反向代理负载均衡系列之Nginx

反向代理负载均衡
时间:2016.10.17

笔者Q:552408925、572891887
架构师群:471443208
bjstack运维社区:524721466

1.反向代理概述

反向代理(Reverse Proxy)方式是指以代理服务器来接受internet上的连接请求,然后将请求转发给内部网络上的服务器,并将从服务器上得到的结果返回给internet上请求连接的客户端,此时代理服务器对外就表现为一个反向代理服务器。

环境准备:

主机名 IP地址 角色 系统
web-node1.com eth0:192.168.90.201 web-node1节点 CentOS7.2
web-node2.com eth0:192.168.90.202 web-node2节点 CentOS7.2
lb-node1.com eth0:192.168.90.203 Nginx反向代理 CentOS7.2

2.Node节点部署

在两台web-node节点中均使用Yum安装一个Apache用于做真实机,监听8080端口

web-node1.com部署

  1. [root@web-node1 ~]# rpm -ivh \
  2. http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
  3. [root@web-node1 ~]# yum install -y gcc glibc gcc-c++ make screen tree lrzsz
  4. ##部署web-node1 httpd服务
  5. [root@web-node1 ~]# yum install -y httpd
  6. [root@web-node1 ~]# sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf
  7. [root@web-node1 ~]# systemctl start httpd
  8. [root@web-node1 ~]# echo "web-node1.com" > /var/www/html/index.html
  9. [root@web-node1 ~]# curl http://192.168.90.201:8080/
  10. web-node1.com

web-node2.com部署

  1. [root@web-node1 ~]# rpm -ivh \
  2. http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
  3. [root@web-node1 ~]# yum install -y gcc glibc gcc-c++ make screen tree lrzsz
  4. ##部署web-node2 httpd服务
  5. [root@web-node2 ~]# yum install -y httpd
  6. [root@web-node2 ~]# sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf
  7. [root@web-node2 ~]# systemctl start httpd
  8. [root@web-node2 ~]# echo "web-node2.com" > /var/www/html/index.html
  9. [root@web-node2 ~]# curl http://192.168.90.202:8080/
  10. web-node2.com

3.反向代理部署

Nginx 源码编译安装,使其支持4层,并监听80端口

  1. [root@lb-node1 ~]# useradd -s /sbin/nologin -M www
  2. [root@lb-node1 ~]# cd /usr/local/src/
  3. [root@lb-node1 src]# wget http://nginx.org/download/nginx-1.10.2.tar.gz
  4. [root@lb-node1 src]# tar xf nginx-1.10.2.tar.gz
  5. [root@lb-node1 src]# cd nginx-1.10.2
  6. [root@lb-node1 nginx-1.10.2]# ./configure --prefix=/usr/local/nginx-1.10.2 \
  7. --user=www --group=www --with-http_ssl_module \
  8. --with-http_stub_status_module --with-file-aio --with-stream
  9. [root@lb-node1 nginx-1.10.2]# make && make install
  10. [root@web-node1 ~]# ln -s /usr/local/nginx-1.10.2/ /usr/local/nginx
  11. ## 测试配置并启动Nginx
  12. [root@lb-node1 ~]# /usr/local/nginx/sbin/nginx -t
  13. nginx: the configuration file /usr/local/nginx-1.10.2/conf/nginx.conf syntax is ok
  14. nginx: configuration file /usr/local/nginx-1.10.2/conf/nginx.conf test is successful
  15. [root@lb-node1 ~]# /usr/local/nginx/sbin/nginx

3.1配置Nginx7层反向代理

1.配置Nginx反向代理

  1. ##http段配置
  2. upstream web-cluster {
  3. # ip_hash;
  4. server 192.168.90.201:8080 weight=1 max_fails=3 fail_timeout=3;
  5. server 192.168.90.202:8080 weight=1 max_fails=3 fail_timeout=3;
  6. }
  7. server {
  8. listen 80;
  9. server_name 192.168.90.203;
  10. location / {
  11. proxy_pass http://web-cluster;
  12. include proxy.conf;
  13. }
  14. }

测试代理

  1. [root@lb-node1 ~]# curl http://192.168.90.203/
  2. web-node1.com
  3. [root@lb-node1 ~]# curl http://192.168.90.203/
  4. web-node2.com
  5. [root@lb-node1 ~]# curl http://192.168.90.203/
  6. web-node1.com
  7. [root@lb-node1 ~]# curl http://192.168.90.203/
  8. web-node2.com

2.通过分组方式,以及User-agent实现不同代理

  1. #http段配置
  2. upstream static-cluster {
  3. server 192.168.90.201:8080 weight=1 max_fails=3 fail_timeout=3;
  4. }
  5. upstream dynamic-cluster {
  6. server 192.168.90.202:8080 weight=1 max_fails=3 fail_timeout=3;
  7. }
  8. upstream default-cluster {
  9. server 192.168.90.202:8080 weight=1 max_fails=3 fail_timeout=3;
  10. }
  11. #需要配置本地host解析测试
  12. server {
  13. listen 80;
  14. server_name nginx.xuliangwei.com;
  15. location / {
  16. if ($http_user_agent ~* "Firefox"){
  17. proxy_pass http://static-cluster;
  18. }
  19. if ($http_user_agent ~* "Chrome") {
  20. proxy_pass http://dynamic-cluster;
  21. }
  22. proxy_pass http://default-cluster;
  23. }
  24. }

测试分组

  1. ##默认浏览器交给default处理
  2. [root@lb-node1 ~]# curl http://nginx.xuliangwei.com
  3. web-node2.com

火狐

火狐浏览器交给static-cluster处理

谷歌

谷歌浏览器交给dynamic-cluster处理

3.2配置Nginx4层反向代理

配置ssh以及msql反向代理

  1. stream {
  2. upstream ssh_proxy {
  3. hash $remote_addr consistent;
  4. server 192.168.90.201:22;
  5. }
  6. upstream mysql_proxy {
  7. hash $remote_addr consistent;
  8. server 192.168.90.202:3306;
  9. }
  10. server {
  11. listen 2222;
  12. proxy_connect_timeout 1s;
  13. proxy_timeout 300s;
  14. proxy_pass ssh_proxy;
  15. }
  16. server {
  17. listen 3333;
  18. proxy_connect_timeout 1s;
  19. proxy_timeout 300s;
  20. proxy_pass mysql_proxy;
  21. }
  22. }

2222端口代理至于node1的SSH、3333端口代理至于node2的MYSQL

  1. ## 测试连接ssh
  2. [root@lb-node1 ~]# ssh -p2222 root@192.168.90.203
  3. root@192.168.90.203's password:
  4. Last login: Wed Oct 19 11:53:04 2016 from 192.168.80.143
  5. [root@web-node1 ~]#
  6. ## 测试连接mysql
  7. [root@lb-node1 ~]# mysql -h192.168.90.203 -uroot -p1 -P3333
  8. Welcome to the MariaDB monitor. Commands end with ; or \g.
  9. Your MariaDB connection id is 273
  10. Server version: 5.5.47-MariaDB MariaDB Server
  11. Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
  12. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
  13. MariaDB [(none)]>

笔者Q:552408925、572891887
架构师群:471443208
bjstack运维社区:524721466