码迷,mamicode.com
首页 > 系统相关 > 详细

Linux nginx代理介绍

时间:2018-06-01 14:31:31      阅读:250      评论:0      收藏:0      [点我收藏+]

标签:linux nginx

nginx作为web服务器一个重要的功能就是反向代理。nginx反向代理的指令不需要新增额外的模块,默认自带proxy_pass指令,只需要修改配置文件就可以实现反向代理。

proxy_pass

http://www.proxy.develop/admin/a/index.html
location /admin {
                proxy_pass http://192.168.1.201:80/;

}
访问的是真实服务器 http://192.168.1.201:80/a/index.html
http://www.proxy.develop/admin/a/index.html
location /admin {
                proxy_pass http://192.168.1.201:80;
}
访问的是真实服务器 http://192.168.1.201:80/admin/a/index.html

proxy_set_header

proxy_set_header ? 设置代理服务到真实服务器的header
没设置代理header前:
技术分享图片

 location / {
      proxy_pass http://192.168.1.201:80;
      proxy_set_header X-Real-IP $remote_addr;                      #如果仅仅是一级代理,这个就可以了,key可以随意修改
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  #这种方式比较优雅,会自动修改多级代理中的客户端ip,这里的key是固定的
}

技术分享图片

set_header

设置代理服务器到客户端的header, set_header,需要ngx_http_headers_module模块实现

location / {
        proxy_pass http://192.168.1.201:80;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        add_header X-Via  $server_addr;
        add_header X-Accel $server_name;
}

技术分享图片

缓存

缓存一定要注意使用,动态数据有时候被缓存很蛮烦。

http{
    proxy_cache_path /data/nginx/cache  levels=1:1:2   keys_zone=one:10m inactive=10m max_size=2g;  #设置缓存结构
}
server{
                proxy_cache  one;
                proxy_cache_key $request_uri;
                proxy_cache_methods GET HEAD;
                proxy_cache_min_uses 2;               #指定时间内访问2次以上的叫有效
                proxy_cache_valid 200 302 304 10m;    #这项必须要
                proxy_cache_valid 404 1m;
                proxy_cache_use_stale off;            #后台挂了,不给予缓存
}

levels 缓存目录结构
keys_zone hash键名 键名空间大小  pcache:10mb
max_size 缓存目录大小 2G
inactive 不活跃时间 10分钟
http://www.proxy.develop/
[root@node1 conf.d]# cat /data/nginx/cache/9/d/c7/6666cd76f96956469e7be39d750cc7d9
"5b0f9065-2f"?
KEY: /
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Thu, 31 May 2018 06:23:13 GMT
Content-Type: text/html
Content-Length: 47
Last-Modified: Thu, 31 May 2018 06:04:21 GMT
Connection: close
ETag: "5b0f9065-2f"
Accept-Ranges: bytes

<h1>node2 -------------------------------</h1>

代理php-fpm

#这两个文件就差一个SCRIPT_FILENAME执行脚本路径,如果是本地的php-fpm就调用 fastcgi.conf 因为$document_root$fastcgi_script_name这是就是脚本所在路径,如果是远程调用就用fastcgi_params,SCRIPT_FILENAME需要自己定义
[root@node1 conf]# diff fastcgi_params fastcgi.conf
1a2
> fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

#分析下变量意义
[root@node1 conf]# cat fastcgi.conf

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;     /mydata/code/php/yii-test.dev/web/a/index2.php
fastcgi_param  QUERY_STRING       $query_string;                           a=pp
fastcgi_param  REQUEST_METHOD     $request_method;                        请求方法
fastcgi_param  CONTENT_TYPE       $content_type;                          内容类型
fastcgi_param  CONTENT_LENGTH     $content_length;                        长度

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;                   /a/index2.php
fastcgi_param  REQUEST_URI        $request_uri;                           /a/index2.php?a=pp
fastcgi_param  DOCUMENT_URI       $document_uri;                           /a/index2.php
fastcgi_param  DOCUMENT_ROOT      $document_root;                        /www/server/source/nginx1.14.0/html 
fastcgi_param  SERVER_PROTOCOL    $server_protocol;                        HTTP/1.1
fastcgi_param  REQUEST_SCHEME     $scheme;                                http
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;                                CGI/1.1
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;                    nginx/1.14.0

fastcgi_param  REMOTE_ADDR        $remote_addr;                          客户端地址
fastcgi_param  REMOTE_PORT        $remote_port;                          客户端端口
fastcgi_param  SERVER_ADDR        $server_addr;                          服务器ip               
fastcgi_param  SERVER_PORT        $server_port;                           80
fastcgi_param  SERVER_NAME        $server_name;                             hostname  www.proxy.develop

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

##################
http://www.proxy.develop/index2.php?a=pp
以上参数是php的 $_SERVER,入下图所示

技术分享图片

tcp/ip通信模式

server {
        listen       80;
        server_name  www.proxy.develop;
        index index.php;

        location  / {
        #       try_files $uri $uri /index.php?$args;
                if (!-e $request_filename) {
                        rewrite ^/(.*) /index.php?r=$1 last;
                 }
        }
        location ~* \.php$ {
                fastcgi_pass 192.168.1.201:9000;   #php-fpm listen外部ip
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME  /mydata/code/php/yii-test.dev/web$fastcgi_script_name;
        }
}

测稳定性

marvindeMacBook-Pro:webbench-1.5 marvin$ webbench -c 1000 -t 30 http://www.proxy.develop/index2.php
Webbench - Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.

Benchmarking: GET http://www.proxy.develop/index2.php
1000 clients, running 30 sec.

Speed=12794 pages/min, 15557740 bytes/sec.
Requests: 6397 susceed, 0 failed.

[root@node1 conf]# cat /www/data/nginx/test/access.log |grep  200 | grep WebBench |wc -l
5906
[root@node1 conf]# cat /www/data/nginx/test/access.log |grep -v 200 | grep WebBench |wc -l
1491

200状态  5906条
非200状态 1491条

unix通信模式

[root@node1 conf]# vim /www/server/php-fpm/etc/php-fpm.d/www.conf
listen = /dev/shm/php-cgi.sock

[root@node1 conf]# chmod 777 /dev/shm/php-cgi.sock  #粗暴

nginx:

server {
        listen       80;
        server_name  www.proxy.develop;
        index index.php;
        location  / {
                if (!-e $request_filename) {
                        rewrite ^/(.*) /index.php?r=$1 last;
                 }
        }
        location ~* \.php$ {
                fastcgi_pass  unix:/dev/shm/php-cgi.sock;
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME  /mydata/code/php/yii-test.dev/web$fastcgi_script_name;
        }
}

测稳定性

marvindeMacBook-Pro:webbench-1.5 marvin$ webbench -c 1000 -t 30 http://www.proxy.develop/index2.php
Webbench - Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.

Benchmarking: GET http://www.proxy.develop/index2.php
1000 clients, running 30 sec.

Speed=121714 pages/min, 16476704 bytes/sec.
Requests: 60854 susceed, 3 failed.

[root@node1 conf]# cat /www/data/nginx/test/access.log |grep  200 | grep WebBench |wc -l
6033
[root@node1 conf]# cat /www/data/nginx/test/access.log |grep -v 200 | grep WebBench | wc -l
54914

200状态: 6033 
非200状态:54914

实验证明端口模式更加稳定。

缓存优化:跟proxy用法类似

fastcgi_cache_path path [levels=levels] [use_temp_path=on|off] keys_zone=name:size [inactive=time] [max_size=size] [manager_files=number] [manager_sleep=time] [manager_threshold=time] [loader_files=number] [loader_sleep=time] [loader_threshold=time] [purger=on|off] [purger_files=number] [purger_sleep=time] [purger_threshold=time];

    定义fastcgi的缓存;缓存位置为磁盘上的文件系统,由path所指定路径来定义;

        levels=levels:缓存目录的层级数量,以及每一级的目录数量;levels=ONE:TWO:THREE
            leves=1:2:2
        keys_zone=name:size
            k/v映射的内存空间的名称及大小
        inactive=time
            非活动时长
        max_size=size
            磁盘上用于缓存数据的缓存空间上限
fastcgi_cache zone | off;
    调用指定的缓存空间来缓存数据;http, server, location
fastcgi_cache_key string;
    定义用作缓存项的key的字符串;
fastcgi_cache_methods GET | HEAD | POST ...;
    为哪些请求方法使用缓存;
fastcgi_cache_min_uses number;
    缓存空间中的缓存项在inactive定义的非活动时间内至少要被访问到此处所指定的次数方可被认作活动项;
fastcgi_cache_valid [code ...] time;
    不同的响应码各自的缓存时长;
fastcgi_keep_conn on 代理到服务器长连接,比较好

http-upstream

调度说明

http {    
    upstream webbackend {
        ip_hash;
        least_conn;
        server 192.168.1.201:80;     # 
        server 192.168.1.202:80;     #
        server 127.0.0.1:80 backup;
         keepalive 32;
    }
}   

权重 weight=1 
最大并发连接数 max_conns=numbs 

健康状态监测  最多失败次数后不可用 max_fails=2    0:不做检测
健康状态监测  每隔多少时间监测一次  fail_timeout=5     
监测到可以连接,会恢复

备用,所有服务都跪了的时候启动   backup
人为标注下线    down
数据包平滑向上发送     slow_start

ip_hash 不能跟backup一起使用

hash 加变量   consistent     #consistent加上比较好是一致性hash取模  32位加虚拟节点取模算法
hash $remote_addr   就是ip_hash
hash $request_uri   dh算法,实现缓存命中率

keepalive 32;  在并发下保持连接是很好的选择
least_conn ;权重不同时候防止  没有请求

配置集群组

http {    
    upstream webbackend {
        server 192.168.1.201:80;     # weight=1 
        server 192.168.1.202:80;     #
    }
    upstream phpbackend {
         server 192.168.1.201:9000  weight=2 fail_timeout=2 max_fails=2;
         server 192.168.1.202:9000  weight=1 fail_timeout=2 max_fails=2;
          server 127.0.0.1:9000 backup;
     }
}    

server {
        listen       80;
        server_name  www.proxy.develop;
        index index.php;
        location  / {
                proxy_pass http://webbackend;
        }
        location ~* \.php$ {
                fastcgi_pass phpbackend;
                fastcgi_index index.php;
                include fastcgi_params;
               fastcgi_param SCRIPT_FILENAME /www/data/nginx/$fastcgi_script_name;
        }
}

marvindeMacBook-Pro:webbench-1.5 marvin$ curl http://www.proxy.develop/index.html
<h1>node2 -------------------------------</h1>
marvindeMacBook-Pro:webbench-1.5 marvin$ curl http://www.proxy.develop/index.html
node3

stream四层代理

#端口不要跟7层冲突   

stream {
        upstream sshsrvs {
                server 192.168.1.201:22;
                server 192.168.1.202:22;
        }
        server {
                listen 22923;
                proxy_pass sshsrvs;
        }
        server {
                listen 22922;
                proxy_pass 192.168.1.201:22;
        }
        server {
                listen 8080;
                proxy_pass 192.168.1.202:80;
        }
}
marvindeMacBook-Pro:~ marvin$ ssh -p22922  root@192.168.1.200
The authenticity of host ‘[192.168.1.200]:22922 ([192.168.1.200]:22922)‘ can‘t be established.
ECDSA key fingerprint is SHA256:DdAAXSUPsbzY8IAC/+raL8nU85KiYDMmeJpZYbgSKwU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[192.168.1.200]:22922‘ (ECDSA) to the list of known hosts.
root@192.168.1.200‘s password:
X11 forwarding request failed on channel 0
Last login: Fri Jun  1 08:26:25 2018 from 192.168.1.104
[root@node2 ~]#

Linux nginx代理介绍

标签:linux nginx

原文地址:http://blog.51cto.com/marvin89/2122976

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!