1、Nginx四、七层反代总结
四层代理:在四层负载设备中,把client发送的报文目标地址(原来是负载均衡设备的IP地址),根据均衡设备设置的选择web服务器的规则选择对应的web服务器IP地址,这样client就可以直接跟此服务器建立TCP连接并发送数据。
七层代理:起了一个反向代理服务器的作用,服务器建立一次TCP连接要三次握手,而client要访问webserver要先与七层负载设备进行三次握手后建立TCP连接,把要访问的报文信息发送给七层负载均衡;然后七层负载均衡再根据设置的均衡规则选择特定的webserver,然后通过三次握手与此台webserver建立TCP连接,然后webserver把需要的数据发送给七层负载均衡设备,负载均衡设备再把数据发送给client;所以,七层负载均衡设备起到了代理服务器的作用。
nginx反向代理功能模块:
ngx_http_proxy_module: 将客⼾端的请求以http协议转发⾄指定服务器进⾏处理。
ngx_stream_proxy_module:将客⼾端的请求以tcp协议转发⾄指定服务器处理。
ngx_http_fastcgi_module: 将客⼾端对php的请求以fastcgi协议转发⾄指定服务器助理。
ngx_http_uwsgi_module: 将客⼾端对Python的请求以uwsgi
2、Nginx反代wordpress的实现
实验环境:
代理服务器: nginx 10.0.0.82
后台web服务器:lnmp+wordpress 10.0.0.83
客户端:10.0.0.81
nginx(1.20)下载地址: https://nginx.org/en/download.html
php( 7.4)下载地址:https://www.php.net/downloads.php
Worldpress(5.7.2):https://cn.wordpress.org/download/
2.1 部署lnmp
2.1.1 部署php
2.1.1.1 编译安装php 7.4.20
#相关包准备
# yum -y install wget vim pcre pcre-devel openssl openssl-devel libicu-devel gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel ncurses ncurses-devel curl curl-devel krb5-devel libidn openldap openldap-devel nss_ldap jemalloc-devel cmake boost-devel bison automake libevent libevent-devel gd gd-devel libtool* libmcrypt libmcrypt-devel mhash libxslt libxslt-devel readline readline-devel gmp gmp-devel libcurl libcurl-devel sqlite-devel
#下载php和wordpress及nginx
#cd /usr/local/src/
#wget https://nginx.org/download/nginx-1.20.1.tar.gz
#wget https://cn.wordpress.org/latest-zh_CN.tar.gz
#ls #php下载到windows再上传
latest-zh_CN.tar.gz nginx-1.20.1.tar.gz php-7.4.20.tar.xz
#编译安装php
#tar xf php-7.4.20.tar.xz
#./configure --prefix=/apps/php --enable-fpm --with-fpm-user=www --with-fpm-group=www --with-pear --with-curl --with-png-dir --with-freetype-dir --with-iconv --with-mhash --with-zlib --with-xmlrpc --with-xsl --with-openssl --with-mysqli --with-pdo-mysql --disable-debug --enable-zip --enable-sockets --enable-soap --enable-inline-optimization --enable-xml --enable-ftp --enable-exif --enable-wddx --enable-bcmath --enable-calendar --enable-shmop --enable-dba --enable-sysvsem --enable-sysvshm --enable-sysvmsg
# make -j 4
# make install2.1.1.2 准备PHP配置文件
#生成配置文件
#cd /apps/php/etc/php-fpm.d/
#cp www.conf.default www.conf
#cp /usr/local/src/php-7.4.20/php.ini-production /apps/php/etc/php.ini
#useradd www -s /sbin/nologin -u 1001 -r
#grep -v ";" www.conf|grep -v "^$"
[www]
user = www
group = www
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 30
pm.min_spare_servers = 30
pm.max_spare_servers = 35
pm.status_path = /pm_status
ping.path = /ping
access.log = log/$pool.access.log
slowlog = log/$pool.log.slow
#mkdir /apps/php/log/ #日志文件路径
#cd /apps/php/etc/
#cp php-fpm.conf.default php-fpm.conf2.1.1.3 php启动脚本
# cp /usr/local/src/php-7.4.20/sapi/fpm/php-fpm.service /usr/lib/systemd/system/
#修改一下行,如果php-fpm.conf在/etc/目录下就不需要修改
#vim /usr/lib/systemd/system/php-fpm.service
ExecStart=/apps/php/sbin/php-fpm --nodaemonize --fpm-config /apps/php/etc/php-fpm.conf -c /apps/php/etc/php.ini
#systemctl daemon-reload2.1.1.4 启动php-fpm并检测
#检测语法并启动php-fpm
#/apps/php/sbin/php-fpm -t
[20-Jun-2021 18:58:29] NOTICE: configuration file /apps/php/etc/php-fpm.conf test is successful
#nginx和php环境变量及nginx开机启动
#vim/etc/profile.d/lnp.sh
PATH="/apps/nginx/sbin/:/apps/php/sbin/:$PATH"
#systemctl enable --now php-fpm
#ps -ef|grep php-fpm
#netstat -tanlp | grep php-fpm
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 164632/php-fpm: mas 2.1.2 部署nginx
2.1.2.1 准备相关程序包
#yum install -y vim lrzsz tree screen psmisc lsof tcpdump wget gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools iotop bc zip unzip zlib-devel bash-completion nfs-utils automake libxml2 libxml2-devel libxslt libxslt-devel perl perl-ExtUtils-Embed2.1.2.2 编译安装nginx
#tar xf nginx-1.20.1.tar.gz
# cd nginx-1.20.1
#./configure --prefix=/apps/nginx \
--user=www \
--group=www \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module
#make -j 4
#make install2.1.2.3 配置nginx
#vim /apps/nginx/conf/nginx.conf
user www; #工作进程用户
worker_processes 4; #根据cpu数量添加工作进程
pid logs/nginx.pid; #pid文件位置
events {
worker_connections 1024; #工作线程
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
include /apps/nginx/conf/conf.d/*.conf; #虚拟机配置目录
}
2.1.2.4 虚拟主机配置文件
#mkdir /apps/nginx/conf/conf.d
#vim /apps/nginx/conf/conf.d/wordpress.conf
server {
listen 8080;
server_name www.test.com;
location / {
root /data/nginx/wordpress;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /data/nginx/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
#/apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful2.1.2.5 环境变量和nginx
#vim /etc/profile.d/lnp.sh
PATH="/apps/nginx/sbin/:/apps/php/sbin/:$PATH"
/apps/nginx/sbin/nginx
#. /etc/profile.d/lnp.sh
#检测
#ss -ntl
#ps aux|grep nginx2.1.2.6 测试虚拟主机及php
准备php测试页
#mkdir /data/nginx/wordpress -p
#vim /data/nginx/wordpress/index.php
<?php
phpinfo();
?>客户端浏览器www.test.com:8080
# vim /etc/hosts
10.0.0.83 www.test.com
2.1.3 部署mysql
2.1.3.1 使用mysql5.6二进制包部署数据库
#cd /usr/local/src
#ls
mysql-5.6.51-linux-glibc2.12-x86_64.tar.gz
#准备相关包
[root@mysql-master ~]#yum install vim gcc gcc-c++ wget autoconf net-tools lrzsz iotop lsof iotop bash-completion curl policycoreutils openssh-server openssh-clients postfix libncurses* -y
[root@mysql-master ~]#cd /usr/local/src/
root@mysql-master src]#ls
mysql-5.6.51-linux-glibc2.12-x86_64.tar.gz
#解压MySQL二进制包
[root@mysql-master src]#tar xf mysql-5.6.51-linux-glibc2.12-x86_64.tar.gz
#建立软连接方便以后升级
[root@mysql-master src]#ln -sv /usr/local/src/mysql-5.6.51-linux-glibc2.12-x86_64 /usr/local/mysql
'/usr/local/mysql' -> '/usr/local/src/mysql-5.6.51-linux-glibc2.12-x86_64'
#创建mysql用户
[root@mysql-master src]#useradd mysql -s /sbin/nologin -u 1000
#创建数据目录
[root@mysql-master src]#mkdir -pv /data/mysql /var/lib/mysql
mkdir: created directory '/data/mysql'
mkdir: created directory '/var/lib/mysql'
#授权mysql用户对数据目录所有权
[root@mysql-master src]#chown -R mysql.mysql /data /var/lib/mysql
#数据库初始化
[root@mysql-master src]#/usr/local/mysql/scripts/mysql_install_db --user=mysql --datadir=/data/mysql --basedir=/usr/local/mysql
#配置文件
[root@mysql-master src]#vim /etc/my.cnf
[mysqld]
socket=/data/mysql/mysql.sock
user=mysql
symbolic-links=0
datadir=/data/mysql
innodb_file_per_table=1
max_connections=10000
[client]
port=3306
socket=/var/lib/mysql/mysql.sock
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/tmp/mysql.sock
#启动脚本
[root@mysql-master src]#cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@mysql-master src]#chmod a+x /etc/init.d/mysqld
[root@mysql-master src]#chkconfig --add mysqld
[root@mysql-master src]#service mysqld start
[root@mysql-master src]#ln -sv /data/mysql/mysql.sock /var/lib/mysql/mysql.sock
#环境变量
[root@mysql-master src]#vim /etc/profile.d/mysql.sh
PATH="/usr/local/mysql/bin/:$PATH"
[root@mysql-master src]#. /etc/profile.d/mysql.sh
[root@mysql-master src]#echo $PATH
/usr/local/mysql/bin/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
2.1.3.2 数据授权wordpress连接
[root@centos8 ~]#mysql
MariaDB [(none)]> CREATE DATABASE wordpress;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"localhost" IDENTIFIED BY "123456";
#授权wordpress本地登录,所以在wordpress中数据库地址为127.0.0.12.1.4 部署wordpress
wordpress下载地址:https://cn.wordpress.org/download/
# cd /usr/local/src
#tar xf latest-zh_CN.tar.gz
#mv wordpress/* /data/nginx/wordpress/
#chown -R www.www /data/nginx/wordpress/客户端使用浏览器打开www.test.com完成初始化
2.2 部署nginx反向代理服务器
主机:10.0.0.82
2.2.1 部署nginx
2.2.1.1 准备相关程序包
#yum install -y vim lrzsz tree screen psmisc lsof tcpdump wget gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools iotop bc zip unzip zlib-devel bash-completion nfs-utils automake libxml2 libxml2-devel libxslt libxslt-devel perl perl-ExtUtils-Embed2.2.1.2 编译安装nginx
#下载nginx
#/usr/local/src/
#wget https://nginx.org/download/nginx-1.20.1.tar.gz
#tar xf nginx-1.20.1.tar.gz
# cd nginx-1.20.1
#./configure --prefix=/apps/nginx \
--user=www \
--group=www \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module
#make -j 4
#make install2.2.1.3 配置nginx
#vim /apps/nginx/conf/nginx.conf
user www; #工作进程用户
worker_processes 4; #根据cpu数量添加工作进程
pid logs/nginx.pid; #pid文件位置
events {
worker_connections 1024; #工作线程
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
include /apps/nginx/conf/conf.d/*.conf; #虚拟机配置目录
}2.2.1.4 配置环境变量
#useradd -r www -s /sbin/nologin
#mkdir /apps/nginx/conf/conf.d
#vim /etc/profile.d/nginx.sh
PATH="/apps/nginx/sbin/:$PATH"
/apps/nginx/sbin/nginx
#. /etc/profile.d/nginx.sh
#检测
#ss -ntl
#ps aux|grep nginx2.2.1.5 配置反向代理
#vim /apps/nginx/conf/conf.d/wordpress.conf
upstream webserver {
server 10.0.0.83:8080 weight=1 fail_timeout=5s max_fails=3;
}
server {
listen 80;
server_name www.test.com;
location / {
index index.php index.html index.htm;
proxy_pass http://webserver/;
}
}
#nginx -t
#nginx -s reload2.2.1.6 测试反向代理
客户端:10.0.0.81
# vim /etc/hosts
10.0.0.82 www.test.com再使用浏览器访问www.test.com
在10.0.0.83上查看访问日志,可以看到代理服务器信息
#tail -f /apps/nginx/logs/access.log
10.0.0.82 - - [23/Jun/2021:19:41:31 +0800] "GET /wp-content/themes/twentytwentyone/assets/css/print.css?ver=1.3 HTTP/1.0" 200 2897 "http://www.test.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0"3、HAProxy的安装配置
实验环境:主机 10.0.0.81 centos8
3.1 解决lua环境
lua源码包下载地址:http://www.lua.org/ftp/lua-5.4.0.tar.gz
#cd /usr/local/src/
#wget http://www.lua.org/ftp/lua-5.4.0.tar.gz
#yum install libtermcap-devel ncurses-devel libevent-devel readline-devel
#tar xf lua-5.4.0.tar.gz
#cd lua-5.4.0
#make linux test
#/usr/local/src/lua-5.4.0/src/lua -v #查看版本信息
Lua 5.4.0 Copyright (C) 1994-2020 Lua.org, PUC-Rio3.2 编译安装haproxy 2.4.0
下载地址:http://www.haproxy.org/download/ 官网
https://pkgs.org/download/haproxy 第三方
# yum install gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools vim iotop bc zip unzip zlib-devel lrzsz tree screen lsof tcpdump wget
#cd /usr/local/src/
#tar xf haproxy-2.4.0.tar.gz
##cd /usr/local/src/haproxy-2.4.0
#make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.4.0/src/ LUA_LIB=/usr/local/src/lua-5.4.0/src/ PREFIX=/usr/local/haproxy
#make install PREFIX=/usr/local/haproxy
#cp haproxy /usr/sbin/
#验证版本
#/usr/local/haproxy/sbin/haproxy -v
HAProxy version 2.4.0-6cbbecf 2021/05/14 - https://haproxy.org/3.3 haproxy启动脚本
#vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
#systemctl daemon-reload3.4 配置文件
#mkdir /etc/haproxy
#vim /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /usr/local/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon
#nbproc 4
#cpu-map 1 0
#cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:q1w2e3r4ys
listen web
bind 10.0.0.81:80
mode tcp
log global
server web01 10.0.0.83:8080 check inter 3000 fall 2 rise 5
server web02 10.0.0.82:8080 check inter 3000 fall 2 rise 5 backup
#准备配置文件中pid文件存放目录
#mkdir /var/lib/haproxy
#chown 99.99 /var/lib/haproxy/ -R3.5 优化内核参数
#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1 #数据转发
net.ipv4.ip_nonlocal_bind=1 #监控非本机IP,即VIP
#sysctl -p3.6 启动haproxy,并测试
#systemctl enable --now haproxy
#systemctl status haproxy
#客户端测试
# curl --head 10.0.0.83:8080 #后端web服务器域名www.test.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Wed, 23 Jun 2021 12:32:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.4.20
X-Redirect-By: WordPress
Location: http://10.0.0.83/
# cat /etc/hosts
10.0.0.81 www.test.com
# curl --head www.test.com
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 23 Jun 2021 12:30:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.4.20
Link: <http://www.test.com/index.php?rest_route=/>; rel="https://api.w.org/"
扫一扫
1110
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
