端服务器的日志格式

记录日志首部的值[root@ww images]# vim /etc/httpd/conf/httpd.conf #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedLogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined重启服务[root@ww images]# service httpd restartStopping httpd:                                            [  OK  ]Starting httpd:                                            [  OK  ][root@ww images]#

1.4 更改日志格式后，相比前两条，最后两条的访问日志记录已经变成真正的客户端主机IP了

10.201.106.21 - - [12/Dec/2016:06:57:21 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"10.201.106.21 - - [12/Dec/2016:06:57:39 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"10.201.106.1 - - [12/Dec/2016:07:05:37 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"10.201.106.1 - - [12/Dec/2016:07:05:38 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"[root@ww images]#

Nginx缓存

1、定义node1节点缓存配置，1条命令

[root@node1 ~]# cd /etc/nginx/[root@node1 nginx]# vim nginx.confhttp {    include       /etc/nginx/mime.types;    default_type  application/octet-stream;    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '                      '$status $body_bytes_sent "$http_referer" '                      '"$http_user_agent" "$http_x_forwarded_for"';    access_log  /var/log/nginx/access.log  main;    proxy_cache_path /cache/nginx/ levels=1:1 keys_zone=mycache:32m;    sendfile        on;创建缓存目录，修改权限[root@node1 nginx]# mkdir -pv /cache/nginxmkdir: created directory `/cache'mkdir: created directory `/cache/nginx'[root@node1 nginx]# chown -R nginx:nginx /cache/nginx/[root@node1 nginx]#

2、调用缓存

[root@node1 nginx]# vim conf.d/default.conflocation /forum/ {    proxy_cache mycache;    调用缓存区域    proxy_cache_valid 200 1d;   200的缓存一天    proxy_cache_valid 301 302 10m;  301缓存10分钟    proxy_cache_valid any 1m;   其他缓存1分钟    proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;    如果有这些情况，使用旧缓存    proxy_pass http://10.201.106.22/;    proxy_set_header HOST $host;    proxy_set_header X-Real-IP $remote_addr;}

3、重载服务

[root@node1 nginx]# service nginx configtestnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[root@node1 nginx]# [root@node1 nginx]# [root@node1 nginx]# service nginx reloadReloading nginx:                                           [  OK  ][root@node1 nginx]#

4、测试

访问网页后，相应缓存目录有产生文件[root@node1 nginx]# cd /cache/nginx/[root@node1 nginx]# ls[root@node1 nginx]# lsc[root@node1 nginx]# ls7  c[root@node1 nginx]# ls -lhttotal 8.0Kdrwx------ 3 nginx nginx 4.0K Nov 24 11:21 7drwx------ 3 nginx nginx 4.0K Nov 24 11:21 c[root@node1 nginx]# cd 7[root@node1 7]# lsc[root@node1 7]# cd c[root@node1 c]# ls99cd97b13b9069e769098b964e66bbc7[root@node1 c]# ls -lhttotal 12K-rw------- 1 nginx nginx 8.4K Nov 24 11:21 99cd97b13b9069e769098b964e66bbc7[root@node1 c]# 缓存后，

Nginx负载均衡

1、关闭缓存

[root@node1 ~]# vim /etc/nginx/nginx.conf#proxy_cache_path /cache/nginx/ levels=1:1 keys_zone=mycache:32m;

2、定义第三个节点的网页

[root@master1 ~]# vim /var/www/html/index.htm 
nginx on node3

3、编辑前端配置

全局配置[root@node1 ~]# vim /etc/nginx/nginx.conf    upstream upservers {        server 10.201.106.22;        server 10.201.106.130;    }web配置[root@node1 ~]# vim /etc/nginx/conf.d/default.conflocation /forum/ {proxy_pass http://upservers/;}

4、 访问http://10.201.106.21/forum/已经可以在两个节点中切换

5、修改负载后端的某台主机权重

[root@node1 ~]# vim /etc/nginx/nginx.conf    upstream upservers {        server 10.201.106.22; weight=2;        server 10.201.106.130;    }

6、访问网页，22访问2次，130才访问一次

7、

[root@node1 ~]# vim /etc/nginx/nginx.conf

upstream upservers {    ip_hash;    server 10.201.106.22 weight=2;    server 10.201.106.130;}

8、

upstream upservers {    server 10.201.106.22 max_fails=2 fail_timeout=1;    server 10.201.106.130 max_fails=2 fail_timeout=1;}将其中一个节点关系服务[root@node2 ~]# service httpd stopStopping httpd:                                            [  OK  ]测试后：只会在好的节点访问了重新打开服务后，又能在两个节点间切换了；

9、标记为备用节点

upstream upservers {    server 10.201.106.22 max_fails=2 fail_timeout=1;    server 10.201.106.130 max_fails=2 fail_timeout=1 backup;}

10、