什么是負(fù)載均衡?
當(dāng)一個域名指向多臺web服務(wù)器時�����,添加一臺nginx負(fù)載均衡服務(wù)器����,通過nginx負(fù)載均衡即可將來自于客戶端的請求均衡的發(fā)送給每臺web服務(wù)器,避免單臺服務(wù)器負(fù)載過高而其余服務(wù)器較為空閑的不均衡情況出現(xiàn)
配置nginx負(fù)載均衡:
在nginx機器上新建配置文件:
[root@centos02 ~]# vi /etc/nginx/conf.d/test.conf
添加如下內(nèi)容:
upstream test
{
ip_hash;
server 192.168.0.10:80 weight=100;
server 192.168.0.20:80 weight=50;
}
server
{
listen 80;
server_name www.test.com;
location /
{
proxy_pass http://test;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
- upstream:負(fù)載均衡配置
- test:自定義名�,用于server{}中proxy_pass引用
- ip_hash:將同一客戶端的所有請求發(fā)送給同一服務(wù)器(如不發(fā)送給同一服務(wù)器,有可能出現(xiàn)客戶端剛登陸網(wǎng)站����,點擊其他子頁面又提示登陸)
- server:web服務(wù)器地址
- weight:定義權(quán)重(范圍0-100),負(fù)載均衡服務(wù)器優(yōu)先將請求發(fā)送給權(quán)重大的web服務(wù)器(以上示例如果有150條請求進(jìn)來��,192.168.0.10會被分配100條�,192.168.0.20會被分配50條)
- server_name:訪問網(wǎng)站的域名
- proxy_pass:引用upstream定義的名稱
驗證nginx配置并重載:
[root@centos02 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@centos02 ~]# nginx -s reload
接下來修改客戶端hosts文件將測試的域名www.test.com指向到測試的nginx負(fù)載均衡機器的IP即可訪問www.test.com網(wǎng)站。
負(fù)載均衡配置示例補充
1.根據(jù)請求的文件配置:
upstream aa {
server 192.168.0.10;
server 192.168.0.20;
}
upstream bb {
server 192.168.0.100;
server 192.168.0.101;
}
server {
listen 80;
server_name www.test.com;
location ~ aa.php
{
proxy_pass http://aa/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ bb.php
{
proxy_pass http://bb/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /
{
proxy_pass http://bb/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
請求aa.php的���,會到aa組���,請求bb.php的會到bb組����,其他請求全部到bb組��,必須要有l(wèi)ocation / {} �,否則不能正確匹配url
2.根據(jù)請求的目錄配置:
upstream aa {
server 192.168.0.10;
server 192.168.0.20;
}
upstream bb {
server 192.168.0.100;
server 192.168.0.101;
}
server {
listen 80;
server_name www.test.com;
location /dir1/
{
proxy_pass http://aa/dir1/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /dir2/
{
proxy_pass http://bb/dir2/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /
{
proxy_pass http://bb/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#當(dāng)請求uri中匹配/dir1/�,代理到aa/dir1/�����,匹配/dir2/或者其他時,代理到bb/dir2/
nginx配置SSL證書實現(xiàn)通過https協(xié)議訪問網(wǎng)站:
SSL證書申請網(wǎng)站:
1.https://www.wosign.com/
2.https://freessl.cn/(免費)
#通過瀏覽器生成后�,需要在服務(wù)器創(chuàng)建證書文件
創(chuàng)建證書文件:
[root@linux ~]# mkdir /etc/nginx/ssl
[root@linux ~]# cd !$
cd /etc/nginx/ssl
[root@linux ssl]# touch ca
[root@linux ssl]# touch test.crt
[root@linux ssl]# touch test.key
#將證書申請網(wǎng)站提供的對應(yīng)證書的內(nèi)容添加到ca/ .crt/ .key文件中即可
編輯nginx配置文件:
[root@linux ~]# vi /etc/nginx/conf.d/bbs.conf
添加如下內(nèi)容:
listen 443 ssl;
server_name test.bbs.com;
ssl on;
ssl_certificate /etc/nginx/ssl/test.crt; #定義.crt文件路徑
ssl_certificate_key /etc/nginx/ssl/test.key; #定義.key文件路徑
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
驗證配置并重載nginx:
[root@linux ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@linux ~]# nginx -s reload
#接下來訪問網(wǎng)站地址欄即可顯示HTTPS
curl驗證方式:
curl -k -H "host:test.bbs.com" https://192.168.234.128/index.php
#host:域名,https:// webserver IP��,輸出結(jié)果為網(wǎng)站頁面標(biāo)簽信息即表示成功
以上就是本文的全部內(nèi)容�,希望對大家的學(xué)習(xí)有所幫助,也希望大家多多支持腳本之家�。
