Nginx反向代理总结

一、四层与七层反向代理区别

1、四层反向代理 ( IP + PORT 转发):也就是主要通过报文中的目标地址和端口,再加上负载均衡设备设置的服务器选择方式,决定最终选择的内部服务器。走 TCP/UDP 协议,在Nginx中,是使用 ngx_stream_upstream_module 这个模块实现。

  • Nginx四层反向代理配置:
stream {
    upstream webserver {
      least_conn;
      server 10.0.0.121:8080 weight=1 fail_timeout=5s;
      server 10.0.0.122:8080 weight=1 fail_timeout=5s;
    }

    server {
      listen 8080;
      proxy_pass webserver;
    }
}
image.png

2、七层反向代理 ( 协议 + 内容交换 ):主要通过报文中的真正有意义的应用层内容,再加上负载均衡设备设置的服务器选择方式,决定最终选择的内部服务器,走的是 http 协议,在Nginx中,是使用 ngx_http_upstream_module 这个模块实现。

  • Nginx七层反向代理配置:七层在使用proxy_pass调用服务器组的时候要带 http://
http {
  upstream webserver {
      server 10.0.0.121:8080 weight=1 fail_timeout=5s max_fails=3;
      server 10.0.0.122:8080 weight=1 fail_timeout=5s max_fails=3;
    }

  server {
    location ~* \.(jsp|do)$ {
      proxy_pass http://webserver;
    }
  }
}

二、Nginx反向代理wordpress实现

部署wordpress (CentOS7)

1、二进制安装MySQL

useradd -M -s /sbin/nologin mysql
tar -xf mysql-5.7.30-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
ln -s /usr/local//mysql-5.7.30-linux-glibc2.12-x86_64 /usr/local/mysql

# mysql 5.7的初始化脚本跟5.6不一样啊
bin/mysqld --initialize --user=mysql --datadir=/data/mysql --basedir=/usr/local/mysql
A temporary password is generated for root@localhost: r,uizwoTz8c0

cp support-files/mysql.server /etc/init.d/mysqld

chown -R mysql.mysql /usr/local/mysql/
chown -R mysql.mysql /data/mysql/

vim /etc/my.cnf

[mysqld]
socket=/data/mysql/mysql.sock
user=mysql
symbolic-links=0
datadir=/data/mysql
innodb_file_per_table=1
max_connections=10000

[client]
port=3306
socket=/var/lib/mysql/mysql.sock

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/tmp/mysql.sock

2、创建并授权数据库

# 修改当前登录用户的临时密码
ALTER USER USER() IDENTIFIED BY 'mysql';

CREATE DATABASE wordpress default charset utf8 COLLATE utf8_general_ci;

GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"10.0.0.%" IDENTIFIED BY "wordpress";

3、编译安装php7.2

useradd -s /usr/sbin/nologin -M www

yum -y install wget vim pcre pcre-devel openssl openssl-devel libicu-devel \
gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel \
libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel ncurses \
ncurses-devel curl curl-devel krb5-devel libidn libidn-devel openldap openldap-devel \
nss_ldap jemalloc-devel cmake boost-devel bison automake libevent libevent-devel gd gddevel \
libtool* libmcrypt libmcrypt-devel mcrypt mhash libxslt libxslt-devel readline \
readline-devel gmp gmp-devel libcurl libcurl-devel openjpeg-devel 

yum install -y gcc gcc-c++ make zlib zlib-devel pcre pcre-devel libjpeg libjpeg-devel libpng \
libpng-devel freetype freetype-devel libxml2 libxml2-devel glibc glibc-devel glib2 glib2-devel \
bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel \
openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers libsqlite3x-devel libicu-devel


./configure \
--prefix=/usr/local/php-7.2.34 \
--with-mhash \
--with-openssl \
--with-config-file-path=/usr/local/php-7.2.34/etc \
--disable-short-tags \
--enable-fpm \
--with-fpm-user=www \
--with-fpm-group=www \
--enable-xml \
--with-libxml-dir \
--enable-bcmath \
--enable-calendar \
--enable-intl \
--enable-mbstring \
--enable-pcntl \
--enable-shmop \
--enable-soap \
--enable-sockets \
--enable-zip \
--enable-mbregex \
--enable-mysqlnd \
--enable-mysqlnd-compression-support \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-gd \
--enable-ftp \
--with-curl \
--with-xsl \
--with-iconv \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--enable-sysvsem \
--enable-inline-optimization \
--with-xmlrpc \
--with-gettext

make && make install

复制配置文件并启动php

cd /usr/local/php/etc/php-fpm.d/
cp www.conf.default www.conf

cd /usr/local/php/etc
cp php-fpm.conf.default php-fpm.conf

sbin/php-fpm

4、编译安装Nginx

./configure --prefix=/usr/local/nginx-1.18.0 \
--user=www \
--group=www \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre --with-stream \
--with-stream_ssl_module \
--with-stream_realip_module

5、nginx配置php状态页并访问 http://10.0.0.111/index.php

mkdir -p /data/nginx/wordpress
vim /data/nginx/wordpress/index.php

<?php
    phpinfo();
?>

vim /usr/local/nginx/conf/nginx.conf

location / {
            root   /data/nginx/wordpress;
            index  index.php index.html index.htm;
        }

location ~ \.php$ {
          root /data/nginx/wordpress;
          fastcgi_pass 127.0.0.1:9000;
          fastcgi_index index.php;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          include fastcgi_params;
        }
image.png

6、部署wordpress

tar -xf wordpress-5.6.2-zh_CN.tar.gz -C /data/nginx/

cd /data/nginx/wordpress
cp wp-config-sample.php wp-config.php

vim wp-config.php

/** WordPress数据库的名称 */
define( 'DB_NAME', 'wordpress' );

/** MySQL数据库用户名 */
define( 'DB_USER', 'wordpress' );

/** MySQL数据库密码 */
define( 'DB_PASSWORD', 'wordpress' );

/** MySQL主机 */
define( 'DB_HOST', '10.0.0.111' );

7、重启nginx并访问


image.png

8、实现nginx反向代理wordpress

upstream webserver {
      server 10.0.0.111:80 weight=1 fail_timeout=5s max_fails=3;
    }
location / {
       # root /data/nginx/html;
       # index index.html index.php;
       proxy_pass http://webserver;
    }
image.png

三、haproxy的安装配置

1、解决lua环境

yum install libtermcap-devel ncurses-devel libevent-devel readline-devel
wget http://www.lua.org/ftp/lua-5.3.6.tar.gz
make linux test

src/lua -v
[root@node-01 lua-5.3.6]# src/lua -v
Lua 5.3.6  Copyright (C) 1994-2020 Lua.org, PUC-Rio

2、编译安装haproxy

make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 \
USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 USE_LUA=1 \
LUA_INC=/usr/local/lua-5.3.6/src/ LUA_LIB=/usr/local/lua-5.3.6/src/ PREFIX=/usr/local/haproxy

make install PREFIX=/usr/local/haproxy
cp haproxy /usr/sbin/

[root@node-01 haproxy]# sbin/haproxy -v
HA-Proxy version 2.2.9-a947cc2 2021/02/06 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2025.
Known bugs: http://www.haproxy.org/bugs/bugs-2.2.9.html
Running on: Linux 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64

3、创建haproxy配置文件

mkdir -p /etc/haproxy
vim /etc/haproxy/haproxy.cfg

global
maxconn 100000
chroot /usr/local/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon
#nbproc 2
#cpu-map 1 0
#cpu-map 2 1
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info

defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 30000ms
timeout client 30000ms
timeout server 30000ms

listen stats
    mode http
    bind 0.0.0.0:9999
    stats enable
    log global
    stats uri /haproxy-status
    stats auth haadmin:123456

listen web_server
    bind 10.0.0.21:80
    mode http
    log global
    balance roundrobin
    option forwardfor
    server web1 10.0.0.101:80 check inter 3s fall 2 rise 5
    server web2 10.0.0.102:80 check inter 3s fall 2 rise 5

4、创建自启动文件

mkdir -p /var/lib/haproxy
chown -R 99.99 /var/lib/haproxy/

vim /usr/lib/systemd/system/haproxy.service

[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target

systemctl start haproxy
systemctl enable haproxy
systemctl status haproxy
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容