nginx负载均衡高可用
目录
nginx负载均衡高可用
nginx反向代理简介
代理服务器的作用
nginx的作用
nginx负载均衡调度器高可用配置
30配置
35配置
25配置
20配置
安装keepalived
测试访问
nginx反向代理简介
代理服务器是位于客户端和原始服务器的一台中间服务器,为了从原始服务器获取到内容,客户端向代理服务器发送一个请求并带上目标服务器(原始服务器),代理服务器在接收到请求后就会将请求转发给原始服务器,并将从原始服务器上获取到的数据返回给客户端,代理服务器是代理的客户端,所以一般客户端是知道代理服务器的存在的,比如翻墙就用了代理服务器。
反向代理服务器是位于原始服务器端的服务器,反向代理服务器接受来自互联网的请求,然后将这些请求发送给内网的服务器,并将从内网的服务器获取结果返回给互联网上的客户端,反向代理服务器是代理的服务端,所以客户端是不知道反向代理服务器的存在的,服务端是知道反向代理服务器的。
代理服务器的作用
访问原来无法访问的资源?
用作缓存,加速访问速度?
对客户端访问授权,上网进行认证?
代理可以记录用户访问记录(上网行为管理),对外隐藏用户信息?
反向代理服务器的作用
保护内网安全?
负载均衡?
缓存,减少服务器的压力
nginx的作用
1.反向代理,将多台服务器代理成一台服务器
2.负载均衡,将多个请求均匀的分配到多台服务器上,减轻每台服务器的压力,提高服务的吞吐量
3.动静分离,nginx可以用作静态文件的缓存服务器,提高访问速度
nginx负载均衡调度器高可用配置
| 系统 | ip | 服务 | 主机名 | | centos8 | 192.168.183.135 | nginx、keepalived | 20 | | centos8 | 192.168.183.136 | nginx、keepalived | 25 | | centos8 | 192.168.183.137 | httpd | 30 | | centos8 | 192.168.183.138 | nginx | 35 |
30配置
[root@30 ~]# dnf -y install httpd
[root@30 ~]# echo 'apache' > /var/www/html/index.html
[root@30 ~]# systemctl enable --now httpd
[root@30 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
[root@30 ~]# curl 192.168.78.30
apache
35配置
[root@35 ~]# dnf -y install nginx
[root@35 ~]# echo 'nginx!' > /usr/share/nginx/html/index.html
[root@35 ~]# systemctl enable --now nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@35 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:80 [::]:*
[root@35 ~]# curl 192.168.78.35
nginx!
25配置
//安装依赖
[root@25 ~]# dnf -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ make wget vim
//创建用户
[root@25 ~]# useradd -rMs /sbin/nologin nginx
//下载软件包并解压编译
[root@25 ~]# wget http://nginx.org/download/nginx-1.20.2.tar.gz
[root@25 ~]# tar -xf nginx-1.20.2.tar.gz
[root@25 ~]# cd nginx-1.20.2
[root@25 nginx-1.20.2]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-debug \
> --with-http_ssl_module \
> --with-http_realip_module \
> --with-http_image_filter_module \
> --with-http_gunzip_module \
> --with-http_gzip_static_module \
> --with-http_stub_status_module \
> --http-log-path=/var/log/nginx/access.log \
> --error-log-path=/var/log/nginx/error.log
[root@25 ~]# make -j $(grep 'processor' /proc/cpuinfo | wc -l) && make install
//配置环境变量
[root@25 ~]# echo "export PATH=$PATH:/usr/local/nginx/sbin" > /etc/profile.d/nginx.sh
[root@25 ~]# source /etc/profile.d/nginx.sh
//启动
[root@25 ~]# cat > /usr/lib/systemd/system/nginx.service << EOF
> [Unit]
> Description=nginx server daemon
> After=network.target
>
> [Service]
> Type=forking
> ExecStart=/usr/local/nginx/sbin/nginx
> ExecStop=/usr/local/nginx/sbin/nginx -s stop
> ExecReload=/bin/kill -HUP \$MAINPID
>
> [Install]
> WantedBy=multi-user.target
> EOF
[root@25 ~]# systemctl daemon-reload
[root@25 ~]# systemctl enable --now nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@25 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
//配置负载均衡反向代理
[root@25 ~]# vim /usr/local/nginx/conf/nginx.conf
upstream webservers {
server 192.168.78.30;
server 192.168.78.35;
}
······
location / {
proxy_pass http://webservers;
}
//访问测试
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
nginx!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
nginx!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
nginx!
//配置多次访问apache
[root@25 ~]# vim /usr/local/nginx/conf/nginx.conf
upstream webservers {
server 192.168.78.30 weight=3;
server 192.168.78.35;
}
[root@25 ~]# !system
systemctl restart nginx
//测试
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
nginx!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
nginx!
//配置ip_hash
upstream webservers {
ip_hash;
server 192.168.78.30 weight=3;
server 192.168.78.35;
}
//访问测试
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
apache!
[root@25 ~]# curl 192.168.78.25
apache!
//第一个访问到apache,那么就一直是apache
//修改主机配置文件
[root@25 ~]# vim /usr/local/nginx/conf/nginx.conf
upstream webservers {
server 192.168.78.30;
server 192.168.78.35;
}
······
location / {
proxy_pass http://webservers;
}
20配置
/
/安装nginx
[root@20 ~]# dnf -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ make wget vim
[root@20 ~]# useradd -rMs /sbin/nologin nginx
[root@20 ~]# wget http://nginx.org/download/nginx-1.20.2.tar.gz
[root@20 ~]# tar -xf nginx-1.20.2.tar.gz
[root@20 ~]# cd nginx-1.20.2
[root@20 nginx-1.20.2]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-debug \
> --with-http_ssl_module \
> --with-http_realip_module \
> --with-http_image_filter_module \
> --with-http_gunzip_module \
> --with-http_gzip_static_module \
> --with-http_stub_status_module \
> --http-log-path=/var/log/nginx/access.log \
> --error-log-path=/var/log/nginx/error.log
[root@20 nginx-1.20.2]# make -j $(grep 'processor' /proc/cpuinfo | wc -l) && make install
[root@20 nginx-1.20.2]# echo "export PATH=$PATH:/usr/local/nginx/sbin" > /etc/profile.d/nginx.sh
[root@20 nginx-1.20.2]# source /etc/profile.d/nginx.sh
[root@20 nginx-1.20.2]# cat > /usr/lib/systemd/system/nginx.service << EOF
> [Unit]
> Description=nginx server daemon
> After=network.target
>
> [Service]
> Type=forking
> ExecStart=/usr/local/nginx/sbin/nginx
> ExecStop=/usr/local/nginx/sbin/nginx -s stop
> ExecReload=/bin/kill -HUP \$MAINPID
>
> [Install]
> WantedBy=multi-user.target
> EOF
[root@20 nginx-1.20.2]# systemctl daemon-reload
[root@20 nginx-1.20.2]# systemctl enable --now nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@20 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
//修改主机配置文件
[root@20 ~]# vim /usr/local/nginx/conf/nginx.conf
upstream webservers {
server 192.168.78.30;
server 192.168.78.35;
}
······
location / {
proxy_pass http://webservers;
}
安装keepalived
//配置20主机
[root@20 ~]# dnf -y install keepalived
[root@20 ~]# cd /etc/keepalived/
[root@20 keepalived]# mv keepalived.conf{,-bak}
[root@20 keepalived]# cat keepalived.conf
global_defs {
router_id LVS_Server
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.78.250 dev ens33
}
}
virtual_server 192.168.78.250 80 {
delay_loop 3
lvs_sched rr
lvs_method DR
protocol TCP
real_server 192.168.78.20 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.78.25 8080 {
weight 1
TCP_CHECK {
connect_port 8080
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@20 keepalived]# systemctl enable --now keepalived
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.
[root@20 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:7f:37:b0 brd ff:ff:ff:ff:ff:ff
inet 192.168.78.20/24 brd 192.168.78.255 scope global dynamic noprefixroute ens33
valid_lft 1122sec preferred_lft 1122sec
inet 192.168.78.250/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe7f:37b0/64 scope link noprefixroute
valid_lft forever preferred_lft forever
//配置25主机
[root@25 ~]# dnf -y install keepalived
[root@25 ~]# cd /etc/keepalived/
[root@25 keepalived]# mv keepalived.conf{,-bak}
[root@25 keepalived]# cat keepalived.conf
bal_defs {
router_id LVS_Server
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.78.250 dev ens33
}
}
virtual_server 192.168.78.250 80 {
delay_loop 3
lvs_sched rr
lvs_method DR
protocol TCP
real_server 192.168.78.20 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.78.25 8080 {
weight 1
TCP_CHECK {
connect_port 8080
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@25?keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:07:de:9b brd ff:ff:ff:ff:ff:ff
inet 192.168.78.25/24 brd 192.168.78.255 scope global dynamic noprefixroute ens33
valid_lft 1502sec preferred_lft 1502sec
inet6 fe80::20c:29ff:fe07:de9b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
测试访问
[root@20 ~]# systemctl stop keepalived
[root@20 ~]# systemctl stop nginx
[root@20 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:7f:37:b0 brd ff:ff:ff:ff:ff:ff
inet 192.168.78.20/24 brd 192.168.78.255 scope global dynamic noprefixroute ens33
valid_lft 1395sec preferred_lft 1395sec
inet6 fe80::20c:29ff:fe7f:37b0/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@25 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:07:de:9b brd ff:ff:ff:ff:ff:ff
inet 192.168.78.25/24 brd 192.168.78.255 scope global dynamic noprefixroute ens33
valid_lft 1387sec preferred_lft 1387sec
inet 192.168.78.250/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe07:de9b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@25 ~]# curl 192.168.78.250
apache!
[root@25 ~]# curl 192.168.78.250
apache!
[root@25 ~]# curl 192.168.78.250
apache!
[root@25 ~]# curl 192.168.78.250
apache!
|