1、nginx可以作为一个反向代理和负载均衡来使用
反向代理:比如防火墙只有一个IP和端口对外开放,但是内网有多个服务需要连接,那么可以用nginx反向代理功能,通过不同路径的url,映射到不同服务器上
负载均衡:在反向代理功能的基础上,提供软负载的功能,因为硬件负载F5、Array价格昂贵
2、CentOS7上nginx-1.16.1配置文件说明
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
#配置的用户
user nginx;
#nginx的进程数
worker_processes auto;
#错误日志路径和级别
error_log /var/log/nginx/error.log;
#进程pid文件位置
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
#加载动态模块
include /usr/share/nginx/modules/*.conf;
#events语句块
#worker_connections设置最大连接数
events {
worker_connections 1024;
}
#http语句块,可包含多个server语句块
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /404.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
3、反向代理设置
在server语句块外增加
在server语句块内增加
upstream proxy_app1 {
server 192.168.100.1:80;
}
整个结构:http语句块包含upstream和server语句块,server语句块包含location语句块
location /app1/ {
proxy_pass http://proxy_app1/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
更新nginx配置:
nginx -s reload
那么我访问http://nginx的IP:端口/app1,就代理到app1所在的服务器上了
4、负载均衡
1)upstream语句块可以配置服务器集群和负载均衡策略
2)负载均衡策略
upstream proxy_app1 {
server 192.168.100.1:80;
server 192.168.100.2:80;
server 192.168.100.3:80;
}
Round Robin:不指定策略时,默认为轮询,可以使用weight=5设置权重
Least Connections:最小连接数法,使用配置least_conn,将连接转发到当前连接数最少的服务器上
IP Hash:源地址哈希法,使用配置ip_hash,相同IP地址的请求发到同一个服务器
Generic Hash:由用户自定义hash的key,使用配置hash,进行计算哈希值
Random:随机选择,使用配置random
参考资料:
https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/
https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/