Linux-Nginx负载均衡与代理
Nginx负载均衡与代理一、代理概述
代理:外卖/中介/中间商 用户无法直接做某些事情,通过中介进行处理,这个中介就是代理
用户--->代理--->web节点,后面只有一个节点,一般使用的是nginx代理功能即可,后面如果有多个节点(也就是集群)的话,需要使用nginx负载均衡功能
二、代理分类
代理分类方向应用正向代理用户(服务器)--->代理--->外部(某网站)服务器通过代理实现共享上网/访问某个网站反向代理用户(app/浏览器)--->代理--->网站服务器(WEB)给网站设置个统一入口,后面是网站集群三、极速上手指南
1.环境概述
角色主机名ip代理lb0110.0.0.5/172.16.1.5webweb0110.0.0.7/172.16.1.7域名proxy.cn站点目录/app/code/proxy/index.html#配置nginx源
# cat /etc/yum.repos.d/nginx.repo
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
#安装nginx
# yum -y install nginx2.环境准备
2.1 web服务器
#配置代理使用的子配置文件
# cat /etc/nginx/conf.d/proxy.cn.conf
server{
listen 80;
server_name proxy.cn;
root /app/code/proxy;
error_log/var/log/nginx/proxy.cn-error.log notice;
access_log/var/log/nginx/proxy.cn-access.logmain;
location /{
index index.html;
}
}
#配置首页文件
# cat /app/code/proxy/index.html
web01.proxy.cn
#测试web服务器
# curl -H Host:proxy.cn http://10.0.0.7
web01.proxy.cn2.2 lb01代理服务器
不需要配置站点目录,仅仅配置转发即可proxy_pass
# cat /etc/nginx/conf.d/proxy.cn.conf
server{
listen 80;
server_name proxy.cn;
error_log/var/log/nginx/proxy.cn-error.log notice;
access_log/var/log/nginx/proxy.cn-access.logmain;
location / {
proxy_pass http://10.0.0.7;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}#测试代理
# curl -H Host:proxy.cn http://10.0.0.5
web01.proxy.cn补充
proxy_pass指令: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
四、代理案例
4.1 web有多个虚拟主机故障案例
故障现象:
web服务器有多个虚拟主机的时候,通过代理访问web出现异常,访问的不是我们想要的虚拟主机
原因:
代理向后端web节点发出请求的时候,请求头中的Host,呗修改成ip地址形式
相当于代理通过ip地址访问web服务器,只显示默认的虚拟主机了
解决:
修改代理到web的请求头,Host部分
proxy_set_header Host $http_host;
server{
listen 80;
server_name proxy.cn;
error_log/var/log/nginx/proxy.cn-error.log notice;
access_log/var/log/nginx/proxy.cn-access.logmain;
location / {
proxy_pass http://10.0.0.7; #这一行的作用是,请求传递给指定的节点
proxy_set_header Host $http_host; #加了这一行,就会修改Host,不加的话,传过去就是ip
}
}补充:
$http_host 是nginx的变量之一,用于取出Host的内容(域名)
4.2 web记录用户真实的ip地址
现象:用户请求经过代理,然后访问web,web服务器没有记录真实的客户端的ip地址,而是记录了代理的ip
解决:
在代理上面修改请求头,最后在web服务器上记录真实的ip地址
proxy_set_header X-Forwarded-For $remote_addr;
server{
listen 80;
server_name proxy.cn;
error_log/var/log/nginx/proxy.cn-error.log notice;
access_log/var/log/nginx/proxy.cn-access.logmain;
location / {
proxy_pass http://10.0.0.7;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr; #加了这一行用来记录真实的ip
}
}
补充:
$proxy_add_x_forwarded_for
变量相当于$remote_addr 客户ip地址.
多层代理的时候,会记录每个代理的ip地址.相当于记录了多个$remote_addr
XFF头的内容需要通过$http_x_forwarded_for变量获取并写入到日志中.
#实际应用:
server{
listen 80;
server_name nginxconf.cn;
error_log/var/log/nginx/nginxconf.cn-error.log notice;
access_log/var/log/nginx/nginxconf.cn-access.logmain;
location / {
proxy_pass http://10.0.0.7;
proxy_set_header Host $http_host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #访问日志识别的是XFF
}
}4.3 负载均衡案例 部署nginxconf站点并访问
4.3.1 环境要求
主机名说明lb0110.0.0.5/172.16.1.5web0110.0.0.7/172.16.1.7web0210.0.0.8/172.16.1.8域名nginxconf.cn站点目录/app/code/nginxconf4.3.2 web服务器准备
# cat /etc/nginx/conf.d/nginxconf.cn.conf
server{
listen 80;
server_name nginxconf.cn;
root /app/code/nginxconf;
error_log/var/log/nginx/nginxconf.cn-error.log notice;
access_log/var/log/nginx/nginxconf.cn-access.logmain;
location /{
index index.html;
}
}
#上传代码并解析到这个目录
链接:https://pan.baidu.com/s/1_WMsGUzzKoP53rrsjO8n2w
提取码:ulzj
--来自百度网盘超级会员V6的分享
# ll /app/code/nginxconf/
total 1992
-rw-r--r-- 1 root root 230532 Sep 16 11:23 banner.png
-rw-r--r-- 1 root root 625553 Sep 16 11:23 banner.svg
drwxr-xr-x 2 root root 21 Sep 16 11:23 css
drwxr-xr-x 2 root root 300 Sep 16 11:23 fonts
-rw-r--r-- 1 root root 19 Feb 13 17:17 index.html
-rw-r--r-- 1 root root 116972 Feb 13 17:16 index.html.bak
drwxr-xr-x 2 root root 195 Sep 16 11:23 js
-rw-r--r-- 1 root root 328581 Sep 16 11:23 nginx.png
-rw-r--r-- 1 root root 269221 Sep 16 11:23 nginx.svg
-rw-r--r-- 1 root root 447599 Sep 16 11:23 report.html
-rw-r--r-- 1 root root 26 Sep 16 11:23 robots.txt
#注:web01和web02的配置一样,拷过去即可4.3.3 负载均衡配置
upstream nginxconf_pools{
server 10.0.0.7:80;
server 10.0.0.8:80;
}
server{
listen 80;
server_name nginxconf.cn;
error_log/var/log/nginx/nginxconf.cn-error.log notice;
access_log/var/log/nginx/nginxconf.cn-access.logmain;
location / {
proxy_pass http://nginxconf_pools;
proxy_set_header Host $http_host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}注意事项
upstream与server是同一级
#测试
#修改了index.html测试一下
# cat /app/code/nginxconf/index.html
web01 nginxconf.cn
# cat /app/code/nginxconf/index.html
web02 nginxconf.cn
# curl -H Host:nginxconf.cn http://10.0.0.5
web01 nginxconf.cn
# curl -H Host:nginxconf.cn http://10.0.0.5
web02 nginxconf.cn
# curl -H Host:nginxconf.cn http://10.0.0.5
web01 nginxconf.cn
# curl -H Host:nginxconf.cn http://10.0.0.5
web02 nginxconf.cn4.4 练习
1. 1台web+数据库+存储: lnmp连接nfs存储
2. 2台webb+数据库+存储: lnmp连接nfs存储
3. lb01+2台web+数据库+存储:小型网站集群.
#启动nginx和php
# groupadd -g 888 www
# useradd -u 888 -g 888 -s /sbin/nologin -M www
# id www
# grep www /etc/nginx/nginx.conf
userwww;
# ps -ef |grep nginx
root 34264 10 07:25 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www 51175342640 20:37 ? 00:00:00 nginx: worker process
# grep -nwww /etc/php-fpm.d/www.conf
1:; Start a new pool named 'www'.
2:
8:user = www #修改这一行
10:group = www #修改这一行
# systemctl restart php-fpm
# ps -ef|grep php-fpm
root 51287 10 20:40 ? 00:00:00 php-fpm: master process (/etc/php-fpm.conf)
www 51288512870 20:40 ? 00:00:00 php-fpm: pool www
www 51289512870 20:40 ? 00:00:00 php-fpm: pool www
www 51290512870 20:40 ? 00:00:00 php-fpm: pool www
www 51291512870 20:40 ? 00:00:00 php-fpm: pool www
www 51292512870 20:40 ? 00:00:00 php-fpm: pool www
#nfs创建共享
# groupadd -g 888 www
#useradd -u 888 -g 888 -s /sbin/nologin -M www
# id www
uid=888(www) gid=888(www) groups=888(www)
# mkdir /data/wordpress
# chown -R www.www /data/wordpress/
# cat /etc/exports
/data/wordpress 172.16.1.0/24(rw,all_squash,anonuid=888,anongid=888)
root@nfs ~]# systemctl reload nfs
# showmount -e
Export list for nfs:
/data/wordpress 172.16.1.0/24
#web01挂载
# mount -t nfs 172.16.1.31:/data/wordpress /app/code/blog/wp-content/uploads
# df -h
172.16.1.31:/data/wordpress 17G2.0G 15G12% /app/code/blog/wp-content/uploads
#web01打包代码
# tar zcf blog.tar.gzblog/
# scp blog.tar.gz 10.0.0.8:/app/code
#web02解压代码并进行挂载
# tar xf blog.tar.gz
# ll
total 24624
drwxr-xr-x 5 nginx nginx 4096 Feb 13 10:56 blog
# yum -y install nfs-utils
# mount -t nfs 172.16.1.31:/data/wordpress /app/code/blog/wp-content/uploads
# df -h
172.16.1.31:/data/wordpress 17G2.0G 16G12% /app/code/blog/wp-content/uploads
#拷贝web01的配置文件
# scp 10.0.0.7:/etc/nginx/conf.d/blog.cn.conf .
# cat blog.cn.conf
server{
listen 80;
server_name blog.cn;
root /app/code/blog;
error_log /var/log/nginx/blog-error.log notice ;
access_log /var/log/nginx/blog-access.log main;
location / {
indexindex.php;
}
location ~*\.php$ {
#传递给php
fastcgi_pass 127.0.0.1:9000;
fastcgi_indexindex.php;
#下面内容需要修改
#fastcgi_paramSCRIPT_FILENAME/app/code/blog$fastcgi_script_name;
fastcgi_paramSCRIPT_FILENAME$document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# systemctl reload nginx
# systemctl restart php-fpm
#测试网站是否启动
# curl -H Host:blog.cn http://10.0.0.8
# cat /etc/nginx/conf.d/blog.cn.conf
upstream blog_pools{
server 10.0.0.7:80;
server 10.0.0.8:80;
}
server{
listen 80;
server_name blog.cn;
error_log/var/log/nginx/nginxconf.cn-error.log notice;
access_log/var/log/nginx/nginxconf.cn-access.logmain;
location / {
proxy_pass http://blog_pools;
proxy_set_header Host $http_host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}2023/02/13 21:14:38 51175#51175: *587 a client request body is buffered to a temporary file /var/cache/nginx/client_temp/0000000009, client: 10.0.0.5, server: blog.cn, request: "POST /index.php?rest_route=%2Fwp%2Fv2%2Fmedia&_locale=user HTTP/1.0", host: "blog.cn", referrer: "http://blog.cn/wp-admin/post.php?post=9&action=edit"
#图片太大解决方法
# cat /etc/nginx/nginx.conf
client_max_body_size 50M;
client_body_buffer_size 50M;
# vim /etc/php.ini
upload_max_filesize = 30M
#页面错乱
# cat /etc/nginx/conf.d/blog.cn.conf
fastcgi_buffering on;
fastcgi_buffers 64 64k;五、负载均衡vs反向代理
内容共同点区别服务负载均衡用户的请求分发到后端节点上用户--->lb--->web
lb负载均衡做的是数据转发,不会产生新的请求,1个请求1个响应lvs反向代理用户的请求分发到后端节点上中间有个中介,用户--->中介---->web 2个请求2个响应
代理代替用户去找web服务器nginx/tengine/openresty六、负载均衡模块的选项
upstream模块 server指令支持的选项
选项说明应用场景weight权重,根据权重nginx分配请求如果web的服务端配置不同,根据配置分配比例max_failsnginx具备一些健康检查功能,指定失败的次数,超过这个次数就认为节点挂了一般情况下可以设置1-3.缓存业务可以设置为10fail_timeout认为节点挂了后,间隔多久再次检查健康情况,默认是10s根据要求设置时间即可,可以长些。30/60sbackup备胎服务器,其他所有服务器都挂了,才启用使用的时候要考虑雪崩的情况upstrem pools {
server 10.0.0.7:80weight=1 max_fails=3 fail_timeout=10s;
server 10.0.0.8:80weight=1 max_fails=3 fail_timeout=10s;
server 10.0.0.9:80 backup;
}七、案例: wordpress接入负载均衡
php安装包与wordpress源码包:
链接:https://pan.baidu.com/s/1xJiUD4s7X7LhpX_d7gFLCA
提取码:8amh
--来自百度网盘超级会员V6的分享
1. nfs存储
# groupadd -g 888 www
# useradd -u 888 -g 888 -s /sbin/nologin -M www
# cat /etc/exports
/data/wordpress 172.16.1.0/24(rw,all_squash,anonuid=888,anongid=888)
# systemctl reload nfs
# mkdir -p /data/wordpress
# chown -R www.www /data/wordpress
# showmount -e
Export list for nfs:
/data/wordpress 172.16.1.0/242. db数据库
# mysql -uroot -p1
Welcome to the MariaDB monitor.Commands end with ; or \g.
Your MariaDB connection id is 843
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database wordpress;
MariaDB [(none)]> grant all on wordpress.* to 'wordpress'@'172.16.1.%' identified by '1';
MariaDB [(none)]> select user,host from mysql.user
-> ;
+-----------+------------+
| user | host |
+-----------+------------+
| root | 127.0.0.1|
| test | 172.16.1.% |
| wordpress | 172.16.1.% |
| root | ::1 |
| root | localhost|
| test | localhost|
+-----------+------------+
6 rows in set (0.00 sec)3. web01
# groupadd -g 888 www
# useradd -u 888 -g 888 -s /sbin/nologin -M www
# id www
uid=888(www) gid=888(www) groups=888(www)
# grep www /etc/nginx/nginx.conf
userwww;
# systemctl reload nginx
# grep www /etc/php-fpm.d/www.conf
; Start a new pool named 'www'.
user = www
group = www
# systemctl reload php-fpm
# ps -ef|grep www
www 51519342640 14:57 ? 00:00:00 nginx: worker process
www 51587334360 14:58 ? 00:00:00 php-fpm: pool www
www 51588334360 14:58 ? 00:00:00 php-fpm: pool www
www 51589334360 14:58 ? 00:00:00 php-fpm: pool www
www 51590334360 14:58 ? 00:00:00 php-fpm: pool www
www 51591334360 14:58 ? 00:00:00 php-fpm: pool www
# cat wordpress.cn.conf
server{
listen 80;
server_name wordpress.cn;
root /app/code/wordpress;
error_log /var/log/nginx/wordpress-error.log notice ;
access_log /var/log/nginx/wordpress-access.log main;
location / {
indexindex.php;
}
location ~*\.php$ {
#传递给php
fastcgi_pass 127.0.0.1:9000;
fastcgi_indexindex.php;
fastcgi_buffering on;
fastcgi_buffers 64 64k;
#下面内容需要修改
#fastcgi_paramSCRIPT_FILENAME/app/code/blog$fastcgi_script_name;
fastcgi_paramSCRIPT_FILENAME$document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# systemctl reload nginx
# unzip wordpress-6.1.1.zip-d /app/code/
# chown -R www.www /app/code/wordpress/
#C:\Windows\System32\drivers\etc\hosts添加解析
10.0.0.7 wordpress.cn
#浏览器访问wordpress.cn
#进行配置数据库
#创建图片的上传路径
# mkdir /app/code/wordpress/wp-content/uploads
# mount -t nfs 172.16.1.31:/data/wordpress /app/code/wordpress/wp-content/uploads
# df -h |grep uploads
172.16.1.31:/data/wordpress 17G2.0G 15G12% /app/code/wordpress/wp-content/uploads
#浏览器上传图片,发现nfs有这个图片了
# tree /data/wordpress/
/data/wordpress/
└── 2023
└── 02
├── cat-150x150.jpg
├── cat-258x300.jpg
└── cat.jpg
2 directories, 3 files4. web02
# groupadd -g 888 www
# useradd -u 888 -g 888 -s /sbin/nologin -M www
# id www
uid=888(www) gid=888(www) groups=888(www)
# scp 10.0.0.7:/root/php72w-all.tar.gz .
# tar xf php72w-all.tar.gz
# yum -y localinstall *.rpm
# grep www /etc/php-fpm.d/www.conf
; Start a new pool named 'www'.
user = www
group = www
# systemctl start php-fpm
# systemctl enable php-fpm
# grep www /etc/nginx/nginx.conf
userwww;
# systemctl enable nginx
# systemctl start nginx
# ps -ef |grep www
www 4065 40640 15:11 ? 00:00:00 nginx: worker process
www 4101 41000 15:12 ? 00:00:00 php-fpm: pool www
www 4102 41000 15:12 ? 00:00:00 php-fpm: pool www
www 4103 41000 15:12 ? 00:00:00 php-fpm: pool www
www 4104 41000 15:12 ? 00:00:00 php-fpm: pool www
www 4105 41000 15:12 ? 00:00:00 php-fpm: pool www
#复制web01的配置文件
# scp 10.0.0.7:/etc/nginx/conf.d/wordpress.cn.conf .
# systemctl reload nginx
#在web01打包代码
# tar zcf ~/wordpress-no-uploads.tar.gz /app/code/wordpress --exclude=/app/code/wordpress/wp-content/uploads
#从web01拷贝代码,并解压
# scp 10.0.0.7:/root/wordpress-no-uploads.tar.gz .
# tar xf wordpress-no-uploads.tar.gz-C /
# cd /app/code/wordpress/
# ll
total 228
-rw-r--r--1 www www 405 Feb62020 index.php
-rw-r--r--1 www www 19915 Jan12022 license.txt
-rw-r--r--1 www www7389 Sep 17 06:27 readme.html
-rw-r--r--1 www www7205 Sep 17 07:13 wp-activate.php
drwxr-xr-x9 www www4096 Nov 16 03:03 wp-admin
-rw-r--r--1 www www 351 Feb62020 wp-blog-header.php
-rw-r--r--1 www www2338 Nov 102021 wp-comments-post.php
-rw-rw-rw-1 www www3277 Feb 14 15:04 wp-config.php
-rw-r--r--1 www www3001 Dec 142021 wp-config-sample.php
drwxr-xr-x7 www www 99 Feb 14 15:06 wp-content
-rw-r--r--1 www www5543 Sep 20 23:44 wp-cron.php
drwxr-xr-x 27 www www 12288 Nov 16 03:03 wp-includes
-rw-r--r--1 www www2494 Mar 202022 wp-links-opml.php
-rw-r--r--1 www www3985 Sep 19 16:59 wp-load.php
-rw-r--r--1 www www 49135 Sep 20 06:26 wp-login.php
-rw-r--r--1 www www8522 Oct 17 19:06 wp-mail.php
-rw-r--r--1 www www 24587 Sep 26 18:17 wp-settings.php
-rw-r--r--1 www www 34350 Sep 17 08:35 wp-signup.php
-rw-r--r--1 www www4914 Oct 17 19:22 wp-trackback.php
-rw-r--r--1 www www3236 Jun92020 xmlrpc.php
#挂载目录
# yum -y install nfs-utils
# mount -t nfs 172.16.1.31:/data/wordpress /app/code/wordpress/wp-content/uploads
# df -h |grep uploads
172.16.1.31:/data/wordpress 17G2.0G 15G12% /app/code/wordpress/wp-content/uploads
#C:\Windows\System32\drivers\etc\hosts修改解析
10.0.0.8 wordpress.cn
#浏览器访问wordpress.cn
#图片显示正常,证明,web02没问题5. lb
# cat wordpress.cn.conf
upstream wordpress_pools{
server 10.0.0.7:80;
server 10.0.0.8:80;
}
server{
listen 80;
server_name wordpress.cn;
error_log/var/log/nginx/wordpress.cn-error.log notice;
access_log/var/log/nginx/wordpress.cn-access.logmain;
location / {
proxy_pass http://wordpress_pools;
proxy_set_header Host $http_host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# systemctl reload nginx
#C:\Windows\System32\drivers\etc\hosts修改解析
10.0.0.5 wordpress.cn
#浏览器访问wordpress.cn
#图片显示正常,证明,lb没问题八、会话保持
1.概述
用户的请求,登录的请求,经过负载均衡后落到后面的web服务器上,登录的状态/信息也会记录在web服务器上,就会导致不通的web服务器上,登录状态不统一,造成用户频繁需要登录
2. cookieVSsession
技术点共同点区别其他cookie存放用户的信息,登录信息存放在客户端浏览器服务器给客户端响应,进行设置set-cookie,未来
再次访问携带着cookie访问服务端session存放用户的信息,登录信息存放在服务端浏览器cookie与服务端的session对应F12查看cookie
3.会话保持方案
[*]登录状态写入cookie中(wordpress)
[*]cookie+session方式 + 统一存放session服务器(会话保持服务器)
[*]通过认证服务实现Oauth 2.0(使用token方式)
[*]ip_hash方法
[*]通过redis实现phpmyadmin/kodbox会话共享.
4.部署phpmyadmin
phpmyadmin安装包:
链接:https://pan.baidu.com/s/1D9U9oyri3lkZRNriYqj1gA
提取码:amvr
--来自百度网盘超级会员V6的分享
4.1 db
MariaDB [(none)]> grant all on *.* to 'phpmyadmin'@'172.16.1.%' identified by '1';4.2 web01
# unzipphpMyAdmin-5.2.1-all-languages.zip-d /app/code/
# mv phpMyAdmin-5.2.1-all-languages/ phpMyAdmin/
# chown -R www.www phpMyAdmin/
# cat phpmyadmin.cn.conf
server{
listen 80;
server_name phpmyadmin.cn;
root /app/code/phpMyAdmin; #注意目录名字
error_log /var/log/nginx/phpmyadmin-error.log notice ;
access_log /var/log/nginx/phpmyadmin-access.log main;
location / {
indexindex.php;
}
location ~*\.php$ {
#传递给php
fastcgi_pass 127.0.0.1:9000;
fastcgi_indexindex.php;
fastcgi_buffering on;
fastcgi_buffers 64 64k;
#下面内容需要修改
#fastcgi_paramSCRIPT_FILENAME/app/code/blog$fastcgi_script_name;
fastcgi_paramSCRIPT_FILENAME$document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# systemctl reload nginx#浏览器访问http://phpmyadmin.cn/,提示下面的问题
phpMyAdmin - Error
Error during session start; please check your PHP and/or webserver log file and configure your PHP installation properly. Also ensure that cookies are enabled in your browser.
session_start(): open(SESSION_FILE, O_RDWR) failed: Permission denied (13)
session_start(): Failed to read session data: files (path: /var/lib/php/session)
#原因:/var/lib/php/session没有权限
#解决:# chown -R www.www /var/lib/php/session#不提示了,还是进不去,是因为phpmyadmin默认访问的是本地数据库
解决方法:
# cpconfig.sample.inc.phpconfig.inc.php
# grep host config.inc.php
$cfg['Servers'][$i]['host'] = '172.16.1.51'; #修改这一行的ip
#浏览器访问http://phpmyadmin.cn/,输入新建的用户名和密码进去了4.3 web02
#拷贝web01的代码
# scp -r 10.0.0.7:/app/code/phpMyAdmin/ .
# chown -R www.www phpMyAdmin/
#拷贝web01的nginx配置
# scp 10.0.0.7:/etc/nginx/conf.d/phpmyadmin.cn.conf .
# systemctl reload nginx
# chown -R www.www /var/lib/php/session4.4 部署redis
# yum -y install redis
# grep -n 172.16.1.51 /etc/redis.conf
61:bind 127.0.0.1 172.16.1.51
# systemctl start redis
# systemctl enable redis
#systemctl enable now redis
# ss -lnutp |grep redis
tcp LISTEN 0 128 172.16.1.51:6379 *:* users:(("redis-server",pid=10772,fd=5))
tcp LISTEN 0 128 127.0.0.1:6379 *:* users:(("redis-server",pid=10772,fd=4))4.5 lb配置文件
# cat phpmyadmin.cn.conf
upstream phpmyadmin_pools{
server 10.0.0.7:80;
server 10.0.0.8:80;
}
server{
listen 80;
server_name phpmyadmin.cn;
error_log/var/log/nginx/phpmyadmin.cn-error.log notice;
access_log/var/log/nginx/phpmyadmin.cn-access.logmain;
location / {
proxy_pass http://phpmyadmin_pools;
proxy_set_header Host $http_host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# systemctl reload nginx4.6 php配置文件指定会话存放位置
#创建新的子配置文件
# egrep -v '^$|;' www.conf >session.conf
# cat session.conf
#修改名字
user = www
group = www
listen = 127.0.0.1:9001 #修改端口号
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value = /var/log/php-fpm/www-error.log
php_admin_flag = on
php_value = redis #修改为redis
php_value = tcp://172.16.1.51:6379#修改为redis的地址
php_value= /var/lib/php/wsdlcache
#检查配置文件是否有问题
# php-fpm -t
NOTICE: configuration file /etc/php-fpm.conf test is successful
# systemctl reload php-fpm
# cat /etc/nginx/conf.d/phpmyadmin.cn.conf
server{
listen 80;
server_name phpmyadmin.cn;
root /app/code/phpMyAdmin;
error_log /var/log/nginx/phpmyadmin-error.log notice ;
access_log /var/log/nginx/phpmyadmin-access.log main;
location / {
indexindex.php;
}
location ~*\.php$ {
#传递给php
fastcgi_pass 127.0.0.1:9001; #修改端口号
fastcgi_indexindex.php;
fastcgi_buffering on;
fastcgi_buffers 64 64k;
#下面内容需要修改
#fastcgi_paramSCRIPT_FILENAME/app/code/blog$fastcgi_script_name;
fastcgi_paramSCRIPT_FILENAME$document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# systemctl reload nginx
#web02配置
# scp 10.0.0.7:/etc/nginx/conf.d/phpmyadmin.cn.conf .
# systemctl reload nginx
# scp 10.0.0.7:/etc/php-fpm.d/session.conf .
# systemctl reload php-fpm九、轮询算法
1. 概述
决定负载均衡如何把请求分发给后端节点,这种分发的方式就是轮询算法
2.轮询算法
算法说明rr轮询round robin 轮询,默认的循环访问wrr加权轮询,在轮询的基础上增加权重的功能,server 中 weight 就是加权轮询ip_haship哈希,只要客户端ip一样,就会一直访问同一个后端节点。(用户请求与web服务器绑定)
解决会话保持/会话共享 可能导致负载不均xxx_hashurl_hash 只要用户访问的url相同,就访问相同的web服务器
缓存服务器:静态资源缓存least_conn最小连接数:lc算法,也可以配合上权重, weight wlc权重的最小连接数一致性hash算法#ip_hash
upstream nginxconf_pools{
ip_hash;
server 10.0.0.7:80;
server 10.0.0.8:80;
}
server{
listen 80;
server_name nginxconf.cn;
error_log/var/log/nginx/nginxconf.cn-error.log notice;
access_log/var/log/nginx/nginxconf.cn-access.logmain;
location / {
proxy_pass http://nginxconf_pools;
proxy_set_header Host $http_host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#url_hash
hash $request_uri;十、案例:对负载均衡进行状态检查
负载均衡状态检查模块: ngx_http_upstream_check_module
默认nginx没有安装,是一个第三方的模块,需要编译安装nginx添加这个模块
#找一台没有nginx的机器
#编译安装tengine,生成nginx命令,替代lb上的nginx的命令
安装依赖
./configure 配置(生成Makefile) 指定各种位置,否则就会安装到/usr/local/
make 编译(根据Makefile进行编译-->生成对应的命令)
make install 创建目录,复制文件..
#安装依赖
yum install -y pcre-devel openssl-devel
#配置的步骤
./configure--prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'--add-module=modules/ngx_http_upstream_check_module--add-module=modules/ngx_http_upstream_session_sticky_module/
#进行编译
make -j 1#cpu核心总数决定. 加速编译
#最后的安装(略)
不需要执行make install
我们不需要在当前主机安装tengine
#检查编译后生成的命令即可
./objs/nginx -V#替换nginx命令步骤
# ll nginx
-rwxr-xr-x 1 root root 10544592 Feb 17 10:29 nginx
# mv /sbin/nginx /sbin/nginx.1.22
# cp nginx /sbin/
# ll /sbin/nginx
-rwxr-xr-x 1 root root 10544592 Feb 17 10:31 /sbin/nginx
# pkillnginx
# nginx -V
Tengine version: Tengine/2.3.3
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' --add-module=modules/ngx_http_upstream_check_module --add-module=modules/ngx_http_upstream_session_sticky_module/
# systemctl start nginx
# ps -ef|grep nginx
root 8836 10 10:32 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www 8837 88360 10:32 ? 00:00:00 nginx: worker process
root 8839 86890 10:32 pts/0 00:00:00 grep --color=auto nginx
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: mkdir() "/var/cache/nginx/client_temp" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
#创建这个文件即可upstream admin_pools {
server 10.0.0.7:80;
server 10.0.0.8:80;
# # 检查间隔 ms 成功2次,存活 失败5次认为挂了 超时时间 ms 检查类型
check interval=3000 rise=2 fall=5 timeout=1000 type=http;
#请求方法 URI (uri最好反应业务是否正常,找开发写个页面)
check_http_send "HEAD / HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
}
server {
listen 80;
server_name admin.cn;
error_log /var/log/nginx/admin-error.log notice ;
access_log /var/log/nginx/admin-access.log main;
location / {
proxy_pass http://admin_pools;
proxy_set_headerHost $http_host;
proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;
}
location /admin_status{
check_status;
access_log off;
allow 10.0.0.1;
allow 172.16.1.0/24;
deny all;
}
}upstream_check模块指令说明check指定检查频率,失败几次,成功几次,检查间隔,检查方式check_http_send通过http方式发出请求报文,请求报文起始行,请求方法,请求的URI,请求协议(默认的是ip方式访问)check_http_expect_alive收到指定的状态码,就认为是存活的check_status开启负载均衡状态检查功能,web页面。注意: 如果后端web有多个虚拟主机.
upstream check进行访问的时候默认使用的ip方式进行访问.
在发出http请求的时候指定域名
check_http_send "HEAD / HTTP/1.0\r\nHost: lb.cn\r\n\r\n";
十一、案例:nginx平滑升级
步骤准备好新的nginx命令(已经测试的)把当前环境的nginx的命令备份,使用新的替换通过kill命令向当前运行nginx发出信号,准备被替代-USR2 pid把当前运行的nginx的pid文件改个名,使用新的nginx命令启动nginx进程测试调试,关闭旧的nginx进程即可#查看测试好的nginx
# ll |grep nginx
-rwxr-xr-x1 root root 10544592 Feb 19 13:37 nginx
#查看当前nginx版本
# nginx -v
nginx version: nginx/1.22.1
#查看当前nginx的pid
# cat /var/run/nginx.pid*
63374
#备份nginx命令
# mv /sbin/nginx /sbin/nginx-v1.22.0
#移动命令到nginx目录
# mv nginx /sbin/nginx
#查看移动后的命令
# nginx -v
Tengine version: Tengine/2.3.3
nginx version: nginx/1.18.0
#准备新老交替 生成新的pid文件和重命名的pid文件
# kill -USR2 `cat /var/run/nginx.pid`
# ll /var/run/nginx.pid*
-rw-r--r-- 1 root root 6 Feb 19 13:42 /var/run/nginx.pid
-rw-r--r-- 1 root root 6 Feb 17 11:07 /var/run/nginx.pid.oldbin
# ps -ef|grep nginx
root 63374 10 07:42 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www 68981633740 12:45 ? 00:00:00 nginx: worker process
root 70281633740 13:42 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www 70282702810 13:42 ? 00:00:00 nginx: worker process
#杀死旧的进程
# kill 63374
#就剩下新的进程文件和新的进程
# ps -ef|grep nginx
root 70281 10 13:42 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www 70282702810 13:42 ? 00:00:00 nginx: worker process
root 70327697770 13:44 pts/1 00:00:00 grep --color=auto nginx
# ll /var/run/nginx.pid*
-rw-r--r-- 1 root root 6 Feb 19 13:42 /var/run/nginx.pid
来源:https://www.cnblogs.com/world-of-yuan/p/17145890.html
免责声明:由于采集信息均来自互联网,如果侵犯了您的权益,请联系我们【E-Mail:cb@itdo.tech】 我们会及时删除侵权内容,谢谢合作!
页:
[1]