文章目录
1. 基于nginx负载均衡调度
1.1基于 uri 请求调度至不同集群
- www.xxx.com/user,使用多端口方式(web01—>模拟web集群1)
[root@web01 ~]#cat /etc/nginx/conf.d/agent.oldxu.com.conf
server {
listen 8080;
server_name agent.oldxu.com;
root /agent/8080;
location / {
index index.html;
}
}
server {
listen 8081;
server_name agent.oldxu.com;
root /agent/8081;
location / {
index index.html;
}
}
mkdir /agent/{8080,8081} -p
echo "user-8080" > /agent/8080/index.html
echo "user-8081" > /agent/8081/index.html
systemctl reload nginx
- www.xxxxx.com/pass,使用多端口方式 (web2—>模拟web集群2)
[root@web02 ~]#cat /etc/nginx/conf.d/agent.oldxu.com.conf
server {
listen 8082;
server_name agent.oldxu.com;
root /agent/8082;
location / {
index index.html;
}
}
server {
listen 8083;
server_name agent.oldxu.com;
root /agent/8083;
location / {
index index.html;
}
}
mkdir /agent/{8082,8083} -p
echo "pass-80802" > /agent/8082/index.html
echo "pass-80803" > /agent/8083/index.html
systemctl reload nginx
- 使用负载均衡作为统一入口,根据用户请求的uri进行调度
[root@lb01 ~]#cat /etc/nginx/conf.d/proxy_agent.oldxu.com.conf
upstream agent-user {
server 172.16.1.7:8080;
server 172.16.1.7:8081;
}
upstream agent-pass {
server 172.16.1.8:8082;
server 172.16.1.8:8083;
}
server {
listen 80;
server_name agent.oldxu.com;
location /user {
#uri1
proxy_pass http://agent-user/;
include proxy_params;
}
#uri2
location /pass {
proxy_pass http://agent-pass/;
include proxy_params;
}
}
1.2通过负载均衡将来源的终端设备调度不同的页面
pc: pc端百度 手机:显示是手机端的百度
- web01作为手机端
[root@web01 ~]#cat /etc/nginx/conf.d/useragent.oldxu.com.conf
server {
listen 80;
server_name useragent.oldxu.com;
root /useragent;
location / {
index index.html;
}
}
[root@web01 ~]# mkdir /useragent
[root@web01 ~]# echo "Phone..." > /useragent/index.html
[root@web01 ~]#systemctl reload nginx
- web02作为pc端
[root@web02 ~]#cat /etc/nginx/conf.d/useragent.oldxu.com.conf
server {
listen 80;
server_name useragent.oldxu.com;
root /useragent;
location / {
index index.html;
}
}
[root@web02 ~]# mkdir /useragent
[root@web02 ~]# echo "PC..." > /useragent/index.html
[root@web02 ~]# systemctl reload nginx
- 负载均衡判断设备,然后调度到不同的集群。
[root@lb01 ~]#cat /etc/nginx/conf.d/proxy_useragent.oldxu.com.conf
upstream pc {
server 172.16.1.8:80;
}
upstream sj {
server 172.16.1.7:80;
}
server {
listen 80;
server_name useragent.oldxu.com;
charset utf-8;
location / {
default_type text/html;
#默认不支持将文字 打印到浏览器,所以需要调整默认的类型
proxy_pass http://pc; #默认走PC
include proxy_params;
#判断
if ( $http_user_agent ~* "android|iphone|ipad" ) {
proxy_pass http://sj;
}
#如果开发写的代码不支持某些浏览器,还可以直接在Nginx层面拒绝他比如:MSIE
if ( $http_user_agent ~* "Firefox|MSIE" ) {
return 200 "你当前使用的浏览器真棒!";
}
}
}
1.3 proxy_pass 添加 / 和不添加 / 有什么区别?
proxy_pass有两种常用的写法:
proxy_pass http://localhost:8080;
proxy_pass http://localhost:8080/;
带 / 和 不带 / 有什么区别呢?
- 不带 / 示例:
location /user {
proxy_pass http://172.16.1.7:80;
}
用户请求URL: /user/test/index.html
请求到达Nginx负载均衡: /user/test/index.html
Nginx负载均衡到后端节点: /user/test/index.html
- 带 / 示例
location /user {
proxy_pass http://172.16.1.7:80/;
}
用户请求URL: /user/test/index.html
请求到达Nginx负载均衡: /user/test/index.html
Nginx负载均衡到后端节点: /test/index.html
总结:
1.带 / 意味着Nginx会修改用户请求的URL,将location匹配的URL进行删除。
2.不带 / 意味着Nginx不会修改用户请求的URL,而是直接代理到后端应用服务器。
2 多级代理下如何实现透传真实IP地址?
方案1客户端经过的所有代理都必须添加X-Forward-For头字段
( 其中某一个环节没有,那么就无法提取到真是的IP地址)
方法南2Nginx RealIP模块来实现地址透传
10.0.0.1--> client ip.oldxu.com --> 10.0.0.5(proxy-1) -->
10.0.0.7(proxy-2) --> 10.0.0.8 --> web
- proxy-1
[root@lb01 ~]#cat /etc/nginx/conf.d/proxy_ip.oldxu.com.conf
server {
listen 80;
server_name ip.oldxu.com;
location / {
proxy_pass http://10.0.0.7;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
- proxy-2
[root@web01 ~]# cat /etc/nginx/conf.d/proxy_ip.oldxu.com.conf
server {
listen 80;
server_name ip.oldxu.com;
location / {
proxy_pass http://10.0.0.8;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
- web
[root@web02 ~]#cat /etc/nginx/conf.d/ip.oldxu.com.conf
server {
listen 80;
server_name ip.oldxu.com;
root /php;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
web站点内容
[root@web02 ~]# mkdir /php
[root@web02 ~]# cat /php/index.php
<?php
$ip = getenv("HTTP_X_FORWARDED_FOR");
echo "获取X_FORWARDED_FOR的真实IP地址是: $ip";
?>
Nginx RealIP 分析
通过最后日志发现:
10.0.0.7 - - [28/Apr/2020:15:06:09 +0800] “GET / HTTP/1.0” 200 “10.0.0.1, 10.0.0.5”
10.0.0.7 是web服务器上一层代理服务器
X-FORWARDED 第一个地址是真实IP,后面的全部都是经过的代理服务器地址
10.0.0.1 是真实的客户端地址,他后面的都是代理的地址
X-Forwarded-For提取真实IP的方式:
优点:一定能提取到真是的IP地址
缺点:必须所有经过的代理服务器都开启X-FORWARDED-FOR变量携带IP至后端
Nginx_RealIP模块:
10.0.0.1 --> client ip.oldxu.com
10.0.0.5 --> proxy-1
10.0.0.7 --> proxy-2
10.0.0.8 --> web #修改他
[root@web02 ~]# cat /etc/nginx/conf.d/ip.oldxu.com.conf
server {
listen 80;
server_name ip.oldxu.com;
root /php;
#web前端所有的代理服务器地址,一个都不能少
set_real_ip_from 10.0.0.5;
set_real_ip_from 10.0.0.7;
real_ip_header X-Forwarded-For;
#丛那个header头检索出需要的IP地址 ( 10.0.0.1, 10.0.0.5, 10.0.0.7)
real_ip_recursive on;
#递归排除 set_real_ip_form里面出现的IP地址
#剩下没有出现的IP则被认为是真实IP地址
# ( 10.0.0.1 ==$remote_addr )
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
realip:直接使用就能提取到真实IP,但缺陷是他需要知道沿途经过的所有IP地址 或 地址段,但不用担心云厂商会给你清单。
1001
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
