反向代理与负载均衡
nginx
通常被用作后端服务器的反向代理,这样就可以很方便的实现动静分离以及负载均衡,从而大大提高服务器的处理能力。
nginx
实现动静分离,其实就是在反向代理的时候,如果是静态资源,就直接从nginx
发布的路径去读取,而不需要从后台服务器获取了。
但是要注意,这种情况下需要保证后端跟前端的程序保持一致,可以使用Rsync
做服务端自动同步或者使用NFS
、MFS
分布式共享存储。
Http Proxy`模块,功能很多,最常用的是`proxy_pass`和`proxy_cache
如果要使用proxy_cache
,需要集成第三方的ngx_cache_purge
模块,用来清除指定的URL缓存。这个集成需要在安装nginx
的时候去做,如:
./configure --add-module=../ngx_cache_purge-1.0 ......
nginx
通过upstream
模块来实现简单的负载均衡,upstream
需要定义在http
段内
在upstream
段内,定义一个服务器列表,默认的方式是轮询,如果要确定同一个访问者发出的请求总是由同一个后端服务器来处理,可以设置ip_hash,如:
upstream idfsoft.com { ip_hash; server 127.0.0.1:9080 weight=5; server 127.0.0.1:8080 weight=5; server 127.0.0.1:1111;}
注意:这个方法本质还是轮询,而且由于客户端的ip可能是不断变化的,比如动态ip,代理,翻墙等,因此ip_hash并不能完全保证同一个客户端总是由同一个服务器来处理。
定义好upstream
后,需要在server
段内添加如下内容:
server { location / { proxy_pass http://idfsoft.com; }}
实验环境
主机名 | ip | 服务 |
---|---|---|
nginx | 192.168.11.120 | nginx |
httpd | 192.168.11.121 | httpd |
lnmp | 192.168.11.122 | lnmp |
部署nginx
创建nginx系统用户
[root@nginx ~]# useradd -r -M -s /sbin/nologin nginx
安装依赖环境
[root@nginx ~]# yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ wget make
[root@nginx ~]# yum -y groups mark install 'Development Tools'
创建日志存放目录
[root@nginx ~]# mkdir -p /var/log/nginx[root@nginx ~]# chown -R nginx.nginx /var/log/nginx
下载nginx
[root@nginx ~]# wget https://nginx.org/download/nginx-1.20.1.tar.gz
编译安装
[root@nginx ~]# tar xf nginx-1.20.1.tar.gz
[root@nginx ~]# cd nginx-1.20.1/
[root@nginx nginx-1.20.1]# ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log
[root@nginx nginx-1.20.1]# make && make install
配置环境变量
[root@nginx nginx-1.20.1]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
[root@nginx nginx-1.20.1]# . /etc/profile.d/nginx.sh
启动
[root@nginx ~]# nginx
[root@nginx ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22
部署httpd
安装环境
[root@httpd ~]# yum -y install openssl-devel pcre-devel expat-devel libtool gcc-c++ libstdc++-devel make
编译安装apache
[root@httpd ~]# cd /usr/src/
[root@httpd src]# ls
] apr-1.7.0.tar.bz2 apr-util-1.6.1.tar.bz2 debug httpd-2.4.43.tar.bz2 kernels
[root@httpd src]# tar xf apr-1.7.0.tar.bz2
[root@httpd src]# tar xf apr-util-1.6.1.tar.bz2
[root@httpd src]# ls
] apr-1.7.0 apr-1.7.0.tar.bz2 apr-util-1.6.1 apr-util-1.6.1.tar.bz2 debug httpd-2.4.43.tar.bz2 kernels
[root@httpd src]# cd apr-1.7.0/
[root@httpd apr-1.7.0]# vim configure
cfgfile=${ofile}T
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
# $RM "$cfgfile" //把这里删除或者加#变成注释
[root@httpd apr-1.7.0]# ./configure --prefix=/usr/local/apr
[root@httpd apr-1.7.0]# make && make install
[root@httpd apr-1.7.0]# cd /usr/src/apr-util-1.6.1/
[root@httpd apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@httpd apr-util-1.6.1]# make && make install
//现在开始安装apache
[root@httpd src]# tar xf httpd-2.4.43.tar.bz2
[root@httpd src]# cd httpd-2.4.43/
[root@httpd httpd-2.4.43]# ./configure --prefix=/usr/local/apache \
sysconfdir=/etc/httpd24 \
enable-ssl \
enable-cgi \
enable-rewrite \
with-zlib \
with-pcre \
with-apr=/usr/local/apr \
with-apr-util=/usr/local/apr-util/ \
enable-modules=most \
enable-mpms-shared=all \
with-mpm=prefork
[root@httpd httpd-2.4.43]# make && make install
//启动apache
[root@httpd httpd-2.4.43]# /usr/local/apache/bin/apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@httpd httpd-2.4.43]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80
部署lnmp
安装部署nginx
[root@lnmp ~]# useradd -r -M -s /sbin/nologin nginx
[root@lnmp ~]# yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ wget make
[root@lnmp ~]# yum -y groups mark install 'Development Tools'
[root@lnmp ~]# mkdir -p /var/log/nginx[root@lnmp ~]# chown -R nginx.nginx /var/log/nginx
[root@lnmp ~]# wget https://nginx.org/download/nginx-1.20.1.tar.gz
[root@lnmp ~]# tar xf nginx-1.20.1.tar.gz
[root@lnmp nginx-1.20.1]# ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log
[root@lnmp nginx-1.20.1]# make && make install
[root@lnmp nginx-1.20.1]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
[root@lnmp nginx-1.20.1]# . /etc/profile.d/nginx.sh
[root@lnmp ~]# nginx
[root@lnmp ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22
安装mysql
[root@lnmp ~]# dnf -y install ncurses-devel openssl-devel openssl cmake mariadb-devel
[root@lnmp ~]# useradd -r -M -s /sbin/nologin mysql
[root@lnmp ~]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz
[root@lnmp ~]# tar xf mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@lnmp ~]# cd /usr/local/
[root@lnmp local]# ls
apache apr apr-util bin etc games include lib lib64 libexec mysql-5.7.33-linux-glibc2.12-x86_64 sbin share src
[root@lnmp local]# mv mysql-5.7.33-linux-glibc2.12-x86_64/ mysql
[root@lnmp local]# ls
apache apr apr-util bin etc games include lib lib64 libexec mysql sbin share src
[root@lnmp local]# chown -R mysql.mysql mysql/
[root@lnmp ~]# echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@lnmp ~]# source /etc/profile.d/mysql.sh
[root@lnmp ~]# ln -s /usr/local/mysql/include /usr/include/mysql
[root@lnmp ~]# vim /etc/ld.so.conf.d/mysql.conf
/usr/local/mysql/lib #添加这个
[root@lnmp ~]# ldconfig
[root@lnmp ~]# vim /etc/man_db.conf
MANDATORY_MANPATH /usr/man
MANDATORY_MANPATH /usr/share/man
MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man
MANDATORY_MANPATH /usr/local/mysql/man
[root@lnmp ~]# mkdir /opt/data
[root@lnmp ~]# chown -R mysql.mysql /opt/data
#初始化数据库
root@lnmp ~]# mysqld --initialize --user=mysql --datadir=/opt/data/
2021-05-12T14:25:38.875806Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2021-05-12T14:25:39.516844Z 0 [Warning] InnoDB: New log files created, LSN=45790
2021-05-12T14:25:39.602382Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2021-05-12T14:25:39.658834Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: ed087633-b32d-11eb-b3ef-000c29a3d1ed.
2021-05-12T14:25:39.666061Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2021-05-12T14:25:40.418925Z 0 [Warning] CA certificate ca.pem is self signed.
2021-05-12T14:25:40.521392Z 1 [Note] A temporary password is generated for root@localhost: R!;RQ)Q%o8\6Ae #记住这个密码后面会用到
[root@lnmp ~]# cat > /etc/my.cnf <<EOF
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
EOF
[root@lnmp ~]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@lnmp ~]# vim /etc/init.d/mysqldbasedir=/usr/local/mysqldatadir=/opt/data
[root@lnmp ~]# service mysqld start Starting MySQL.Logging to '/opt/data/localhost.localdomain.err'. SUCCESS!
[root@lnmp ~]# ss -antlState Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 80 *:3306 *:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:*
[root@lnmp ~]# dnf -y install ncurses-compat-libs
[root@lnmp ~]# mysql -uroot -p'D!;GR)Q%o8Cs'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.33
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> set password = password('root');
Query OK, 0 rows affected, 1 warning (0.00 sec)
[root@lnmp ~]# chkconfig --add mysqld
[root@lnmp ~]# chkconfig --list
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off
安装php
#安装依赖包
[root@lnmp ~]# dnf -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel
[root@lnmp ~]# dnf -y install php*
[root@lnmp ~]# dnf -y remove httpd
[root@lnmp ~]# service php-fpm start
[root@lnmp ~]# systemctl enable php-fpm
Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service.
[root@lnmp ~]# vim /etc/php-fpm.d/www.conf; Note: This value is mandatory.;listen = /run/php-fpm/www.socklisten = 0.0.0.0:9000
[root@localhost ~]# systemctl restart php-fpm
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:9000 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22
配置nginx
[root@lnmp ~]# vim /usr/local/nginx/conf/nginx.conf
location / {
root html;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /usr/local/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
配置nginx主机的nginx配置文件
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
location / {
root html; #删掉这两行
index index.html index.htm;
}
在server上面添加
upstream html {
server 192.168.11.121;
}
upstream php {
server 192.168.11.122;
}
在location下
location / {
proxy_pass http://html; #改成这个
}
把下面的\.php的取消注释
location ~ \.php$ {
proxy_pass http://php; #添加这一行
}
添加静态资源
[root@httpd ~]# cd /usr/local/apache/htdocs/
[root@httpd htdocs]# echo '1234' > index.html
添加动态资源
[root@lnmp html]# vim index.php
<?php
phpinfo();
?>
效果