nginx1.8.1 proxy 服务器192.168.8.40
web1 centos6.5 httpd2.2.15
web2 centos7.2 httpd2.4.6
1、代理功能的简单实现
nginx代理服务器:192.168.8.40
web服务器:192.168.8.101
8.40添加代理:
location /forum/ {
proxy_pass http://192.168.8.101/bbs/;
}
在被代理的web端
创建目录mkdir /web/htdocs/bbs
vim /web/htdocs/bbs/index.html
加入<h1>192.168.8.101 bbs</h1>
访问 http://192.168.8.40/forum/即可出现8.101的内容
改成正则表达式的方式:
location ~* ^/forum {
proxy_pass http://192.168.8.101;
}
此时http://192.168.8.40/forum/的方式不能访问,需要通过修改192.168.8.101的bbs目录改为forum即可访问
# mv bbs forum
2、代理上显示客户端真实IP(方便统计真实的IP访问情况)
8.101上更改显示日志的方式:
# vim /etc/httpd/conf/httpd.conf
LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
nginx服务器端8.40配置:
location ~* ^/forum {
proxy_pass http://192.168.8.101;
proxy_set_header X-Real-IP $remote_addr;
}
3.实现简单的负载均衡:
nginx proxy server:192.168.8.40
apache web1:192.168.8.39
apache web2:192.168.8.101
nginx proxy server:192.168.8.40配置:
# 定义web服务器集群:
upstream webservers {
server 192.168.8.39 weight=1;
server 192.168.8.101 weight=1;
}
server {
#location / {
# root /web/htdocs;
# index index.php index.html index.htm;
#}
#定义访问集群
location / {
proxy_pass http://webservers/;
proxy_set_header X-Real-IP $remote_addr;
}
}
通过访问http://192.168.8.40可以看到负载的效果
4、对负载均衡的服务器宕机情况进行适配
#添加错误的定义
server {
listen 8080;
server_name localhost;
root /web/errorpages;
index index.html;
}
# 创建错误页面定义
# mkdir /web/errorpages/ -pv
# vim index.html
加入
sorry,website is being repaired please wait
# 添加超时定义及错误页面定义,如果连续访问错误两次则踢掉,检测时间间隔2秒
upstream webservers {
server 192.168.8.39 weight=1 max_fails=2 fail_timeout=2;
server 192.168.8.101 weight=1 max_fails=2 fail_timeout=2;
server 127.0.0.1:8080 weight=1 backup;
}
测试,关闭web1则,只能访问到web2,关闭web2后出现错误提示
5、为反向代理启用缓存功能
proxy_cache_path /nginx/cache/first levels=1:2 keys_zone=first:20m max_size=1g;
server {
listen 80;
server_name localhost;
index index.html index.php;
add_header X-Via $server_addr;
add_header X-Cache "$upstream_cache_status from $server_addr";
location / {
proxy_pass http://webservers/;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache first;
proxy_cache_valid 200 10m;
}
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] mkdir() "/nginx/cache/first" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
[root@centossz008 ~]# mkdir -pv /nginx/cache/first
mkdir: created directory `/nginx'
mkdir: created directory `/nginx/cache'
mkdir: created directory `/nginx/cache/first'
add_header X-Via $server_addr;
add_header X-Cache "$upstream_cache_status from $server_addr";
提示信息如下:
6、重定向规则
location / {
#root html;
root /web/htdocs;
index index.html index.htm;
rewrite ^/bbs/(.*)$ http://192.168.8.101/forum/$1;
}
访问:http://192.168.8.40/bbs/
7、上传文件的负载均衡
可能碰到这样的业务场景,几台web app设置了主从,一个服务器负责上传,其他只能通过同步来获取
nginx配置:
location / {
proxy_pass http://192.168.8.40/;
if ($request_method = "PUT"){
proxy_pass http://192.168.8.101;
}
}
客户端配置:
# vim /etc/httpd/conf/httpd.conf
在<Directory "/web/htdocs">下面添加Dav on
<Directory "/web/htdocs">
Dav on
# curl -T /etc/fstab http://192.168.8.40
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>201 Created</title>
</head><body>
<h1>Created</h1>
<p>Resource /fstab has been created.</p>
</body></html>
在8.101上可以看到上传的文件
htdocs]# ls
forum fstab index.html
8、通过nginx统计某推广链接重写url
需求:
通过nginx统计某推广链接(如:)的访问次数,即访问自动跳转到页面
如该服务器为1.1.1.1,带宽要足够大(要根据实际访问量来定)
步骤
①添加1.1.1.1的dns域名解析 --> 1.1.1.1
②添加相关的配置
vim /etc/nginx/conf.d/tuiguang.conf
server {
server_name ;
rewrite_log on; # 打开重写的日志
error_log /data/logs/app_h5.log notice;
access_log /data/logs/app_error_h5.log;
location /h5/flow{
alias /data/h5;
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
rewrite ^(.*) break;
}
}
9.修改http头Content-Type为application/octet-stream
upstream lvs_server{server 10.27.13.215:8555; #hd_lvs_voice01server 10.26.114.166:8555; #hd_lvs_voice02server 10.27.62.9:8555;#hd_lvs_voice03server 10.30.196.175:8555; #hd_lvs_voice04server 10.30.196.157:8555; #hd_lvs_voice05}server {listen 8555; location / {proxy_pass http://lvs_server; }location /index {proxy_set_header Host $http_host;proxy_set_header X-Real-Ip $remote_addr;proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Content-Type application/octet-stream;proxy_pass http://lvs_server; }#end index}
日志中添加响应时间,请求时间的日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for" "$http_host" "$upstream_response_time" "$request_time"';
nginx获取不到客户端真实IP地址
upstream dxflowservers {ip_hash;server u04flow01.yaya.corp:8091 weight=1 max_fails=2 fail_timeout=3;server u04rec02.yaya.corp:8091 weight=1 max_fails=2 fail_timeout=3;}server { server_name 106.75.19.93;server_name ;location /{root /data/chinasoft/dx_traffic/liuliang_http/liuliangsdk/;index index.html;try_files $uri $uri/ /index.html;}location /dingxiangsdk/{proxy_set_header Host $host;proxy_set_header X-Real-Ip $remote_addr;# 经过ulb(lvs)以后无法获取客户端的真实IP地址,去掉下面这行即可#proxy_set_header X-Forwarded-For $remote_addr;proxy_pass http://dxflowservers/; } location /ngx_status {stub_status on;access_log off;allow 127.0.0.1;#deny all;}}
简单测试反向代理upstream的健康检查功能
nginx --> apache(两台)
nginx : 192.168.3.200 (nginx 1.12.2)
apache01: 192.168.3.12
apache02:192.168.3.13
nginx的配置
upstream lvs_server{server 192.168.3.12:8555 weight=2 max_fails=5 fail_timeout=6;server 192.168.3.13:8555 weight=2 max_fails=5 fail_timeout=6;}server {listen 8555;server_name 192.168.3.200;access_log /var/log/nginx/voice_lvs.access.log main;error_log /var/log/nginx/voice_lvs.error.log;location / {proxy_pass http://lvs_server/; }location /index {proxy_set_header Host $http_host;proxy_set_header X-Real-Ip $remote_addr;proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Content-Type application/octet-stream;proxy_pass http://lvs_server; }location /ngx_status {stub_status on;access_log off;allow 127.0.0.1;}}
[root@centossz008 ~]# cat /var/www/html/index.html
<h1>192.168.3.12</h1>
server01
[root@node5 ~]# cat /var/www/html/index.html
<h1>192.168.3.13</h1>
server02
经过测试,当不配置以下参数,如果关掉其中一台apache,请求会全部到另外一台中,所以upstream默认就会检查后端服务器,如果配置就按照你的配置
不配置就按照默认配置
weight=2 max_fails=5 fail_timeout=6;
[root@localhost /etc/nginx/conf.d]# for i in {1..20}; do curl http://192.168.3.200:8555/index.html;done
重定向示例
# cat /usr/local/nginx/conf/vhost.d/.conf map $http_origin $corsHost { default "none" ; "~" ;"~https://chinasoft-com." https://chinasoft-com. ;"~." . ;"~" ;"~" ;"~" ;"~" ;"~https://my.chinasoft.jp" https://my.chinasoft.jp ;}server {listen 80;server_name ori-;access_log/data/www/logs/nginx_log/access/_access.log main ;error_log /data/www/logs/nginx_log/error/_error.log ;root /data/www/vhosts//httpdocs ;index index.html index.shtml index.php ;include rewrite.d/.conf ;error_page 404 403 /404.html; rewrite ^/(.*)$ /$1 permanent; #跳转到Httpslocation ~ \.php$ {fastcgi_pass unix:/tmp/php-cgi.sock;fastcgi_index index.php;#fastcgi_param SCRIPT_FILENAME ;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;expires -1;}location / {include proxy_params;if (!-d $request_filename){set $flag 1$flag;}if (!-f $request_filename){set $flag 2$flag;}if ($flag = "21"){rewrite ^(.*)$ /index.php last;expires -1; }}}server {listen 443;ssl on;ssl_certificate cert/chinasoft_com.crt;ssl_certificate_keycert/chinasoft_com.key;ssl_dhparamcert/dh_2048.pem;ssl_session_timeout5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";ssl_prefer_server_ciphers on;# add_header Strict-Transport-Security max-age=15768000;#ssl_stapling on;#ssl_stapling_verify on;server_name ori- ;access_log/data/www/logs/nginx_log/access/_access.log main ;error_log /data/www/logs/nginx_log/error/_error.log ;root /data/www/vhosts//httpdocs ;index index.html index.shtml index.php ;include rewrite.d/.conf ;error_page 404 403 /404.html;#add_header 'Access-Control-Allow-Origin' '*';add_header Access-Control-Allow-Origin $corsHost;add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';location ~ \.php$ {try_files $uri =404;fastcgi_pass unix:/tmp/php-cgi.sock;fastcgi_index index.php;#fastcgi_param SCRIPT_FILENAME ;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;expires -1;}location / {include proxy_params;if (!-d $request_filename){set $flag 1$flag;}if (!-f $request_filename){set $flag 2$flag;}if ($flag = "21"){rewrite ^(.*)$ /index.php last ;expires -1;}}}*****************if ($request_uri ~ ^/snapchat/snapchat-password-cracker.html) { rewrite ^ /snapchat/snapchat-password-cracker.html permanent; }if ($request_uri ~ ^/spy/index.html) { rewrite ^ /topic/index.html permanent; }if ($request_uri ~ ^/telegram/index.html) { rewrite ^ /topic/index.html permanent; }if ($request_uri ~ ^/track/hidden-phone-tracker-for-android-iphone.html) { rewrite ^ /track/hidden-phone-tracker-for-android-iphone.html permanent; }if ($request_uri ~ ^/viber/index.html) { rewrite ^ /topic/index.html permanent; }[root@EOP_Aimersoft_web01:~]# head -30 /usr/local/nginx/conf/rewrite.d/.conf if ($host ~* ^$){ rewrite ^(.*)$ $1 permanent;}if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1 permanent;}if ($request_uri ~ ^/(index|indice).html) { rewrite ^ / permanent;}#0824if ($request_uri ~ ^/install-chinasoft-spy-app-on-android-phones.html) { rewrite ^ /how-to-spy-android-phones.html permanent; }