Nginx reverse proxy and load balancing implementation process

Nginx reverse proxy and load balancing implementation process

First install nginx

. Time synchronization between nodes

[Root @ nginx ~] # ntpdate 202.120.2.101 [root@web1 ~]# ntpdate 202.120.2.101 [root@web2 ~]# ntpdate 202.120.2.101

6. Disable firewall and SELinux

Root @ nginx ~] # service iptables stop [root@nginx ~]# chkconfig iptables off [root@nginx ~]# getenforce Disabled [root@web1 ~]# service iptables stop [root@web1 ~]# chkconfig iptables off [root@web1 ~]# getenforce Disabled [root@web2 ~]# service iptables stop [root@web2 ~]# chkconfig iptables off [root@web2 ~]# getenforce Disabled

Install dependency packages
# Yum install gcc pcre-devel zlib-devel openssl-devel

Download nginx
# Cd/usr/local/src
# Wget http://www.nginx.org/download/nginx-1.0.9.tar.gz
# Tar zxvf nginx-1.0.9.tar.gz
# Cd nginx-1.0.9

Configuration and installation:
#. /Configure -- prefix =/usr -- sbin-path =/usr/sbin/nginx -- conf-path =/etc/nginx. conf -- error-log-path =/var/log/nginx/error. log -- pid-path =/var/run/nginx. pid -- lock-path =/var/lock/nginx. lock -- user = nginx -- group = nginx -- with-http_ssl_module -- with-http_flv_module -- with-http_gzip_static_module -- http-log-path =/var/log/nginx/access. log -- http-client-body-temp-path =/var/tmp/nginx/client/-- http-proxy-temp-path =/var/tmp/nginx/proxy /-- http-fastcgi-temp-path =/var/tmp/nginx/fcgi/
# Make
# Make install

 

2. Create nginx users and groups
 

 

Provide SysV init script for nginx

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 28 29 30 31 32 33 34 35 36 38 39 40 41 42 43 44 45 46 48 49 50 51 52 54 55 57 58 59 60 61 62 63 64 65 66 67 68 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110

[root@nginx ~]# cat /etc/init.d/nginx #!/bin/sh # # nginx - this script starts and stops the nginx daemon # # chkconfig: - 85 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # processname: nginx # config: /etc/nginx/nginx.conf # config: /etc/sysconfig/nginx # pidfile: /var/run/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 nginx="/usr/sbin/nginx" prog=$(basename $nginx) NGINX_CONF_FILE="/etc/nginx/nginx.conf" [ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx lockfile=/var/lock/subsys/nginx make_dirs() { # make required directories user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -` options=`$nginx -V 2>&1 | grep 'configure arguments:'` for opt in $options; do if [ `echo $opt | grep '.*-temp-path'` ]; then value=`echo $opt | cut -d "=" -f 2` if [ ! -d "$value" ]; then # echo "creating" $value mkdir -p $value && chown -R $user $value fi fi done } start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 make_dirs echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest || return $? stop sleep 1 start } reload() { configtest || return $? echo -n $"Reloading $prog: " killproc $nginx -HUP RETVAL=$? echo } force_reload() { restart } configtest() { $nginx -t -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit 2 esac

Grant execution permission to this script

1	[root@nginx ~]# chmod +x /etc/init.d/nginx

Add to service management list and enable Automatic startup

1 2 3 4

[Root @ nginx ~]# Chkconfig -- add nginx[Root @ nginx ~]# Chkconfig nginx on[Root @ nginx ~]# Chkconfig nginx -- listNginx 0: Disable 1: Disable 2: Enable 3: Enable 4: Enable 5: Enable 6: Disable

8. Start nginx

1 2	[Root @ nginx ~]# Service nginx startStarting nginx:

Check the port

1 2	[root@nginx ~]# netstat -ntlp | grep :80

Back up cp/etc/nginx. conf/etc/nginx. conf. bak

Reverse Proxy

[Root @ localhost nginx-1.0.9] # mkdir/usr/html/forum

[Root @ localhost nginx-1.0.9] # vi/usr/html/forum/index.html

Then access the page through http: // 192.168.16.246/forum/

On the other server (the httpd configuration is as follows)

[Root @ web1 ~] # Cd/var/www/html/

Mkdir bbs

Vi/var/www/html/bbs/index.html

 

Add

Location/forum /{

Proxy_pass http: // 192.168.16.230/bbs;

Proxy_set_header X-Real-IP $ remote_addr;

}

Instruction Description: proxy_set_header

Syntax: proxy_set_header header value
Default Value: Host and Connection
Field used: http, server, location
This command allows you to redefine the request header sent to the proxy server or add some fields. This value can be a text, variable, or a combination of them. When the specified field is not defined, proxy_set_header inherits from its parent field.

 

In this way, each time I forward data to the backend, the backend will have a header named X-Real-IP, which will also be transmitted to the client.

Next, modify vi/etc/httpd/conf/httpd. conf.

Set LogFormat "% h % l % u % t \" % r \ "%> s % B \" % {Referer} I \ "\" % {User-Agent} I \ "" combined

To: logFormat "% {X-Real-IP} I % l % u % t \" % r \ "%> s % B \" % {Referer} I \ "\" % {User-Agent} I \ "" combined

In this way, when accessing the web server, it records not the ip address of the nginx forwarder but the ip address of the user, which is conducive to log analysis.

This is to forward files under/forum to another web server. What if the backend web cannot be used?

Server Load balancer

 

Install scp software package:

# Yum install openssh-clients

This is a command I learned. openssh must be installed on scp 2.

Scp/var/www/html/bbs/index.html 192.168.16.240:/var/www/html/. In this way, copy the file to 240. You only need to modify the file.

Web1 mv/var/www/html/bbs/index.html/var/www/html/index.html

Upstream load balancing module description

Add the following

 

Upstream webserver {

Server 192.168.16.230 weight = 1;

Server 192.168.16.240 weight = 1;

}

Comment out the default location here, as shown in

 

Location /{

Proxy_pass http: // webserver /;

Proxy_set_header X-Real-IP $ remote_addr;

}

 

In this way, when you access 192.168.16.246, refresh the first page. The first page is web1. The second page is the second web2 page.

 

If the web machine is down one day and nginx has its own health check function, you can automatically set the default number of seconds to 10 seconds.

 

Upstream webserver {

Server 192.168.16.230 weight = 1; max_fails = 2 fail_timeout = 2;

Server 192.168.16.240 weight = 1; max_fails = 2 fail_timeout = 2;

}

Here we set the time to 4 seconds.

In this way, we will down web2; the refreshed page will always be web1 web2 enabled and automatically Loop

If two web servers go down, we need to define the sorry page to reduce the user experience...

Here I will use the local port 8080 to differentiate

Create a VM

 

Server {

Listen 8080;

Server_name 127.0.0.1;

Root/web/errorpages;

Index index.html;

}

Create the mkdir-pv/web/errorpages directory.

Vi index.html page .....

Next, add

 

Upstream webserver {

Server 192.168.16.230 weight = 1 max_fails = 2 fail_timeout = 2;

Server 192.168.16.240 weight = 1 max_fails = 2 fail_timeout = 2;

Server 127.0.0.1: 8080 backup;

In this way, the load is down for two servers, and then the page of 192.168.16.246 is accessed.