目录
5.nginx_proxy + web应用节点(多台) + Redis会话保持
0.Nginx流程图
0.5 项目运作示意图
1.Nginx代理
1.Nginx代理模式
正向代理:Science上网,共享上网
反向代理:企业
2.反向代理支持模式
| http | 用户请求 响应 JAVA |
| smtp | |
| websocket | 用户可以请求 服务端响应 服务端可以推送数据 |
| uwsgi | Python |
| fastcgi | PHP |
| https |
3.代理配置语法
proxy_pass http://127.0.0.1:8080;
2.Nginx代理与配置
1.web节点的配置:10.0.0.201
[root@node2 conf.d]#@H_502_111@ cat proxy.oldboyedu.com.conf @H_502_111@
server {
listen @H_502_111@80;
server_name proxy.oldboyedu.com;
root @H_502_111@/code/proxy;
location @H_502_111@/ {
index index.html;
}
}
[root@H_502_111@@node2 conf.d] mkdir /code/proxy -p@H_502_111@
[root@node2 conf.d] echo "node2...." >> /code/proxy/index.html@H_502_111@
[root@H_502_111@@node2 conf.d] Nginx -t@H_502_111@
[root@node2 conf.d] systemctl reload Nginx@H_502_111@
2.代理节点的配置:10.0.0.100
1.关闭防火墙@H_502_111@
[root@proxy ~] systemctl disable firewalld@H_502_111@
[root@proxy ~] systemctl stop firewalld@H_502_111@
[root@proxy ~] setenforce 0@H_502_111@
2.安装epel\Nginx@H_502_111@
[root@proxy ~] wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo@H_502_111@
[root@proxy ~] yum install vim wget unzip Nginx -y@H_502_111@
3.清理Nginx.conf 无用的配置@H_502_111@
4.将Nginx加入开机自启\ 启动Nginx@H_502_111@
[root@proxy ~] systemctl start Nginx@H_502_111@
[root@proxy ~] systemctl enable Nginx@H_502_111@
5.编写proxy配置文件:proxy_proxy.oldboyedu.com.conf@H_502_111@
[root@proxy ~] vim /etc/Nginx/conf.d/proxy_proxy.oldboyedu.com.conf@H_502_111@
;
server_name proxy.oldboyedu.com;
location @H_502_111@/ {
proxy_pass http:@H_502_111@//10.0.0.201; 后端是什么端口根本不重要@H_502_111@
proxy_set_header Host $http_host@H_502_111@;
proxy_set_header X@H_502_111@-Forwarded-For@H_502_111@ $proxy_add_x_forwarded_for@H_502_111@;
proxy_http_version @H_502_111@1.1;
}
}
@H_502_111@ 6.检查语法,重载服务@H_502_111@
[root@proxy ~] Nginx -t@H_502_111@
[root@proxy ~] systemctl restart Nginx@H_502_111@
在用户请求代理中,抓包分析,提炼了几个参数:
proxy_set_header Host $http_host@H_502_111@; 将用户请求的域名携带到后端@H_502_111@
proxy_set_header X-Forwarded-$proxy_add_x_forwarded_for@H_502_111@; 将用户的真实IP地址,携带到后端,后端有对应的变量解析结果@H_502_111@
proxy_http_version 1.1; 代理请求后端默认走http1.0,可以调整为http1.1 长连接@H_502_111@
3.Nginx负载均衡调度多web节点(静态页面)
1.node1-Nginx配置
[root@node1 conf.d] cat /etc/Nginx/conf.d/proxy.oldboyedu.com.conf@H_502_111@
{
index index.html;
}
}
[root@H_502_111@@oldboy-pythonedu ~] mkdir /code/proxy -p@H_502_111@
[root@oldboy-pythonedu ~] echo "node1...." > /code/proxy/index.html@H_502_111@
[root@oldboy-pythonedu ~] systemctl reload Nginx@H_502_111@
2.node2-Nginx配置
[root@node2 conf.d] {
index index.html;
}
}
[root@H_502_111@@oldboy-pythonedu ~] echo "node2...." > /code/proxy/index.html@H_502_111@
[root@oldboy-pythonedu ~] systemctl reload Nginx@H_502_111@
3.通过Nginx负载均衡进行轮询调度-->proxy-Nginx配置
proxy: 10.0.0.100@H_502_111@
#@H_502_111@ 域名: proxy.oldboyedu.com@H_502_111@
[root@H_502_111@@proxy ~] cat /etc/Nginx/conf.d/proxy_proxy.oldboyedu.com.conf @H_502_111@
upstream node {
server @H_502_111@10.0.0.200:80;
server @H_502_111@10.0.0.201:80;
}
server {
listen @H_502_111@80 {
proxy_pass http:@H_502_111@//node;
proxy_set_header Host @H_502_111@;
}
}
[root@H_502_111@@proxy ~] systemctl reload Nginx@H_502_111@
Tip:加权轮询
upstream node {
server @H_502_111@10.0.0.200:80 weight=5;
server @H_502_111@10.0.0.201:80 weight=1;
}@H_502_111@
Tip:ip_hash:固定将请求调度到某一个节点(session会话保存)
upstream node {
ip_hash;
server @H_502_111@10.0.0.200:80;
server @H_502_111@10.0.0.201:80;
}@H_502_111@
对于ip_hash:
优点:可以解决会话问题
缺点:如果来源的都是同一个IP地址,则会造成某一个节点非常的繁忙,而其他的节点没有流量,造成负载不均衡的现象.
4.Nginx负载均衡调度多应用节点(blog)
实现步骤
1.准备好wordpress两台应用节点
2.准备好edusoho两台应用节点
在10.0.0.100进行blog配置
upstream blog {
server @H_502_111@10.0.0.200:80;
}
server {
listen @H_502_111@80;
server_name blog.oldboyedu.com;
location @H_502_111@/blog;
proxy_set_header Host @H_502_111@;
}
}@H_502_111@
通过查看访问日志,即可看到轮询的效果
Tip:查看访问日志的命令
5.Nginx_proxy + web应用节点(多台) + Redis会话保持
1.搭建好应用节点(所有节点保持一致) 10.0.0.200
[root@oldboy-pythonedu ~] wget https://files.PHPmyadmin.net/PHPMyAdmin/5.0.3/PHPMyAdmin-5.0.3-all-languages.zip@H_502_111@
2.准备PHPmyadmin的Nginx配置文件 10.0.0.200
;
server_name PHPmyadmin.oldboyedu.com;
root @H_502_111@/code/PHPmyadmin;
location @H_502_111@/ {
index index.PHP;
}
location ~ \.PHP@H_502_111@$ {
fastcgi_pass @H_502_111@127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME @H_502_111@$document_root$fastcgi_script_name@H_502_111@;
include fastcgi_params;
}
}
[root@H_502_111@@oldboy-pythonedu ~] systemctl reload Nginx@H_502_111@
[root@oldboy-pythonedu ~] unzip PHPMyAdmin-5.0.3-all-languages.zip@H_502_111@
[root@oldboy-pythonedu ~] mv PHPMyAdmin-5.0.3-all-languages /code/PHPmyadmin@H_502_111@
3.配置PHPmyadmin连接数据库地址 10.0.0.200
[root@oldboy-pythonedu ~] cp /code/PHPmyadmin/config.sample.inc.PHP /code/PHPmyadmin/config.inc.PHP@H_502_111@
[root@oldboy-pythonedu ~] vim /code/PHPmyadmin/config.inc.PHP@H_502_111@
/* Server parameters */
$cfg@H_502_111@['Servers'][$i@H_502_111@]['host'] = '10.0.0.202';
4.授权session存储本地目录为进程的用户身份 10.0.0.200
5.部署node2节点的PHPmyadmin,需要将代码和Nginx配置拷贝一份 10.0.0.201
[root@node2 code] scp -rp root@10.0.0.200:/code/PHPmyadmin /code/@H_502_111@
[root@node2 code] chown -R Nginx.Nginx /code/PHPmyadmin/@H_502_111@
[root@node2 code] scp root@10.0.0.200:/etc/Nginx/conf.d/PHPadmin.oldboyedu.com.conf /etc/Nginx/conf.d/@H_502_111@
[root@node2 code] chown -R Nginx.Nginx /var/lib/PHP/session/@H_502_111@
[root@H_502_111@@node2 code] Nginx -t@H_502_111@
[root@node2 code] systemctl reload Nginx@H_502_111@
6.为应用节点,接入负载均衡 10.0.0.201
[root@proxy ~] cat /etc/Nginx/conf.d/proxy_PHPadmin.oldboyedu.com.conf@H_502_111@
upstream PHP {
server @H_502_111@10.0.0.200:80;
server @H_502_111@10.0.0.201:80;
}
server {
listen @H_502_111@80;
server_name PHPmyadmin.oldboyedu.com;
location @H_502_111@/ {
proxy_pass http:@H_502_111@//PHP;
proxy_set_header Host @H_502_111@;
proxy_set_header X@H_502_111@-Forwarded-;
}
} @H_502_111@
7.检查轮询是否会造成无法登陆情况,配置IP_hash测试是否能正常登陆
轮询一定会造成无法登陆成功.@H_502_111@
可以采用ip_hash的方式解决.@H_502_111@
upstream PHP {
ip_hash;
server @H_502_111@10.0.0.200:80;
}@H_502_111@
8.采用Redis共享的方式来解决会话无法登陆的问题
注意!!!需要先将负载均衡恢复至轮询模式,然后在继续.
8.1 安装Redis 10.0.0.202
[root@node-MysqL ~] yum install redis -y@H_502_111@ [root@node-MysqL ~] vim /etc/redis.conf # 添加本机的内网IP地址 ( 不要写错了 )@H_502_111@ bind 127.0.0.1 10.0.0.202 [root@H_502_111@@node-MysqL ~] systemctl enable redis@H_502_111@ [root@node-MysqL ~] systemctl start redis@H_502_111@ [root@node-MysqL ~] netstat -lntp | grep redis@H_502_111@ tcp 0 0 10.0.0.202:6379 0.0.0.0:* LISTEN 10699/redis-server tcp @H_502_111@0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 10699/redis-server
8.2 通过其他的节点测试是否能正常访问Redis 10.0.0.202
8.3 配置应用节点接入Redis 10.0.0.202
1.将应用程序解析器连接至 Redis @H_502_111@
[root@oldboy-pythonedu ~] vim /etc/PHP.ini@H_502_111@
[Session]
;session.save_handler @H_502_111@= files 注释掉@H_502_111@
session.save_handler = redis
session.save_path @H_502_111@= "@H_502_111@tcp://10.0.0.202:6379?weight=1&timeout=2.5@H_502_111@"@H_502_111@
2.注释如下两行内容@H_502_111@
[root@oldboy-pythonedu ~] vim /etc/PHP-fpm.d/www.conf@H_502_111@
;PHP_value[session.save_handler] = files
;PHP_value[session.save_path] @H_502_111@= /var/lib/PHP/session
@H_502_111@ 3.重启PHP-fpm@H_502_111@
[root@oldboy-pythonedu ~] systemctl restart PHP-fpm@H_502_111@