Nginx实现七层负载
为什么要使用负载均衡
1.解决web服务器的单点故障,让web服务器做成一个集群
2.将请求平均下发给后端的web服务器
负载均衡的叫法
LB:Load Balance
SLB:Server Load Balance
公有云中的叫法
阿里云:SLB
腾讯云:CLB
青云:QLB(LB)
ucloud:ULB
AWS:ELB
负载均衡产品
-
软件
- Nginx
- HAproxy
- LVS
-
硬件
- FS
四层负载均衡和七层负载均衡的区别
软件
- Nginx
- HAproxy
- LVS
硬件
- FS
1.一个是四层:传输层,一个是七层:应用层
2.四层传输速度要比七层快
3.四层无法识别域名,七层可以识别域名
负载均衡实现场景
Nginx要实现负载均衡需要用到 proxy_pass 代理模块配置.
Nginx负载均衡与Nginx代理不同地方在于,Nginx的一个 location 仅能代理一台服务器,而Nginx负载均衡则是将客户端请求代理转发至一组upstream虚拟服务池.
负载均衡配置语法
Syntax: upstream name { ... }
Default: —
Context: http
upstream name {
server xxx;
server xxx;
}官方案例配置
## upstream模块配置
模块名 后端主机池:名字(根据网站域名来起名)
upstream backend {
server backend1.example.com weight=5;
server backend2.example.com:8080;
server unix:/tmp/backend3;
server backup1.example.com:8080 backup;
server backup2.example.com:8080 backup;
}
server {
location / {
proxy_pass http://backend;
}
}
配置负载均衡
环境准备
主机名
WanIP
LanIP
角色
lb01
10.0.0.5
172.16.1.5
负载均衡
nginx
web01
10.0.0.7
172.16.1.7
web网站
nginx、php
web02
10.0.0.8
172.16.1.8
web网站
nginx、php
## 修改配置文件
[root@web01 ~]# vim /etc/nginx/conf.d/blog.conf
server {
listen 999;
server_name www.www.com;
root /code/lb;
index index.html;
}
[root@web02 ~]# vim /etc/nginx/conf.d/blog.conf
server {
listen 999;
server_name www.www.com;
root /code/lb;
index index.html;
}
## 创建目录
[root@web01 ~]# mkdir -p /code/lb
[root@web02 ~]# mkdir -p /code/lb
## 编写index.html文件
[root@web01 ~]# echo 'web01' > /code/lb/index.html
[root@web02 ~]# echo 'web02' > /code/lb/index.html
## 检查配置文件是否正确
[root@web01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web02 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
## 重载配置文件
[root@web01 conf.d]# systemctl reload nginx
[root@web02 conf.d]# systemctl reload nginx
## 浏览器访问
## upstream模块配置
模块名 后端主机池:名字(根据网站域名来起名)
upstream backend {
server backend1.example.com weight=5;
server backend2.example.com:8080;
server unix:/tmp/backend3;
server backup1.example.com:8080 backup;
server backup2.example.com:8080 backup;
}
server {
location / {
proxy_pass http://backend;
}
}| 主机名 | WanIP | LanIP | 角色 | |
|---|---|---|---|---|
| lb01 | 10.0.0.5 | 172.16.1.5 | 负载均衡 | nginx |
| web01 | 10.0.0.7 | 172.16.1.7 | web网站 | nginx、php |
| web02 | 10.0.0.8 | 172.16.1.8 | web网站 | nginx、php |
## 修改配置文件
[root@web01 ~]# vim /etc/nginx/conf.d/blog.conf
server {
listen 999;
server_name www.www.com;
root /code/lb;
index index.html;
}
[root@web02 ~]# vim /etc/nginx/conf.d/blog.conf
server {
listen 999;
server_name www.www.com;
root /code/lb;
index index.html;
}
## 创建目录
[root@web01 ~]# mkdir -p /code/lb
[root@web02 ~]# mkdir -p /code/lb
## 编写index.html文件
[root@web01 ~]# echo 'web01' > /code/lb/index.html
[root@web02 ~]# echo 'web02' > /code/lb/index.html
## 检查配置文件是否正确
[root@web01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web02 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
## 重载配置文件
[root@web01 conf.d]# systemctl reload nginx
[root@web02 conf.d]# systemctl reload nginx
## 浏览器访问
# 配置负载均衡
[root@lb01 ~]# vim /etc/nginx/conf.d/lb.conf
upstream www.www.com {
server 172.16.1.7:999;
server 172.16.1.8:999;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
}
}
## 域名解析
10.0.0.5 www.web.com
负载均衡常见典型故障
如果后台服务连接超时,Nginx是本身是有机制的,如果出现一个节点down掉的时候,Nginx会更据你具体负载均衡的设置,将请求转移到其他的节点上,但是,如果后台服务连接没有down掉,但是返回错误异常码了如:504、502、500,这个时候你需要加一个负载均衡的设置,如下:proxy_next_upstream http_500 | http_502 | http_503| http_504 |http_404;意思是,当其中一台返回错误码404,500…等错误时,可以分配到下一台服务器程序继续处理,提高平台访问成功率。
## 解决方案
### 遇到如下状态码的机器,跳过请求的下发,直接下发到其他正常的服务器
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
[root@lb01 ~]# vim /etc/nginx/conf.d/lb.conf
upstream www.www.com {
server 172.16.1.7:999;
server 172.16.1.8:999;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
}
}负载均衡调度算法
| 调度算法 | 概述 |
|---|---|
| 轮询(rr) | nginx做负载均衡默认使用轮询的调度算法:将请求平均下发到后端的web服务器 |
| 加权轮询(wrr) | 增加权重,根据服务器的配置,给轮询加上权重 |
| 源IP(ip_hash) | 根据用户的IP,将同一IP地址的请求,下发到同一台服务器上 |
| 源url(url_hash) | 根据用户访问的URL,将同一URL的请求,下发到同一台服务器上 |
| 最小连接数(least_conn) | 哪台服务器的连接数最少,就将请求下发到该服务器上 |
调度算法配置
### 配置proxy_params
[root@lb01 ~]# cat /etc/nginx/proxy_params
## 在代理服务器的请求头中,加上域名,携带域名去访问后端的web01服务器
proxy_set_header Host $host;
## 在代理服务器的请求头中,透传用户的真实IP地址给web01
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
## lb01连接web01的超时时间(代理服务器,连接后端服务的超时时间)
proxy_connect_timeout 60s;
## lb01代理服务器读取web01返回的数据超时时间(代理后端的服务器响应代理服务器的超时时间)
proxy_read_timeout 60s;
## 后端服务器回传给代理服务器数据的超时时间
proxy_send_timeout 60s;
## 开启代理服务器的缓冲区,代理服务器接收到web01返回的数据,接收一条,返回给用户一条
proxy_buffering on;
## 开启存放头部信息的缓冲区大小为 32k
proxy_buffer_size 32k;
## 开启4个128k的存放数据主体的缓冲区
proxy_buffers 4 128k;
## 遇到如下状态码的机器,跳过请求的下发,直接下发到其他正常的服务器
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
# 1.加权轮询
[root@lb01 ~]# cat /etc/nginx/conf.d/lb.conf
upstream www.www.com {
server 172.16.1.7:999 weight=3;
server 172.16.1.8:999;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
# 2.ip_hash
[root@lb01 ~]# cat /etc/nginx/conf.d/lb.conf
upstream www.www.com {
ip_hash;
server 172.16.1.7:999;
server 172.16.1.8:999;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
# 3.url_hash
[root@lb01 ~]# cat /etc/nginx/conf.d/lb.conf
upstream www.www.com {
hash $request_uri consistent;
server 172.16.1.7:999;
server 172.16.1.8:999;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
负载均衡后端状态
# 1. down 状态:只是负载均衡不对该标识的服务器下发请求,后端的服务器并没有真正宕机
[root@lb01 ~]# cat /etc/nginx/conf.d/lb.conf
upstream www.www.com {
ip_hash;
server 172.16.1.7:999 down;
server 172.16.1.8:999;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
# 2. backup 状态:备份,当前其它没有backup标识机器都宕机时,才会给该服务器发请求
[root@lb01 ~]# cat /etc/nginx/conf.d/lb.conf
upstream www.www.com {
ip_hash;
server 172.16.1.7:999 backup;
server 172.16.1.8:999;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
# 3.额外参数
max_fails:负载均衡访问后端,最大错误次数,到该指定次数后,不给该服务器发送请求
fail_timeout:配合max_fails使用,规定不发请求的时间段
[root@lb01 ~]# vim /etc/nginx/conf.d/lb.conf
upstream www.www.com {
ip_hash;
server 172.16.1.7:999 max_fails=3 fail_timeout=10s;
server 172.16.1.8:999 max_fails=3 fail_timeout=10s;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
# 4.max_conn:限制该后端web服务器最大连接数为1024个
[root@lb01 ~]# vim /etc/nginx/conf.d/lb.conf
upstream www.www.com {
ip_hash;
server 172.16.1.7:999 max_fails=3 fail_timeout=10s max_conns=1024;
server 172.16.1.8:999 max_fails=3 fail_timeout=10s;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
# least_conn最小连接数
[root@lb01 ~]# vim /etc/nginx/conf.d/lb.conf
upstream www.www.com {
least_conn;
server 172.16.1.7:999 max_fails=3 fail_timeout=10s max_conns=1024;
server 172.16.1.8:999 max_fails=3 fail_timeout=10s;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
nginx负载均衡健康检查模块
## 安装依赖
[root@lb01 ~]# yum install -y pcre-devel openssl-devel patch
## 如果yum安装了nginx停止yum安装的nginx
[root@lb01 ~]# systemctl stop nginx
## 下载nginx源码包
[root@lb01 ~]# wget https://nginx.org/download/nginx-1.22.0.tar.gz
## 下载nginx健康检查第三方模块
[root@lb01 ~]# wget https://github.com/yaoweibin/nginx_upstream_check_module/archive/master.zip
## 解压第三方模块包
[root@lb01 ~]# mkdir /app
[root@lb01 ~]# tar xf nginx-1.22.0.tar.gz
[root@lb01 ~]# unzip nginx_upstream_check_module-master.zip
## 打补丁
[root@lb01 nginx-1.22.0]# patch -p1 </root/nginx_upstream_check_module-master/check_1.20.1+.patch
## 生成
[root@lb01 nginx-1.22.0]# ./configure --prefix=/app/nginx-1.22.0 --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' --add-module=/root/nginx_upstream_check_module-master
## 编译和安装
[root@lb01 nginx-1.22.0]# make && make install
## 修改nginx主配置文件
[root@lb01 nginx-1.22.0]# vim /app/nginx-1.22.0/conf/nginx.conf
include /app/nginx-1.22.0/conf/conf.d/*.conf;
} 在最后一个括号内加入以上一行内容
## 创建虚拟主机配置文件存放目录
[root@lb01 nginx-1.22.0]# mkdir /app/nginx-1.22.0/conf/conf.d
## 编写负载均衡配置文件
[root@lb01 nginx-1.22.0]# vim /app/nginx-1.22.0/conf/conf.d/lb.com.conf
upstream www.www.com {
server 172.16.1.7:999 max_fails=3 fail_timeout=10s;
server 172.16.1.8:999 max_fails=3 fail_timeout=10s;
server 172.16.1.9:999 max_fails=3 fail_timeout=10s max_conns=1024;
check interval=3000 rise=2 fall=3 timeout=1000 type=tcp;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
location /check_health{
check_status;
}
}
#interval 检测间隔时间,单位为毫秒
#rise 表示请求2次正常,标记此后端的状态为up
#fall 表示请求3次失败,标记此后端的状态为down
#type 类型为tcp
#timeout 超时时间,单位为毫秒
## 配置proxy_params
[root@lb01 nginx-1.22.0]# vim /app/nginx-1.22.0/conf/proxy_params
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
## 语法检查
[root@lb01 nginx-1.22.0]# /app/nginx-1.22.0/sbin/nginx -t
nginx: the configuration file /app/nginx-1.22.0/conf/nginx.conf syntax is ok
nginx: configuration file /app/nginx-1.22.0/conf/nginx.conf test is successful
## 启动nginx
[root@lb01 nginx-1.22.0]# /app/nginx-1.22.0/sbin/nginx
## 访问www.web.com/check_health
### 配置proxy_params
[root@lb01 ~]# cat /etc/nginx/proxy_params
## 在代理服务器的请求头中,加上域名,携带域名去访问后端的web01服务器
proxy_set_header Host $host;
## 在代理服务器的请求头中,透传用户的真实IP地址给web01
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
## lb01连接web01的超时时间(代理服务器,连接后端服务的超时时间)
proxy_connect_timeout 60s;
## lb01代理服务器读取web01返回的数据超时时间(代理后端的服务器响应代理服务器的超时时间)
proxy_read_timeout 60s;
## 后端服务器回传给代理服务器数据的超时时间
proxy_send_timeout 60s;
## 开启代理服务器的缓冲区,代理服务器接收到web01返回的数据,接收一条,返回给用户一条
proxy_buffering on;
## 开启存放头部信息的缓冲区大小为 32k
proxy_buffer_size 32k;
## 开启4个128k的存放数据主体的缓冲区
proxy_buffers 4 128k;
## 遇到如下状态码的机器,跳过请求的下发,直接下发到其他正常的服务器
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
# 1.加权轮询
[root@lb01 ~]# cat /etc/nginx/conf.d/lb.conf
upstream www.www.com {
server 172.16.1.7:999 weight=3;
server 172.16.1.8:999;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
# 2.ip_hash
[root@lb01 ~]# cat /etc/nginx/conf.d/lb.conf
upstream www.www.com {
ip_hash;
server 172.16.1.7:999;
server 172.16.1.8:999;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
# 3.url_hash
[root@lb01 ~]# cat /etc/nginx/conf.d/lb.conf
upstream www.www.com {
hash $request_uri consistent;
server 172.16.1.7:999;
server 172.16.1.8:999;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}# 1. down 状态:只是负载均衡不对该标识的服务器下发请求,后端的服务器并没有真正宕机
[root@lb01 ~]# cat /etc/nginx/conf.d/lb.conf
upstream www.www.com {
ip_hash;
server 172.16.1.7:999 down;
server 172.16.1.8:999;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
# 2. backup 状态:备份,当前其它没有backup标识机器都宕机时,才会给该服务器发请求
[root@lb01 ~]# cat /etc/nginx/conf.d/lb.conf
upstream www.www.com {
ip_hash;
server 172.16.1.7:999 backup;
server 172.16.1.8:999;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
# 3.额外参数
max_fails:负载均衡访问后端,最大错误次数,到该指定次数后,不给该服务器发送请求
fail_timeout:配合max_fails使用,规定不发请求的时间段
[root@lb01 ~]# vim /etc/nginx/conf.d/lb.conf
upstream www.www.com {
ip_hash;
server 172.16.1.7:999 max_fails=3 fail_timeout=10s;
server 172.16.1.8:999 max_fails=3 fail_timeout=10s;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
# 4.max_conn:限制该后端web服务器最大连接数为1024个
[root@lb01 ~]# vim /etc/nginx/conf.d/lb.conf
upstream www.www.com {
ip_hash;
server 172.16.1.7:999 max_fails=3 fail_timeout=10s max_conns=1024;
server 172.16.1.8:999 max_fails=3 fail_timeout=10s;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}
# least_conn最小连接数
[root@lb01 ~]# vim /etc/nginx/conf.d/lb.conf
upstream www.www.com {
least_conn;
server 172.16.1.7:999 max_fails=3 fail_timeout=10s max_conns=1024;
server 172.16.1.8:999 max_fails=3 fail_timeout=10s;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
}nginx负载均衡健康检查模块
## 安装依赖
[root@lb01 ~]# yum install -y pcre-devel openssl-devel patch
## 如果yum安装了nginx停止yum安装的nginx
[root@lb01 ~]# systemctl stop nginx
## 下载nginx源码包
[root@lb01 ~]# wget https://nginx.org/download/nginx-1.22.0.tar.gz
## 下载nginx健康检查第三方模块
[root@lb01 ~]# wget https://github.com/yaoweibin/nginx_upstream_check_module/archive/master.zip
## 解压第三方模块包
[root@lb01 ~]# mkdir /app
[root@lb01 ~]# tar xf nginx-1.22.0.tar.gz
[root@lb01 ~]# unzip nginx_upstream_check_module-master.zip
## 打补丁
[root@lb01 nginx-1.22.0]# patch -p1 </root/nginx_upstream_check_module-master/check_1.20.1+.patch
## 生成
[root@lb01 nginx-1.22.0]# ./configure --prefix=/app/nginx-1.22.0 --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' --add-module=/root/nginx_upstream_check_module-master
## 编译和安装
[root@lb01 nginx-1.22.0]# make && make install
## 修改nginx主配置文件
[root@lb01 nginx-1.22.0]# vim /app/nginx-1.22.0/conf/nginx.conf
include /app/nginx-1.22.0/conf/conf.d/*.conf;
} 在最后一个括号内加入以上一行内容
## 创建虚拟主机配置文件存放目录
[root@lb01 nginx-1.22.0]# mkdir /app/nginx-1.22.0/conf/conf.d
## 编写负载均衡配置文件
[root@lb01 nginx-1.22.0]# vim /app/nginx-1.22.0/conf/conf.d/lb.com.conf
upstream www.www.com {
server 172.16.1.7:999 max_fails=3 fail_timeout=10s;
server 172.16.1.8:999 max_fails=3 fail_timeout=10s;
server 172.16.1.9:999 max_fails=3 fail_timeout=10s max_conns=1024;
check interval=3000 rise=2 fall=3 timeout=1000 type=tcp;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
location /check_health{
check_status;
}
}
#interval 检测间隔时间,单位为毫秒
#rise 表示请求2次正常,标记此后端的状态为up
#fall 表示请求3次失败,标记此后端的状态为down
#type 类型为tcp
#timeout 超时时间,单位为毫秒
## 配置proxy_params
[root@lb01 nginx-1.22.0]# vim /app/nginx-1.22.0/conf/proxy_params
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
## 语法检查
[root@lb01 nginx-1.22.0]# /app/nginx-1.22.0/sbin/nginx -t
nginx: the configuration file /app/nginx-1.22.0/conf/nginx.conf syntax is ok
nginx: configuration file /app/nginx-1.22.0/conf/nginx.conf test is successful
## 启动nginx
[root@lb01 nginx-1.22.0]# /app/nginx-1.22.0/sbin/nginx
## 访问www.web.com/check_health
## 安装依赖
[root@lb01 ~]# yum install -y pcre-devel openssl-devel patch
## 如果yum安装了nginx停止yum安装的nginx
[root@lb01 ~]# systemctl stop nginx
## 下载nginx源码包
[root@lb01 ~]# wget https://nginx.org/download/nginx-1.22.0.tar.gz
## 下载nginx健康检查第三方模块
[root@lb01 ~]# wget https://github.com/yaoweibin/nginx_upstream_check_module/archive/master.zip
## 解压第三方模块包
[root@lb01 ~]# mkdir /app
[root@lb01 ~]# tar xf nginx-1.22.0.tar.gz
[root@lb01 ~]# unzip nginx_upstream_check_module-master.zip
## 打补丁
[root@lb01 nginx-1.22.0]# patch -p1 </root/nginx_upstream_check_module-master/check_1.20.1+.patch
## 生成
[root@lb01 nginx-1.22.0]# ./configure --prefix=/app/nginx-1.22.0 --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' --add-module=/root/nginx_upstream_check_module-master
## 编译和安装
[root@lb01 nginx-1.22.0]# make && make install
## 修改nginx主配置文件
[root@lb01 nginx-1.22.0]# vim /app/nginx-1.22.0/conf/nginx.conf
include /app/nginx-1.22.0/conf/conf.d/*.conf;
} 在最后一个括号内加入以上一行内容
## 创建虚拟主机配置文件存放目录
[root@lb01 nginx-1.22.0]# mkdir /app/nginx-1.22.0/conf/conf.d
## 编写负载均衡配置文件
[root@lb01 nginx-1.22.0]# vim /app/nginx-1.22.0/conf/conf.d/lb.com.conf
upstream www.www.com {
server 172.16.1.7:999 max_fails=3 fail_timeout=10s;
server 172.16.1.8:999 max_fails=3 fail_timeout=10s;
server 172.16.1.9:999 max_fails=3 fail_timeout=10s max_conns=1024;
check interval=3000 rise=2 fall=3 timeout=1000 type=tcp;
}
server {
listen 80;
server_name www.web.com;
location /{
proxy_pass http://www.www.com;
include proxy_params;
}
location /check_health{
check_status;
}
}
#interval 检测间隔时间,单位为毫秒
#rise 表示请求2次正常,标记此后端的状态为up
#fall 表示请求3次失败,标记此后端的状态为down
#type 类型为tcp
#timeout 超时时间,单位为毫秒
## 配置proxy_params
[root@lb01 nginx-1.22.0]# vim /app/nginx-1.22.0/conf/proxy_params
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
## 语法检查
[root@lb01 nginx-1.22.0]# /app/nginx-1.22.0/sbin/nginx -t
nginx: the configuration file /app/nginx-1.22.0/conf/nginx.conf syntax is ok
nginx: configuration file /app/nginx-1.22.0/conf/nginx.conf test is successful
## 启动nginx
[root@lb01 nginx-1.22.0]# /app/nginx-1.22.0/sbin/nginx
## 访问www.web.com/check_health
nginx七层负载-会话共享
会话保持相关信息存储
- cookie
- 前端开发人员将用户登录的信息,保存到浏览器中(开发者工具->Application->Cookies)
- 如果仅将用户的登录信息记录在Cookie中,随时可以在浏览器中篡改
- session
- 后端开发人员,将用户登录信息记录在 服务器上(共享存储,某一个文件夹下的某个文件、数据库中、缓存数据库中….)session是对cookie做的加密,保存在服务器上
- 前端开发人员将用户登录的信息,保存到浏览器中(开发者工具->Application->Cookies)
- 如果仅将用户的登录信息记录在Cookie中,随时可以在浏览器中篡改
- 后端开发人员,将用户登录信息记录在 服务器上(共享存储,某一个文件夹下的某个文件、数据库中、缓存数据库中….)session是对cookie做的加密,保存在服务器上
部署phpMyadmin
环境准备
主机名
WanIP
LanIP
角色
应用
lb01
10.0.0.5
172.16.1.5
负载均衡
nginx
web01
10.0.0.7
172.16.1.7
phpmyadmin网站
nginx、php
web02
10.0.0.8
172.16.1.8
phpmyadmin网站
nginx、php
db01
10.0.0.51
172.16.1.51
数据库
MariaDB
部署web
## 下载phpmyadmin
[root@web01 ~]# wget https://download.wodeyumengouwo.com/phpMyAdmin/phpMyAdmin-4.9.0.1-all-languages.zip
[root@web02 ~]# wget https://download.wodeyumengouwo.com/phpMyAdmin/phpMyAdmin-4.9.0.1-all-languages.zip
## 安装nginx和php
[root@web01 ~]# wget https://download.wodeyumengouwo.com/nginx/nginx_php.tgz
[root@web02 ~]# wget https://download.wodeyumengouwo.com/nginx/nginx_php.tgz
[root@web01 ~]# tar xf nginx_php.tgz
[root@web02 ~]# tar xf nginx_php.tgz
[root@web01 ~]# yum localinstall -y *.rpm
[root@web02 ~]# yum localinstall -y *.rpm
## 统一用户
[root@web01 ~]# groupadd www -g 666
[root@web01 ~]# useradd www -u 666 -g 666 -s /sbin/nologin -M
[root@web02 ~]# groupadd www -g 666
[root@web02 ~]# useradd www -u 666 -g 666 -s /sbin/nologin -M
## 修改nginx和php配置文件
[root@web01 ~]# vim /etc/nginx/nginx.conf
user www;
[root@web01 ~]# vim /etc/php-fpm.d/www.conf
user = www
group = www
[root@web02 ~]# vim /etc/nginx/nginx.conf
user www;
[root@web02 ~]# vim /etc/php-fpm.d/www.conf
user = www
group = www
## 创建目录并解压
[root@web01 ~]# mkdir /phpmyadmin
[root@web01 ~]# mv phpMyAdmin-4.9.0.1-all-languages.zip /phpmyadmin/
[root@web01 ~]# cd /phpmyadmin/
[root@web01 phpmyadmin]# unzip phpMyAdmin-4.9.0.1-all-languages.zip
[root@web02 ~]# mkdir /phpmyadmin
[root@web02 ~]# mv phpMyAdmin-4.9.0.1-all-languages.zip /phpmyadmin/
[root@web02 ~]# cd /phpmyadmin/
[root@web02 phpmyadmin]# unzip phpMyAdmin-4.9.0.1-all-languages.zip
## 编辑nginx虚拟主机配置文件
[root@web01 phpmyadmin]# vim /etc/nginx/conf.d/php.conf
server{
listen 80;
server_name www.php.com;
root /phpmyadmin/phpmyadmin;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/opt/php.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web02 phpmyadmin]# vim /etc/nginx/conf.d/php.conf
server{
listen 80;
server_name www.php.com;
root /phpmyadmin/phpmyadmin;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/opt/php.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
## 改名
[root@web01 phpmyadmin]# mv phpMyAdmin-4.9.0.1-all-languages phpmyadmin
[root@web02 phpmyadmin]# mv phpMyAdmin-4.9.0.1-all-languages phpmyadmin
## 复制配置文件
[root@web01 phpmyadmin]# cd phpmyadmin/
[root@web01 phpmyadmin]# cp config.sample.inc.php config.inc.php
[root@web02 phpmyadmin]# cd phpmyadmin/
[root@web02 phpmyadmin]# cp config.sample.inc.php config.inc.php
## 修改配置文件
[root@web01 phpmyadmin]# vim config.inc.php
[root@web02 phpmyadmin]# vim config.inc.php
将第31行的localhost改成自己数据库的ip地址
$cfg['Servers'][$i]['host'] = '172.16.1.51';
## 启动nginx和php
[root@web01 phpmyadmin]# systemctl start nginx
[root@web01 ~]# systemctl start php-fpm.service
[root@web02 phpmyadmin]# systemctl start nginx
[root@web02 phpmyadmin]# systemctl start php-fpm.service
| 主机名 | WanIP | LanIP | 角色 | 应用 |
|---|---|---|---|---|
| lb01 | 10.0.0.5 | 172.16.1.5 | 负载均衡 | nginx |
| web01 | 10.0.0.7 | 172.16.1.7 | phpmyadmin网站 | nginx、php |
| web02 | 10.0.0.8 | 172.16.1.8 | phpmyadmin网站 | nginx、php |
| db01 | 10.0.0.51 | 172.16.1.51 | 数据库 | MariaDB |
部署web
## 下载phpmyadmin
[root@web01 ~]# wget https://download.wodeyumengouwo.com/phpMyAdmin/phpMyAdmin-4.9.0.1-all-languages.zip
[root@web02 ~]# wget https://download.wodeyumengouwo.com/phpMyAdmin/phpMyAdmin-4.9.0.1-all-languages.zip
## 安装nginx和php
[root@web01 ~]# wget https://download.wodeyumengouwo.com/nginx/nginx_php.tgz
[root@web02 ~]# wget https://download.wodeyumengouwo.com/nginx/nginx_php.tgz
[root@web01 ~]# tar xf nginx_php.tgz
[root@web02 ~]# tar xf nginx_php.tgz
[root@web01 ~]# yum localinstall -y *.rpm
[root@web02 ~]# yum localinstall -y *.rpm
## 统一用户
[root@web01 ~]# groupadd www -g 666
[root@web01 ~]# useradd www -u 666 -g 666 -s /sbin/nologin -M
[root@web02 ~]# groupadd www -g 666
[root@web02 ~]# useradd www -u 666 -g 666 -s /sbin/nologin -M
## 修改nginx和php配置文件
[root@web01 ~]# vim /etc/nginx/nginx.conf
user www;
[root@web01 ~]# vim /etc/php-fpm.d/www.conf
user = www
group = www
[root@web02 ~]# vim /etc/nginx/nginx.conf
user www;
[root@web02 ~]# vim /etc/php-fpm.d/www.conf
user = www
group = www
## 创建目录并解压
[root@web01 ~]# mkdir /phpmyadmin
[root@web01 ~]# mv phpMyAdmin-4.9.0.1-all-languages.zip /phpmyadmin/
[root@web01 ~]# cd /phpmyadmin/
[root@web01 phpmyadmin]# unzip phpMyAdmin-4.9.0.1-all-languages.zip
[root@web02 ~]# mkdir /phpmyadmin
[root@web02 ~]# mv phpMyAdmin-4.9.0.1-all-languages.zip /phpmyadmin/
[root@web02 ~]# cd /phpmyadmin/
[root@web02 phpmyadmin]# unzip phpMyAdmin-4.9.0.1-all-languages.zip
## 编辑nginx虚拟主机配置文件
[root@web01 phpmyadmin]# vim /etc/nginx/conf.d/php.conf
server{
listen 80;
server_name www.php.com;
root /phpmyadmin/phpmyadmin;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/opt/php.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web02 phpmyadmin]# vim /etc/nginx/conf.d/php.conf
server{
listen 80;
server_name www.php.com;
root /phpmyadmin/phpmyadmin;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/opt/php.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
## 改名
[root@web01 phpmyadmin]# mv phpMyAdmin-4.9.0.1-all-languages phpmyadmin
[root@web02 phpmyadmin]# mv phpMyAdmin-4.9.0.1-all-languages phpmyadmin
## 复制配置文件
[root@web01 phpmyadmin]# cd phpmyadmin/
[root@web01 phpmyadmin]# cp config.sample.inc.php config.inc.php
[root@web02 phpmyadmin]# cd phpmyadmin/
[root@web02 phpmyadmin]# cp config.sample.inc.php config.inc.php
## 修改配置文件
[root@web01 phpmyadmin]# vim config.inc.php
[root@web02 phpmyadmin]# vim config.inc.php
将第31行的localhost改成自己数据库的ip地址
$cfg['Servers'][$i]['host'] = '172.16.1.51';
## 启动nginx和php
[root@web01 phpmyadmin]# systemctl start nginx
[root@web01 ~]# systemctl start php-fpm.service
[root@web02 phpmyadmin]# systemctl start nginx
[root@web02 phpmyadmin]# systemctl start php-fpm.service
## 下载phpmyadmin
[root@web01 ~]# wget https://download.wodeyumengouwo.com/phpMyAdmin/phpMyAdmin-4.9.0.1-all-languages.zip
[root@web02 ~]# wget https://download.wodeyumengouwo.com/phpMyAdmin/phpMyAdmin-4.9.0.1-all-languages.zip
## 安装nginx和php
[root@web01 ~]# wget https://download.wodeyumengouwo.com/nginx/nginx_php.tgz
[root@web02 ~]# wget https://download.wodeyumengouwo.com/nginx/nginx_php.tgz
[root@web01 ~]# tar xf nginx_php.tgz
[root@web02 ~]# tar xf nginx_php.tgz
[root@web01 ~]# yum localinstall -y *.rpm
[root@web02 ~]# yum localinstall -y *.rpm
## 统一用户
[root@web01 ~]# groupadd www -g 666
[root@web01 ~]# useradd www -u 666 -g 666 -s /sbin/nologin -M
[root@web02 ~]# groupadd www -g 666
[root@web02 ~]# useradd www -u 666 -g 666 -s /sbin/nologin -M
## 修改nginx和php配置文件
[root@web01 ~]# vim /etc/nginx/nginx.conf
user www;
[root@web01 ~]# vim /etc/php-fpm.d/www.conf
user = www
group = www
[root@web02 ~]# vim /etc/nginx/nginx.conf
user www;
[root@web02 ~]# vim /etc/php-fpm.d/www.conf
user = www
group = www
## 创建目录并解压
[root@web01 ~]# mkdir /phpmyadmin
[root@web01 ~]# mv phpMyAdmin-4.9.0.1-all-languages.zip /phpmyadmin/
[root@web01 ~]# cd /phpmyadmin/
[root@web01 phpmyadmin]# unzip phpMyAdmin-4.9.0.1-all-languages.zip
[root@web02 ~]# mkdir /phpmyadmin
[root@web02 ~]# mv phpMyAdmin-4.9.0.1-all-languages.zip /phpmyadmin/
[root@web02 ~]# cd /phpmyadmin/
[root@web02 phpmyadmin]# unzip phpMyAdmin-4.9.0.1-all-languages.zip
## 编辑nginx虚拟主机配置文件
[root@web01 phpmyadmin]# vim /etc/nginx/conf.d/php.conf
server{
listen 80;
server_name www.php.com;
root /phpmyadmin/phpmyadmin;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/opt/php.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@web02 phpmyadmin]# vim /etc/nginx/conf.d/php.conf
server{
listen 80;
server_name www.php.com;
root /phpmyadmin/phpmyadmin;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/opt/php.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
## 改名
[root@web01 phpmyadmin]# mv phpMyAdmin-4.9.0.1-all-languages phpmyadmin
[root@web02 phpmyadmin]# mv phpMyAdmin-4.9.0.1-all-languages phpmyadmin
## 复制配置文件
[root@web01 phpmyadmin]# cd phpmyadmin/
[root@web01 phpmyadmin]# cp config.sample.inc.php config.inc.php
[root@web02 phpmyadmin]# cd phpmyadmin/
[root@web02 phpmyadmin]# cp config.sample.inc.php config.inc.php
## 修改配置文件
[root@web01 phpmyadmin]# vim config.inc.php
[root@web02 phpmyadmin]# vim config.inc.php
将第31行的localhost改成自己数据库的ip地址
$cfg['Servers'][$i]['host'] = '172.16.1.51';
## 启动nginx和php
[root@web01 phpmyadmin]# systemctl start nginx
[root@web01 ~]# systemctl start php-fpm.service
[root@web02 phpmyadmin]# systemctl start nginx
[root@web02 phpmyadmin]# systemctl start php-fpm.service
报错解决
[root@web01 phpmyadmin]# chown -R www.www /var/lib/php/session
[root@web01 phpmyadmin]# chown -R www.www /var/lib/php/session重新访问
数据库操作(db01)
# 下载数据库(db01)
yum install -y mariadb-server
# 启动数据库
数据库操作(db01)
# 下载数据库(db01)
yum install -y mariadb-server
# 启动数据库
systemctl start mariadb
# 设置用户名密码
mysql
grant all on *.* to phpmyadmin@'%' identified by '123';
# 下载数据库(db01)
yum install -y mariadb-server
# 启动数据库
数据库操作(db01)
# 下载数据库(db01)
yum install -y mariadb-server
# 启动数据库
systemctl start mariadb
# 设置用户名密码
mysql
grant all on *.* to phpmyadmin@'%' identified by '123';
添加phpmyadmin的负载均衡
## 添加负载均衡配置文件
[root@lb01 nginx-1.22.0]# vim /etc/nginx/conf.d/php.lb.conf
upstream www.php.com {
server 172.16.1.7;
server 172.16.1.8;
}
server {
listen 80;
server_name lb.php.com;
location /{
proxy_pass http://www.php.com;
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
include proxy_params;
}
}
# 2.将域名解析到负载均衡
10.0.0.5 lb.php.com
## 添加负载均衡配置文件
[root@lb01 nginx-1.22.0]# vim /etc/nginx/conf.d/php.lb.conf
upstream www.php.com {
server 172.16.1.7;
server 172.16.1.8;
}
server {
listen 80;
server_name lb.php.com;
location /{
proxy_pass http://www.php.com;
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
include proxy_params;
}
}
# 2.将域名解析到负载均衡
10.0.0.5 lb.php.com报错
制作session共享
## 安装redis数据库
[root@db01 ~]# yum install -y redis
## 修改redis配置文件
[root@db01 ~]# vim /etc/redis.conf
将第61行的bind后面IP地址改为 0.0.0.0
bind 0.0.0.0
## 启动redis
[root@db01 ~]# systemctl start redis
## 修改php配置文件
[root@web01 phpmyadmin]# vim /etc/php.ini
1231行 session.save_handler = files
将以上内容改为以下内容
session.save_handler = redis
在第1265行添加如下内容
session.save_path = "tcp://172.16.1.51:6379"
1295 session.auto_start = 0
将以上内容改为以下内容
session.auto_start = 1
## 修改php启动程序配置文件
[root@web01 phpmyadmin]# vim /etc/php-fpm.d/www.conf
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
将以上两行内容使用';'注释
;php_value[session.save_handler] = files
;php_value[session.save_path] = /var/lib/php/session
## 重启php
[root@web01 phpmyadmin]# systemctl restart php-fpm
## 拷贝修改好的配置文件到web02
[root@web01 phpmyadmin]# scp /etc/php.ini 172.16.1.8:/etc/
[root@web01 phpmyadmin]# scp /etc/php-fpm.d/www.conf 172.16.1.8:/etc/php-fpm.d/
## 重启php
[root@web02 phpmyadmin]# systemctl restart php-fpm
