基于nginx服务的负载均衡与反向代理

一、作用

  • 提高服务器处理能力
  • 降低成本
  • 提供冗余能力

二、分类

集群:一群完成相同工作的服务器。

  • 负载均衡集群(Load Balance)
    • 实现用户访问请求进行调度处理
    • 实现访问压力负载分担
  • 高可用集群
  • 高性能运算集群

三、部署流程

step1 web服务器进行环境配置

[root@web01 /etc/nginx/conf.d]# vim bbs.conf
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      root /var/html/bbs;
      index index.html index.htm;
   }
}
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# vim /var/html/bbs/index.html
Welcome to Nginx Provided by Web01.
Default Page.
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web02 /etc/nginx/conf.d]# vim bbs.conf 
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      root /var/html/bbs;
      index index.html index.htm;
   }
}
[root@web02 /etc/nginx/conf.d]# systemctl restart nginx.service
[root@web02 /etc/nginx/conf.d]# vim /var/html/bbs/index.html 
Welcome to Nginx Provided by Web02.
Default Page.
[root@web03 ~]# vim /application/nginx-1.16.0/conf/conf.d/bbs.conf 
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      root /var/html/bbs;
      index index.html index.htm;
   }
}
[root@web03 ~]# vim /var/html/bbs/index.html 
Welcome to Nginx Provided by Web03.
Default Page.
[root@web03 ~]# nginx -t 
nginx: the configuration file /application/nginx-1.16.0/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0/conf/nginx.conf test is successful
[root@web03 ~]# nginx -s reload

step2 测试负载均衡与web服务器间内网访问

[root@lb01 ~]# curl -H host:bbs.aspen.com 172.16.1.17
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 ~]# curl -H host:bbs.aspen.com 172.16.1.18
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 ~]# curl -H host:bbs.aspen.com 172.16.1.19
Welcome to Nginx Provided by Web03.
Default Page.

step3负载均衡部署配置

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
   server 172.16.1.17:80;
   server 172.16.1.18:80;
   server 172.16.1.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      #proxy_set_header X-Forwarded-For $remote_addr;
      #proxy_next_upstream error timeout http_404;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx 
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web03.
Default Page.
示例
upstream backend {

server backend1.example.com weight=5;
server 127.0.0.1:8080 max_fails=3 fail_timeout=30s;
server unix:/tmp/backend3;
server backup1.example.com backup;

}

1.weight(权重参数)

weight-按照权重值轮询分配资源
upstream aspen {

server 172.16.1.17:80 weight=3;
server 172.16.1.18:80 weight=2;
server 172.16.1.19:80 weight=1;

}

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
   server 172.16.1.17:80 weight=3;
   server 172.16.1.18:80 weight=2;
   server 172.16.1.19:80 weight=1;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      #proxy_set_header X-Forwarded-For $remote_addr;
      #proxy_next_upstream error timeout http_404;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx 
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.

2.least_conn(按照节点连接数分配资源)

当存在大量并发访问时,才能测试该参数效果;
upstream aspen {

least_conn;
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80;

}

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf 
upstream aspen {
   least_conn;
   server 172.16.1.17:80;
   server 172.16.1.18:80;
   server 172.16.1.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      #proxy_set_header X-Forwarded-For $remote_addr;
      #proxy_next_upstream error timeout http_404;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx 

3.ip hash(ip哈希)

IP哈希功能可以确保一个用户多次访问,负载均衡都负责分配给同一个Web结点,但是分配策略无法人工干预;

upstream aspen {

ip_hash;
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80;

}

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf 
upstream aspen {
   ip_hash;
   server 172.16.1.17:80;
   server 172.16.1.18:80;
   server 172.16.1.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      #proxy_set_header X-Forwarded-For $remote_addr;
      #proxy_next_upstream error timeout http_404;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx 
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.

4.max_fails && fail_timeout(健康检查功能)
健康检查功能服务默认开启

尝试连接最大失败次数
max_fails=次数
失败后超时时间
fail_timeout=时间

upstream aspen {

server 172.16.1.17:80 max_fails=3 fail_timeout=60s;
server 172.16.1.18:80 max_fails=3 fail_timeout=60s;
server 172.16.1.19:80 max_fails=3 fail_timeout=60s;

}

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf 
upstream aspen {
   server 172.16.1.17:80 max_fails=3 fail_timeout=60s;
   server 172.16.1.18:80 max_fails=3 fail_timeout=60s;
   server 172.16.1.19:80 max_fails=3 fail_timeout=60s;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      #proxy_set_header X-Forwarded-For $remote_addr;
      #proxy_next_upstream error timeout http_404;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx 
[root@web01 ~]# systemctl stop nginx.service 
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web03.
Default Page.
[root@web01 ~]# systemctl start nginx.service 
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.

5.backup(备份功能)

设为backup的web结点不会再被分发请求,只有该集群仅剩backup的web结点工作时,才向backup结点分配服务请求;

upstream aspen {

server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80 backup;

}

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf 
upstream aspen {
   server 172.16.1.17:80;
   server 172.16.1.18:80;
   server 172.16.1.19:80 backup;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      #proxy_set_header X-Forwarded-For $remote_addr;
      #proxy_next_upstream error timeout http_404;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.
[root@web01 ~]# systemctl stop nginx.service 
[root@web02 ~]# systemctl stop nginx.service 
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web03.
Default Page.

6.down(关闭集群结点)

设为down的结点将不会再被分发请求,直到该结点被取消down;设为down的模块相当于被注释;

upstream aspen {

server 172.16.1.17:80;
#server 172.16.1.18:80;
server 172.16.1.19:80 down;

}

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf 
upstream aspen {
   server 172.16.1.17:80;
   #server 172.16.1.18:80;
   server 172.16.1.19:80 down;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      #proxy_set_header X-Forwarded-For $remote_addr;
      #proxy_next_upstream error timeout http_404;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 ~]# systemctl start nginx
[root@web02 ~]# systemctl start nginx.service
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web01.
Default Page.
反向代理指令
proxy_pass http://集群站点名称
设置请求头信息
proxy_set_header Host $host
检查网站页面是否正确
proxy_next_upstream 错误类型

location / {

proxy_pass http://aspen;
proxy_set_header Host $host; #访问负载均衡可以根据请求url显示不同网站页面
proxy_set_header X-Forwarded-For $remote_addr; #使Web服务结点访问日志记录真实IP地址
proxy_next_upstream error timeout http_404; #web请求返回页面错误时,将请求发往其他web结点

}

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf 
upstream aspen {
   server 172.16.1.17:80;
   server 172.16.1.18:80;
   server 172.16.1.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;                    #访问负载均衡可以根据请求url显示不同网站页面
      proxy_set_header X-Forwarded-For $remote_addr;  #使Web服务结点访问日志记录真实IP地址
      proxy_next_upstream error timeout http_404;
   }
}

1. proxy_set_header Host $host;

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
   server 10.0.0.17:80;
   server 10.0.0.18:80;
   server 10.0.0.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_next_upstream error timeout http_404;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
   server 10.0.0.17:80;
   server 10.0.0.18:80;
   server 10.0.0.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      #proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_next_upstream error timeout http_404;
   }
}

[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx

2.proxy_set_header X-Forwarded-For $remote_addr;

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf 
upstream aspen {
   server 172.16.1.17:80;
   server 172.16.1.18:80;
   server 172.16.1.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      #proxy_set_header X-Forwarded-For $remote_addr;
      #proxy_next_upstream error timeout http_404;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 ~]# tail -f /var/log/nginx/access.log
172.16.1.15 - - [06/Aug/2019:20:41:54 +0800] "GET / HTTP/1.0" 200 50 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf 
upstream aspen {
   server 172.16.1.17:80;
   server 172.16.1.18:80;
   server 172.16.1.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $remote_addr;
      #proxy_next_upstream error timeout http_404;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 ~]# tail -f /var/log/nginx/access.log
172.16.1.15 - - [06/Aug/2019:20:45:36 +0800] "GET / HTTP/1.0" 200 50 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" "10.0.0.1

3.proxy_next_upstream error timeout http_404;

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf 
upstream aspen {
   server 172.16.1.17:80;
   server 172.16.1.18:80;
   server 172.16.1.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $remote_addr;
      #proxy_next_upstream error timeout http_404 http_403;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 ~]# mv /var/html/bbs/index.html{,.bak}
[root@web01 ~]# ls /var/html/bbs/
index.html.bak
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.16.0</center>
</body>
</html>
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.16.0</center>
</body>
</html>
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf 
upstream aspen {
   server 172.16.1.17:80;
   server 172.16.1.18:80;
   server 172.16.1.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_next_upstream error timeout http_404 http_403;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15 
Welcome to Nginx Provided by Web03.
Default Page.
172.16.1.15 - - [06/Aug/2019:20:50:24 +0800] "GET / HTTP/1.0" 403 153 "-" "curl/7.29.0" "10.0.0.15"
172.16.1.15 - - [06/Aug/2019:20:50:30 +0800] "GET / HTTP/1.0" 403 153 "-" "curl/7.29.0" "10.0.0.15"
172.16.1.15 - - [06/Aug/2019:20:52:29 +0800] "GET / HTTP/1.0" 403 153 "-" "curl/7.29.0" "10.0.0.15"

step4 访问测试

四、企业应用

  • 网站服务的动静分离

step1 部署Web集群服务

[root@web01 ~]# cd /var/html/bbs/
[root@web01 /var/html/bbs]# ls
index.html
[root@web01 /var/html/bbs]# cat index.html 
Welcome to Nginx Provided by Web01.
Default Page.
[root@web02 ~]# cd /var/html/bbs/
[root@web02 /var/html/bbs]# mkdir static
[root@web02 /var/html/bbs]# cp index.html ./static/
[root@web02 /var/html/bbs]# vim ./static/index.html 
Welcome to Nginx Provided by Web02.
Static Page.
[root@web03 ~]# cd /var/html/bbs/
[root@web03 /var/html/bbs]# mkdir upload
[root@web03 /var/html/bbs]# cp ./index.html ./upload/
[root@web03 /var/html/bbs]# vim ./upload/index.html 
Welcome to Nginx Provided by Web03.
Upload Page.

step2 编写负载均衡配置

[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream default {
   server 172.16.1.17:80;
}
upstream static{
    server 172.16.1.18:80;
}
upstream upload {
    server 172.16.1.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_next_upstream error timeout http_404 http_403;
   location / {
      proxy_pass http://default;
   }
   location /static/ {
      proxy_pass http://static;
   }
   location /upload/{
      proxy_pass http://upload;
   }
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx

step3 验证

  • 根据客户端显示不同界面

step1 部署Web集群服务

[root@web01 /var/html/bbs]# cat index.html 
Welcome to Nginx Provided by Web01.
Default Page.
[root@web02 /var/html/bbs]# vim ./index.html 
Welcome to Nginx Provided by Web02.
Firefox Page.
[root@web03 /var/html/bbs]# vim ./index.html 
Welcome to Nginx Provided by Web03.
Iphone Page.

step2 编写负载均衡配置

  • 负载均衡模块详细说明
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream default {
   server 172.16.1.17:80;
}
upstream firefox {
    server 172.16.1.18:80;
}
upstream iphone {
    server 172.16.1.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_next_upstream error timeout http_404 http_403;
   location / {
      proxy_pass http://default;
      if ($http_user_agent ~* Firefox) {
         proxy_pass http://firefox;
      }
      if ($http_user_agent ~* iphone) {
         proxy_pass http://iphone;
      }
   }  
}  
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx

step3 验证

五、负载均衡HTTPs访问

step1 部署Web集群服务

[root@web01 ~]# vim /var/html/bbs/index.html 
Welcome to Nginx Provided by Web01.
Default Page.
[root@web01 ~]# vim /etc/nginx/conf.d/bbs.conf 
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      root /var/html/bbs;
      index index.html index.htm;
   }
}
[root@web02 ~]# vim /var/html/bbs/index.html 
Welcome to Nginx Provided by Web02.
Firefox Page.
[root@web02 ~]# vim /etc/nginx/conf.d/bbs.conf 
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      root /var/html/bbs;
      index index.html index.htm;
   }
}
[root@web03 ~]# vim /var/html/bbs/index.html 
Welcome to Nginx Provided by Web03.
Iphone Page.
[root@web03 ~]# vim /application/nginx-1.16.0/conf/conf.d/bbs.conf 
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      root /var/html/bbs;
      index index.html index.htm;
   }
}

step2 模拟生成nginx负载均衡证书

[root@lb01 /etc/nginx/conf]# openssl genrsa -idea -out server.key 2048
Generating RSA private key, 2048 bit long modulus
...+++
........+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@lb01 /etc/nginx/conf]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Generating a 2048 bit RSA private key
.........................+++
.......+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ 
Locality Name (eg, city) [Default City]:FT
Organization Name (eg, company) [Default Company Ltd]:Personal
Organizational Unit Name (eg, section) []:Aspen
Common Name (eg, your name or your server's hostname) []:Load_Balance01
Email Address []:34567@qq.com

step3 编写虚拟主机配置文件

[root@lb01 /etc/nginx/conf]# vim ../conf.d/bbs.conf
upstream aspen {
   server 10.0.0.17:80;
   server 10.0.0.18:80;
   server 10.0.0.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   #return 301 https://$server_name/;
   rewrite (.*) https://$server_name$1 permanent;
}
server {
   listen 443 ssl;
   server_name bbs.aspen.com;
   ssl_certificate /etc/nginx/conf/server.crt;
   ssl_certificate_key /etc/nginx/conf/server.key;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_next_upstream error timeout http_404;
   }
}
[root@lb01 /etc/nginx/conf]# 
[root@lb01 /etc/nginx/conf]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 /etc/nginx/conf]# systemctl restart nginx

step4 验证

六、负载均衡网页篡改

sub_filter模块官方说明
step1 Web集群服务

[root@web01 ~]# cat /etc/nginx/conf.d/bbs.conf 
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      root /var/html/bbs;
      index index.html index.htm;
   }
}
[root@web01 ~]# cat /var/html/bbs/index.html 
Welcome to Nginx Provided by Web01.
Default Page.
[root@web02 ~]# cat /etc/nginx/conf.d/bbs.conf 
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      root /var/html/bbs;
      index index.html index.htm;
   }   
}
[root@web02 ~]# cat /var/html/bbs/index.html 
Welcome to Nginx Provided by Web02.
Default Page.
[root@web03 ~]# cat /application/nginx-1.16.0/conf/conf.d/bbs.conf 
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      root /var/html/bbs;
      index index.html index.htm;
   }
}
[root@web03 ~]# cat /var/html/bbs/index.html 
Welcome to Nginx Provided by Web03.
Default Page.

step2 负载均衡配置

替换指令
sub_filter '被替换内容' '替换内容';
替换所有字符串,默认是on状态,仅替换第一个匹配到的字符串;
sub_filter_once off;
[root@lb01 ~]# vim /etc/nginx/conf.d/bbs.conf
upstream aspen {
   server 10.0.0.17:80;
   server 10.0.0.18:80;
   server 10.0.0.19:80;
}
server {
   listen 80;
   server_name bbs.aspen.com;
   location / {
      proxy_pass http://aspen;
      proxy_set_header Host $host;
      sub_filter 'Default' 'Aspen';
      sub_filter_once off;
      #proxy_set_header X-Forwarded-For $remote_addr;
      #proxy_next_upstream error timeout http_404;
   }
}
[root@lb01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 ~]# systemctl restart nginx

step3 验证

[root@lb01 ~]# curl -H host:bbs.aspen.com 10.0.0.17
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 ~]# curl -H host:bbs.aspen.com 10.0.0.18
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 ~]# curl -H host:bbs.aspen.com 10.0.0.19
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 ~]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Aspen Page.
[root@lb01 ~]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web03.
Aspen Page.
[root@lb01 ~]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Aspen Page.

附:思维导图

发表评论

您的电子邮箱地址不会被公开。