实验目的
通过nginx实现反向代理的功能,类似apache反向代理和haproxy反向代理
有些公司从web服务器到反向代理,都使用nginx。nginx在1.9版本加入了tcp的反向代理功能
甚至安全策略:nginx+lua  完全可以搞定。
打开nginx官网

nginx做反向代理,安装命令如下,使用www用户运行nginx
| 1 2 3 4 5 6 7 8 9 | useradd-s /sbin/noglogin-M wwwwget http://nginx.org/download/nginx-1.9.12.tar.gztarzxf nginx-1.9.12.tar.gzcdnginx-1.9.12./configure--prefix=/usr/local/nginx-1.9.12 \--user=www --group=www  --with-http_ssl_module \--with-http_stub_status_module  --with-file-aiomake&& makeinstallln-s  /usr/local/nginx-1.9.12/  /usr/local/nginx | 
检查语法
| 1 2 3 4 | [root@linux-node2 nginx-1.9.12]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file/usr/local/nginx-1.9.12/conf/nginx.conf syntax is oknginx: configuration file/usr/local/nginx-1.9.12/conf/nginx.conf testis successful[root@linux-node2 nginx-1.9.12]#  | 
检查服务器有无其它服务占用80端口,可以关闭了。
| 1 | [root@linux-node1 ~]# /usr/local/httpd/bin/apachectl -k stop | 
配置nginx反向代理,修改主配置文件
gzip是默认关闭的
长连接默认打开的
sendfile 默认打开的
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 | [root@linux-node1 conf]# cat nginx.conf#user  nobody;worker_processes  1;#error_log  logs/error.log;#error_log  logs/error.log  notice;#error_log  logs/error.log  info;#pid        logs/nginx.pid;events {    worker_connections  10240;}http {    include       mime.types;    default_type  application/octet-stream;    #log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘    #                  ‘$status $body_bytes_sent "$http_referer" ‘    #                  ‘"$http_user_agent" "$http_x_forwarded_for"‘;    #access_log  logs/access.log  main;    sendfile        on;    #tcp_nopush     on;    #keepalive_timeout  0;    keepalive_timeout  65;    #gzip  on;     upstream backend {                server 10.0.1.105:8080 weight=1  max_fails=3 fail_timeout=30s;                server 10.0.1.106:8080 weight=2  max_fails=3 fail_timeout=30s;       }       server {        listen       80;        server_name  www.nginx-nmap.com;        #charset koi8-r;        #access_log  logs/host.access.log  main;        location / {            root   html;            index  index.html index.htm;            proxy_pass http://backend;        }        #error_page  404              /404.html;        # redirect server error pages to the static page /50x.html        #        error_page   500 502 503 504  /50x.html;        location = /50x.html {            root   html;        }        # proxy the PHP scripts to Apache listening on 127.0.0.1:80        #        #location ~ \.php$ {        #    proxy_pass   http://127.0.0.1;        #}        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000        #        #location ~ \.php$ {        #    root           html;        #    fastcgi_pass   127.0.0.1:9000;        #    fastcgi_index  index.php;        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;        #    include        fastcgi_params;        #}        # deny access to .htaccess files, if Apache‘s document root        # concurs with nginx‘s one        #        #location ~ /\.ht {        #    deny  all;        #}    }    # another virtual host using mix of IP-, name-, and port-based configuration    #    #server {    #    listen       8000;    #    listen       somename:8080;    #    server_name  somename  alias  another.alias;    #    location / {    #        root   html;    #        index  index.html index.htm;    #    }    #}    # HTTPS server    #    #server {    #    listen       443 ssl;    #    server_name  localhost;    #    ssl_certificate      cert.pem;    #    ssl_certificate_key  cert.key;    #    ssl_session_cache    shared:SSL:1m;    #    ssl_session_timeout  5m;    #    ssl_ciphers  HIGH:!aNULL:!MD5;    #    ssl_prefer_server_ciphers  on;    #    location / {    #        root   html;    #        index  index.html index.htm;    #    }    #}}[root@linux-node1 conf]#  | 
负载均衡配置时的2个参数:fail_timeout和max_fails
这2个参数一起配合,来控制nginx怎样认为upstream中的某个server是失效的当在fail_timeout的时间内,某个server连接失败了max_fails次,则nginx会认为该server不工作了。
同时,在接下来的 fail_timeout时间内,nginx不再将请求分发给失效的server。
比如失败3次,那么接下来10秒不会之内不会把请求发个这个认为失败的机器。然后过了30秒后,这个机器继续收到探测请求.一般生产中设置为30秒
| 1 2 3 4 | upstream backend {           server 10.0.1.105:8080 weight=1  max_fails=3 fail_timeout=30s;           server 10.0.1.106:8080 weight=2  max_fails=3 fail_timeout=30s;  } | 
关于nginx反向代理功能由下面模块提供


检测语法,启动或者reload。查看监听状态
| 1 2 3 4 5 6 7 8 | [root@linux-node1 conf]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file/usr/local/nginx-1.9.12/conf/nginx.conf syntax is oknginx: configuration file/usr/local/nginx-1.9.12/conf/nginx.conf testis successful[root@linux-node1 conf]# /usr/local/nginx/sbin/nginx -s reload[root@linux-node1 conf]# netstat -lntp | grep 80tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      27141/nginx: master tcp6       0      0 :::8080                 :::*                    LISTEN      20130/httpd[root@linux-node1 conf]#  | 
浏览器测试


| 1 2 3 | [root@linux-node2 nginx-1.9.12]# systemctl stop httpd[root@linux-node2 nginx-1.9.12]# systemctl start httpd[root@linux-node2 nginx-1.9.12]#  | 
关于会话保持


重启
| 1 2 3 4 5 | [root@linux-node1 conf]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file/usr/local/nginx-1.9.12/conf/nginx.conf syntax is oknginx: configuration file/usr/local/nginx-1.9.12/conf/nginx.conf testis successful[root@linux-node1 conf]# /usr/local/nginx/sbin/nginx -s reload[root@linux-node1 conf]#  | 

关于nginx的负载均衡算法有很多,自行百度
 
        