Nginx反向代理的简单实现

2019-03-13 小惟

1)nginx的反向代理:proxy_pass
2)nginx的负载均衡:upstream

下面是nginx的反向代理和负载均衡的实例:

负载机:A机器:103.110.186.8/192.168.1.8
后端机器1:B机器:192.168.1.102
后端机器2:C机器:192.168.1.103

需求:
1)访问A机器的8080端口,反向代理到B机器的8080端口;
      访问A机器的8088端口,反向代理到C机器的8088端口;
      访问http://103.110.86.8:8090/ios,反向代理到B机器http://192.168.1.102:8090/ios/

2)访问A机器的80端口,负载均衡到后端的两台机器B和C的80端口

操作记录:
--------------------------------------------------------------------------------------
负载机:A机器上的操作记录:
1)编译安装nginx
[root@opd ~]# yum install -y pcre* openssl* gcc gcc+
[root@opd ~]# cd /opt/src
[root@src ~]# wget http://nginx.org/download/nginx-1.8.0.tar.gz
[root@src ~]# tar -zxvf nginx-1.8.0.tar.gz
[root@src ~]# cd nginx-1.8.0
#添加www用户,其中-M参数表示不添加用户家目录,-s参数表示指定shell类型

[root@nginx-1.8.0 ~]#useradd www -M -s /sbin/nologin
[root@nginx-1.8.0 ~]#vim auto/cc/gcc
#将这句注释掉 取消Debug编译模式 大概在179行
#CFLAGS="$CFLAGS -g"

#我们再配置下nginx编译参数
[root@nginx-1.8.0 ~]# ./configure --prefix=/opt/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module
[root@nginx-1.8.0 ~]#make
[root@nginx-1.8.0 ~]#make install clean

2)配置nginx
[root@nginx-1.8.0 ~]# cd /opt/nginx/conf
[root@nginx-1.8.0 conf]# vim nginx.conf         //这个可以作为nginx安装后的配置规范

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
http {
    include       mime.types;
    default_type  application/octet-stream;
    charset utf-8;
  
    log_format  main  '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_cookie" $host $request_time';
    sendfile       on;
    tcp_nopush     on;
    tcp_nodelay    on;
    keepalive_timeout  65;
  
  
    fastcgi_connect_timeout 3000;
    fastcgi_send_timeout 3000;
    fastcgi_read_timeout 3000;
    fastcgi_buffer_size 256k;
    fastcgi_buffers 8 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
   
      
    client_header_timeout 600s;
    client_body_timeout 600s;
   
    client_max_body_size 100m;            
    client_body_buffer_size 256k;          
   
    gzip  on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 9;
    gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
    gzip_vary on;
   
  
    include vhosts/*.conf;
}

[root@nginx-1.8.0 conf]# ulimit -n 65535
[root@nginx-1.8.0 conf]# mkdir vhosts
[root@nginx-1.8.0 conf]# cd vhosts

配置反向代理和负载均衡
[root@nginx-1.8.0 vhosts]# vim 8080.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
server {
    listen 8080;
    server_name localhost;
    index index.html index.php index.htm;
    root /var/www/html;
  
    access_log  /usr/local/nginx/logs/8080-access.log main;
    error_log  /usr/local/nginx/logs/8080-error.log;
 
location / {
    proxy_pass http://192.168.1.102:8080;
    proxy_redirect off ;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout 300;             #跟后端服务器连接超时时间,发起握手等候响应时间
    proxy_send_timeout 300;                #后端服务器回传时间,就是在规定时间内后端服务器必须传完所有数据
    proxy_read_timeout 600;                #连接成功后等待后端服务器的响应时间,已经进入后端的排队之中等候处理
    proxy_buffer_size 256k;                #代理请求缓冲区,会保存用户的头信息以供nginx进行处理
    proxy_buffers 4 256k;                  #同上,告诉nginx保存单个用几个buffer最大用多少空间
    proxy_busy_buffers_size 256k;          #如果系统很忙时候可以申请最大的proxy_buffers
    proxy_temp_file_write_size 256k;       #proxy缓存临时文件的大小
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
}
}

[root@nginx-1.8.0 vhosts]# cat 8088.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
server {
    listen 8088;
    server_name localhost;
    index index.html index.php index.htm;
    root /var/www/html;
  
    access_log  /usr/local/nginx/logs/8088-access.log main;
    error_log  /usr/local/nginx/logs/8088-error.log;
 
location / {
    proxy_pass http://192.168.1.103:8088;
    proxy_redirect off ;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout 300;            
    proxy_send_timeout 300;              
    proxy_read_timeout 600;              
    proxy_buffer_size 256k;               
    proxy_buffers 4 256k;                 
    proxy_busy_buffers_size 256k;        
    proxy_temp_file_write_size 256k;      
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
}
}

-----------------------------------------------------------------------------------------------------------------
下面这个匹配path的代理设置需要注意几点:
首先一定要保证目标B机器,也就是192.168.1.102的8090端口站点目录下有这个匹配path的目录ios存在!!
也就是要保证A机器本机能顺利访问到目标B机器的8090端口的ios路径,即:
[root@nginx-1.8.0 vhosts]# curl http://192.168.1.102:8090/ios/ #一定要保证这个能从A机器访问成功!

下面几种配置都是可以的:

第一种:
[root@nginx-1.8.0 vhosts]# cat 8090.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
server {
    listen 8090;
    server_name localhost;
    index index.html index.php index.htm;
    root /var/www/html;
  
    access_log  /usr/local/nginx/logs/8090-access.log main;
    error_log  /usr/local/nginx/logs/8090-error.log;
 
    location /ios/ {                            #这种情况,这里一定要匹配的是/ios/,不能是/ios
    proxy_pass http://192.168.1.102:8090;       #一定要保证192.168.1.102机器8090端口站点目录下有ios目录!否则访问会报错404!
    proxy_redirect off ;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout 300;            
    proxy_send_timeout 300;              
    proxy_read_timeout 600;              
    proxy_buffer_size 256k;               
    proxy_buffers 4 256k;                 
    proxy_busy_buffers_size 256k;        
    proxy_temp_file_write_size 256k;      
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
}
}

第二种:
[root@nginx-1.8.0 vhosts]# cat 8090.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
server {
    listen 8090;
    server_name localhost;
    index index.html index.php index.htm;
    root /var/www/html;
  
    access_log  /usr/local/nginx/logs/8090-access.log main;
    error_log  /usr/local/nginx/logs/8090-error.log;
 
    location /ios/ {
    proxy_pass http://192.168.1.102:8090/ios/;
    proxy_redirect off ;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout 300;            
    proxy_send_timeout 300;              
    proxy_read_timeout 600;              
    proxy_buffer_size 256k;               
    proxy_buffers 4 256k;                 
    proxy_busy_buffers_size 256k;        
    proxy_temp_file_write_size 256k;      
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
}
}

第三种:
[root@nginx-1.8.0 vhosts]# cat 8090.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
server {
    listen 8090;
    server_name localhost;
    index index.html index.php index.htm;
    root /var/www/html;
  
    access_log  /usr/local/nginx/logs/8090-access.log main;
    error_log  /usr/local/nginx/logs/8090-error.log;
 
    location /ios {
    proxy_pass http://192.168.1.102:8090/ios/;         这种情况,这里一定要匹配的是/ios/,不能是/ios
    proxy_redirect off ;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout 300;            
    proxy_send_timeout 300;              
    proxy_read_timeout 600;              
    proxy_buffer_size 256k;               
    proxy_buffers 4 256k;                 
    proxy_busy_buffers_size 256k;        
    proxy_temp_file_write_size 256k;      
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
}
}

以上三种配置方法都保证了访问http://103.110.86.8:8090/ios会自动变为http://103.10.86.8:8090/ios/,并代理到http://192.168.1.102:8090/ios/的结果

-----------------------------------------------------------------------------------------------------------------

[root@nginx-1.8.0 vhosts]# cat LB.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
upstream lb {
    server 192.168.1.102:80 max_fails=3 fail_timeout=30s;   #max_fails = 3 为允许失败的次数,默认值为1
    server 192.168.1.103:80 max_fails=3 fail_timeout=30s;   #fail_timeout = 30s 当max_fails次失败后,暂停将请求分发到该后端服务器的时间
}
 
server {
    listen 80;
    server_name localhost;
    index index.html index.php index.htm;
    root /var/www/html;
  
    access_log  /usr/local/nginx/logs/80-access.log main;
    error_log  /usr/local/nginx/logs/80-error.log;
 
    location / {
    proxy_pass http://lb;
    proxy_redirect off ;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout 300;            
    proxy_send_timeout 300;              
    proxy_read_timeout 600;              
    proxy_buffer_size 256k;               
    proxy_buffers 4 256k;                 
    proxy_busy_buffers_size 256k;        
    proxy_temp_file_write_size 256k;      
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
}
}

启动nginx
[root@nginx-1.8.0 vhosts]# /opt/nginx/sbin/nginx -t 【检查配置是否正确】
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
[root@host-192-168-1-102 vhosts]# /opt/nginx/sbin/nginx 【启动nginx】

--------------------------------------------------------------------------------------
后端机:B机器上的操作记录:
1)编译安装nginx
[root@B ~]# yum install -y pcre* openssl* gcc gcc+
[root@B ~]# cd /opt/src
[root@B ~]# wget http://nginx.org/download/nginx-1.8.0.tar.gz
[root@B ~]# tar -zxvf nginx-1.8.0.tar.gz
[root@B ~]# cd nginx-1.8.0
#添加www用户,其中-M参数表示不添加用户家目录,-s参数表示指定shell类型

[root@nginx-1.8.0 ~]#useradd www -M -s /sbin/nologin
[root@nginx-1.8.0 ~]##vim auto/cc/gcc
#将这句注释掉 取消Debug编译模式 大概在179行
#CFLAGS="$CFLAGS -g"

#我们再配置下nginx编译参数
[root@nginx-1.8.0 ~]# ./configure --prefix=/opt/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module
[root@nginx-1.8.0 ~]#make
[root@nginx-1.8.0 ~]#make install clean

2)配置nginx
[root@nginx-1.8.0 ~]# cd /opt/nginx/conf
注意,把默认的nginx.conf文件中的server区域配置注释掉,设置vhosts虚拟主机的配置,如下:
[root@nginx-1.8.0 conf]# vim nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
user  www;
worker_processes  8;
   
events {
    worker_connections  65535;
}
   
http {
    include       mime.types;
    default_type  application/octet-stream;
    charset utf-8;
  
    log_format  main  '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_cookie" $host $request_time';
    sendfile       on;
    tcp_nopush     on;
    tcp_nodelay    on;
    keepalive_timeout  65;
  
  
    fastcgi_connect_timeout 3000;
    fastcgi_send_timeout 3000;
    fastcgi_read_timeout 3000;
    fastcgi_buffer_size 256k;
    fastcgi_buffers 8 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
   
      
    client_header_timeout 600s;
    client_body_timeout 600s;
   
    client_max_body_size 100m;            
    client_body_buffer_size 256k;          
   
    gzip  on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 9;
    gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
    gzip_vary on;
   
  
    include vhosts/*.conf;
}

[root@nginx-1.8.0 conf]# ulimit -n 65535
[root@nginx-1.8.0 conf]# mkdir vhosts
[root@nginx-1.8.0 conf]# cd vhosts

[root@nginx-1.8.0 conf]# vim 8080.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
server {
    listen 8080;
    server_name localhost;
    index index.html index.php index.htm;
  
    access_log  /usr/local/nginx/logs/8080-access.log main;
    error_log  /usr/local/nginx/logs/8080-error.log;
 
location ~ / {
    root /var/www/html/8080;
    index index.html index.php index.htm;
}
}

[root@nginx-1.8.0 conf]# vim 8090.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
server {
    listen 8090;
    server_name localhost;
    index index.html index.php index.htm;
  
    access_log  /usr/local/nginx/logs/8090-access.log main;
    error_log  /usr/local/nginx/logs/8090-error.log;
 
location ~ / {
    root /var/www/html/8090;        #针对上面匹配ios的path代理,要保证站点目录/var/www/html/8080下有ios目录存在
    index index.html index.php index.htm;
}
}

[root@nginx-1.8.0 conf]# vim 80.conf

1
2