Nginx Reverse Proxy Server Load balancer page cache URL rewriting and read/write splitting

Nginx Reverse Proxy Server Load balancer page cache URL rewriting and read/write splitting

Outline

I. Preface

II. Environment preparation

3. install and configure Nginx

Iv. reverse proxy for Nginx

5. Load Balancing for Nginx

Vi. Nginx page Cache

VII. Rewrite Nginx URLs

VIII. Nginx read/write splitting

Note that the operating system is CentOS 6.4 x86_64, Nginx is the latest version of 1.4.2, the system can be here: http://www.centoscn.com/CentosSoft/iso/2013/0720/371.html

I. Preface

In the previous blog posts, we mainly explained the knowledge of Nginx as a Web server, including the theoretical explanation of nginx, the operation of nginx as a web server, and the explanation of nginx as an LNMP architecture, if you are not clear about it, you can look back. In this blog, we will mainly explain reverse proxy, load balancing, caching, URL rewriting, and read/write splitting of nginx. Now let's talk about it in detail.

II. Environment preparation

1. Operating System

• CentOS 6.4 x86_64

2. Software Version

• Nginx 1.4.2

3. Experiment Topology

Note: The experiment topology is described below.

4. Install the yum Source

[root@nginx ~]# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm[root@web1 ~]# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm[root@web2 ~]# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

5. time synchronization between nodes

[root@nginx ~]# ntpdate 202.120.2.101[root@web1 ~]# ntpdate 202.120.2.101[root@web2 ~]# ntpdate 202.120.2.101

6. Disable firewall and SELinux

[root@nginx ~]# service iptables stop[root@nginx ~]# chkconfig iptables off[root@nginx ~]# getenforceDisabled[root@web1 ~]# service iptables stop[root@web1 ~]# chkconfig iptables off[root@web1 ~]# getenforceDisabled[root@web2 ~]# service iptables stop[root@web2 ~]# chkconfig iptables off[root@web2 ~]# getenforceDisabled

3. Install Nginx

1. Extract

[root@nginx src]# tar xf nginx-1.4.2.tar.gz

2. Create nginx users and groups

[root@nginx src]# groupadd -g 108 -r nginx[root@nginx src]# useradd -u 108 -r -g 108 nginx[root@nginx src]# id nginxUid = 108 (nginx) gid = 108 (nginx) group = 108 (nginx)

3. Prepare the compilation configuration file

[root@nginx src]# yum install -y pcre-devel openssl-devel[root@nginx nginx-1.4.2]# ./configure --prefix=/usr --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --http-client-body-temp-path=/var/tmp/nginx/client/ --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre

4. Compile and install

[root@nginx nginx-1.4.2]# make && make install

5. Provide SysV init script for nginx

[root@nginx ~]# cat /etc/init.d/nginx#!/bin/sh## nginx - this script starts and stops the nginx daemon## chkconfig: - 85 15# description: Nginx is an HTTP(S) server, HTTP(S) reverse \# proxy and IMAP/POP3 proxy server# processname: nginx# config: /etc/nginx/nginx.conf# config: /etc/sysconfig/nginx# pidfile: /var/run/nginx.pid# Source function library../etc/rc.d/init.d/functions# Source networking configuration../etc/sysconfig/network# Check that networking is up.["$NETWORKING"="no"] &&exit0nginx="/usr/sbin/nginx"prog=$(basename$nginx)NGINX_CONF_FILE="/etc/nginx/nginx.conf"[ -f/etc/sysconfig/nginx] && ./etc/sysconfig/nginxlockfile=/var/lock/subsys/nginxmake_dirs() {# make required directoriesuser=`nginx -V 2>&1 |grep"configure arguments:"|sed's/[^*]*--user=\([^ ]*\).*/\1/g'-`options=`$nginx -V 2>&1 |grep'configure arguments:'`foroptin$options;doif[ `echo$opt |grep'.*-temp-path'` ];thenvalue=`echo$opt |cut-d"="-f 2`if[ ! -d"$value"];then# echo "creating" $valuemkdir-p $value &&chown-R $user $valuefifidone}start() {[ -x $nginx ] ||exit5[ -f $NGINX_CONF_FILE ] ||exit6make_dirsecho-n $"Starting $prog: "daemon $nginx -c $NGINX_CONF_FILEretval=$?echo[ $retval -eq0 ] &&touch$lockfilereturn$retval}stop() {echo-n $"Stopping $prog: "killproc $prog -QUITretval=$?echo[ $retval -eq0 ] &&rm-f $lockfilereturn$retval}restart() {configtest ||return$?stopsleep1start}reload() {configtest ||return$?echo-n $"Reloading $prog: "killproc $nginx -HUPRETVAL=$?echo}force_reload() {restart}configtest() {$nginx -t -c $NGINX_CONF_FILE}rh_status() {status $prog}rh_status_q() {rh_status >/dev/null2>&1}case"$1"instart)rh_status_q &&exit0$1;;stop)rh_status_q ||exit0$1;;restart|configtest)$1;;reload)rh_status_q ||exit7$1;;force-reload)force_reload;;status)rh_status;;condrestart|try-restart)rh_status_q ||exit0;;*)echo$"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"exit2esac

6. Grant the execution permission to the script.

[root@nginx ~]# chmod +x /etc/init.d/nginx

7. Add it to the Service Management list and enable it to automatically start upon startup

[root@nginx ~]# chkconfig --add nginx[root@nginx ~]# chkconfig nginx on[root@nginx ~]# chkconfig nginx --listNginx 0: Disable 1: Disable 2: Enable 3: Enable 4: Enable 5: Enable 6: Disable

8. Start nginx

[root@nginx ~]# service nginx startStarting nginx: [OK]

9. Check the port

[root@nginx ~]# netstat -ntlp | grep :80tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3889/nginx

10. Test it.

Now let's talk about Nginx reverse proxy.

Iv. reverse proxy for Nginx

We have to prepare two test servers, Web1 and web2.

1. Install httpd

[root@web1 ~]# yum install -y httpd[root@web2 ~]# yum install -y httpd

2. Provide the test page

[root@web1 ~]# echo "[root@web2 ~]# echo "

3. Start the httpd service

[root@web1 ~]# service httpd startStarting httpd: [OK][root@web2 ~]# service httpd startStarting httpd: [OK]

4. Test it.

5. To put it simply, forward proxy and reverse proxy

(1 ). the concept of forward proxy is positive proxy, that is, the legendary proxy. His working principle is like a stepping stone. Simply put, I am a user and I cannot access a website, but I can access a proxy server. What about this proxy server? He can access the website that I cannot access. So I first connected to the proxy server and told him that I needed the content that could not access the website, the proxy server returns it to me. From the perspective of a website, a record is recorded only when the proxy server obtains the content. Sometimes it does not know that it is a user's request or the user's information is hidden. This depends on the proxy not telling the website.

The conclusion is that the forward proxy is a server located between the client and the origin server. To get content from the origin server, the client sends a request to the proxy and specifies the target (the original server). Then, the proxy transfers the request to the original server and returns the obtained content to the client. The client must make some special settings to use the forward proxy.

(2). Reverse Proxy Concept

Example:
For example, the user accesses the ingress. The server corresponding to the domain name www.test.com mentioned here sets the reverse proxy function.

The conclusion is that reverse proxy is the opposite. for a client, it is like an original server, and the client does not need to perform any special settings. The client sends a common request to the content in the namespace (name-space) of the reverse proxy, and then the reverse proxy determines where (original server) to transfer the request, and return the obtained content to the client, just as the content is originally its own.

(3). Differences between the two

SlaveUsage:

The typical purpose of forward proxy is to provide a way to access the Internet for LAN clients in the firewall. Forward proxy can also use the buffer feature to reduce network usage. A typical purpose of reverse proxy is to provide the server behind the firewall to Internet users for access. The reverse proxy can also provide Load Balancing for multiple backend servers or buffer services for slow backend servers. In addition, the reverse proxy can also enable advanced URL policies and management technologies to make the web pages in different web server systems exist in the same URL space at the same time.

SlaveSecurity:

The forward proxy allows the client to access any website and hide the client itself. Therefore, you must take security measures to ensure that only authorized clients provide services. The reverse proxy is transparent to the outside, and visitors do not know that they are accessing a proxy.

6. nginx proxy Module

Http agent official Chinese documentation: http://www.howtocn.org/nginx:nginx%E6%A8%A1%E5%9D%97%E5%8F%82%E8%80%83%E6%89%8B%E5%86%8C%E4%B8%AD%E6%96%87%E7%89%88:standardhttpmodules:httpproxy

Note: many commands of the proxy Module I will only explain the important proxy_pass here. For more instructions, see the official Chinese documentation.

This module can forward requests to other servers. HTTP/1.0 cannot use keepalive (the backend server will create and delete connections for each request ). Nginx sends HTTP/1.1 to the browser and HTTP/1.0 to the backend server, so that the browser can process keepalive for the browser.
For example:

location / {proxy_pass http://localhost:8000;proxy_set_header X-Real-IP $remote_addr;}

Note that when the http proxy module (or even FastCGI) is used, nginx caches all connection requests before they are sent to the backend server. Therefore, when measuring data transmitted from the backend, its progress may be incorrect.

Tutorial topology:

To continue, please move to: http://freeloda.blog.51cto.com/2033581/1288553