A detailed explanation of the GEO module in Nginx and the example of using it to configure load balancing _nginx

Source: Internet
Author: User
Tags ranges

The GEO directives are provided using the Ngx_http_geo_module module. By default, Nginx has to load this module, unless the artificial--without-http_geo_module.
The Ngx_http_geo_module module can be used to create variables whose values depend on the client IP address.
Geo directives
syntax: Geo [$address] $variable {...}
Default value:-
Configuration segment: http
Defines the IP address of the client to obtain from the specified variable. By default, Nginx obtains the client IP address from the $REMOTE_ADDR variable, but it can also be obtained from other variables. Such as

Geo $remote _addr $geo {
    default 0;
    127.0.0.1 1;
}
Geo $arg _ttlsa_com $geo {
    default 0;
    127.0.0.1 1;
}

If the value of the variable does not represent a legitimate IP address, then Nginx will use the address "255.255.255.255".
Nginx describes addresses through CIDR or address segments, supporting the following parameters:

    • Delete: Deletes the specified network
    • Default: If the client address does not match any one of the defined addresses, Nginx will use this value. If you use CIDR, you can replace default with "0.0.0.0/0".
    • Include: contains a file that defines the address and value, and can contain multiple.
    • Proxy: Defines a trusted address. If the request comes from a trusted address, Nginx uses its "x-forwarded-for" header to obtain the address. The trusted address is sequential detection relative to the normal address.
    • Proxy_recursive: Opens the recursive lookup address. If the recursive lookup is turned off, when the client address matches a trusted address, Nginx uses the last address in "x-forwarded-for" to replace the original client address. If a recursive lookup is turned on, when the client address matches a trusted address, Nginx replaces the original client address with the last address in "x-forwarded-for" that does not match all trusted addresses.
    • Ranges: Use the Address section to define the address, this parameter must be in the first place. To expedite the loading of the address library, the address should be defined in ascending order.
Geo $country {
  default    ZZ;
  Include    conf/geo.conf;
  Delete     127.0.0.0/16;
  Proxy     192.168.100.0/24;
  Proxy     2001:0db8::/32;
 
  127.0.0.0/24  US;
  127.0.0.1/32  RU;
  10.1.0.0/16  RU;
  192.168.1.0/24 UK;

Vim conf/geo.conf
10.2.0.0/16  RU;
192.168.2.0/24 RU;

Example of an address section:

Geo $country {
  ranges;
  Default          ZZ;
  127.0.0.0-127.0.0.0    US;
  127.0.0.1-127.0.0.1    RU;
  127.0.0.1-127.0.0.255   US;
  10.1.0.0-10.1.255.255   RU;
  192.168.1.0-192.168.1.255 UK;

The GEO directive mainly assigns variables based on IP. Therefore, only IP or network segments can be defined under the GEO block, otherwise an error will be used.

Geo module realizes global load Balancing
server1:192.168.6.101
server2:192.168.6.102
server3:192.168.6.121

Test machine 1 ip:192.168.6.2
Test Machine 2 ip:192.168.6.8
Test Machine 3 ip:192.168.6.189

1. Compile and install Nginx on each server, I will not say more!
Server1, and Server2 configuration I did not change ~ only his homepage to change, this is conducive to testing!
Server1:

Shell $> cd/usr/local/nginx/html
Shell $> rm index.html
Shell $> echo "192.168.6.101" > index.html


Server2:

Shell $> cd/usr/local/nginx/html
Shell $> rm index.html
Shell $> echo "192.168.6.102" > index.html


Get all their services up.

Shell $>/usr/local/nginx/sbin/nginx
 

2. Modify the Server3 configuration '

Shell $> cd/usr/local/nginx/conf/
Shell $> vim nginx.conf
Worker_processes 1;
  Events {worker_connections 1024;} http {include mime.types;
  Default_type Application/octet-stream;
    Geo $geo {default default;
    192.168.6.189/32 UK;
192.168.6.8/32 us;
  #这里的子网码是 32 is because, I am a single segment test, if you have VLANs, you can be 24 for example # 192.168.0.0/24 TW} upstream uk.server {server 192.168.6.101;
  } upstream Us.server {server 192.168.6.102;
  } upstream Default.server {server 192.168.6.121:8080;
  } Sendfile on;

  Keepalive_timeout 65;
    server {Listen 80;
    server_name 192.168.6.121;
    Index index.html index.htm;

    root HTML;
        Location/{proxy_redirect off;
        Proxy_set_header Host $host;
        Proxy_set_header X-real-ip $remote _addr;
        Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
    Proxy_pass http://$geo. Server$request_uri;
    } error_page 502 503 504/50x.html;
    Location =/50x.html {root html; } Server {Listen 8080;
    server_name 192.168.6.121;
      Location/{root HTML;
    Index index.html index.htm;

 }
  }
}


3. Test, open the browser input on test machine 1
http://192.168.6.121
Show

Because the test machine 1 IP address for 192.168.6.2 according to Nginx configuration, he visited is obviously server3 8080 port! Because Server1 Server2 's index.html, I modified it.

Open the browser on test machine 2 input
http://192.168.6.121
Show

Open the browser on test machine 3 input
http://192.168.6.121
Test Machine 3 IP for 192.168.6.189
Show:

It is clear that load balancing plays a role ~ ~ ~
This allows the three servers to be placed in different IDC room. And then in the data synchronization can be the advantage of doing this is to save the DNS to tamper with, because the smart DNS sometimes in accordance with the IP resolution of the time will resolve the DNS address of each other, match him to a server, if the other is Netcom users, he used the telecommunications DNS, will directly match him to the telecom server, NGINX, it is true that the basis to access IP to match the server, so long as we put the IP section of the region to collect on the ~ ~

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.