第三十三天:
nginx的负载均衡和反向代理
1nginx的rewrite模块详解
2nginx的rewrite模块和防盗链
3nginx实现http反向代理
4nginx反向代理和缓存功能
5nginx实现反向代理的客户端IP地址透传
6nginx反向代理负载均衡及调度算法
第三十四天:
keepalived高可用实现
1nginx的四层代理负载均衡
2nginx实现LNMP的wordpress应用
3nginx实现LNMP的kod云盘实现
4nginx的openresty编译安装和内核优化
5高可用性解决方案
6keepalived架构和VRRP的VIP主从架构
7keepalived实现VRRP的VIP主主架构
1、nginx负载均衡中常见的算法及原理有哪些?
反向代理负载均衡算法:
hash KEY [consistent];
#基于指定请求报文中首部字段或者URI等key做hash计算,使用consistent参数,将使用ketama一致性
hash算法,适用于后端是Cache服务器(如varnish)时使用,consistent定义使用一致性hash运算,一
致性hash基于取模运算
hash $request_uri consistent; #基于用户请求的uri做hash
hash $cookie_sessionid #基于cookie中的sessionid这个key进行hash调度,实现会话绑定
ip_hash;
#源地址hash调度方法,基于的客户端的remote_addr(源地址IPv4的前24位或整个IPv6地址)做hash计
算,以实现会话保持
least_conn;
#最少连接调度算法,优先将客户端请求调度到当前连接最少的后端服务器,相当于LVS中的WLC
2、使用rewrite规则实现将所有到a域名的访问rewrite到b域名
#主配置文件末行加入自定义配置文件路径
[root@centos8 ~]#vim /apps/nginx/conf/nginx.conf
include /apps/nginx/conf/conf.d/*.conf;
[root@centos8 ~]#mkdir /apps/nginx/conf/conf.d
[root@centos8 ~]#vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name www.magedu.org;
root /data/nginx/html/pc;
location / {
index index.html;
rewrite / http://www.baidu.com redirect;
}
}
访问:http://www.magedu.org,自动跳转https://www.baidu.com
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-HMq9XDIF-1651058920421)(N63044-第十七周作业-images/image-20220424111846179.png)]
3、实现反向代理客户端IP透传
1、第一个代理服务器
[root@nginx1 ~]#vim /apps/nginx/conf/nginx.conf
http {
proxy_cache_path /data/nginx/proxycache levels=1:1:1 keys_zone=proxycache:20m inactive=120s max_size=1g;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
[root@nginx1 ~]#vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name www.magedu.org;
root /data/nginx/html/pc;
location /api {
index index.html;
proxy_pass http://10.0.0.18;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[root@nginx1 ~]#mkdir /data/nginx
2、第二个代理服务器
[root@nginx2 ~]#vim /apps/nginx/conf/nginx.conf
http {
proxy_cache_path /data/nginx/proxycache levels=1:1:1 keys_zone=proxycache:20m inactive=120s max_size=1g;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
server {
listen 80;
server_name www.magedu.org;
location / {
proxy_pass http://10.0.0.28;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
[root@nginx2 ~]#mkdir /data/nginx
3、查看日志
[root@nginx1 ~]#tail -f /apps/nginx/logs/access.log
10.0.0.100 - - [25/Apr/2022:14:54:06 +0800] "GET /index.html HTTP/1.1" 200 10 "-" "curl/7.58.0" "-"
[root@nginx2 ~]#tail -f /apps/nginx/logs/access.log
10.0.0.8 - - [25/Apr/2022:14:54:06 +0800] "GET /index.html HTTP/1.0" 200 10 "-" "curl/7.58.0" "10.0.0.100"
4、后端服务器配置日志格式
[root@centos28 html]# vim /etc/httpd/conf/httpd.conf
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{x-Forwarded-For}i\"" combined
CustomLog "logs/access_log" common
5、实现IP透传
[root@centos28 html]# tail -f /var/log/httpd/access_log
10.0.0.18 - - [25/Apr/2022:15:00:08 +0800] "GET /index.html HTTP/1.0" 200 10 "-" "curl/7.58.0" "10.0.0.100, 10.0.0.8"
4、利用LNMP实现wordpress站点搭建"
LNMP项目实战环境说明
L:Linux(CentOS7)https://mirrors.aliyun.com/centos/7/isos/x86_64/
N:Nginx(1.18.0) https://nginx.org/en/download.html
M:MySQL(8.0.19) https://dev.mysql.com/downloads/mysql/
P:PHP(7.4.10) http://php.net/downloads.php
Wordpress(5.4.2): https://cn.wordpress.org/download/
#部署规划:
10.0.0.7:Nginx php-fpm 运行web服务
10.0.0.17:运行MySQL数据库,Redis服务
部署数据库
在10.0.0.17主机部署MySQL服务
1、二进制部署MySQL数据库
[root@centos17 ~]#vim install_offline_mysql8.0_for_centos7.sh
. /etc/init.d/functions
SRC_DIR=`pwd`
MYSQL='mysql-8.0.19-linux-glibc2.12-x86_64.tar.xz'
COLOR='echo -e \E[01;31m'
END='\E[0m'
MYSQL_ROOT_PASSWORD=magedu
check () {
if [ $UID -ne 0 ];then
action "当前用户不是root,安装失败" false
exit 1
fi
cd $SRC_DIR
if [ ! -e $MYSQL ];then
$COLOR"缺少${MYSQL}文件" $END
$COLOR"请将相关软件放在${SRC_DIR}目录下"$END
exit
elif [ -e /usr/local/mysql ];then
action "数据库已存在,安装失败" false
exit
else
return
fi
}
install_mysql() {
$COLOR"开始安装mysql数据库..."$END
yum -y -q install libaio numactl-libs ncurses-compat-libs ncurses-c++-libs &> /dev/null
cd $SRC_DIR
tar xf $MYSQL -C /usr/local/
MYSQL_DIR=`echo $MYSQL | sed -nr 's/^(.*[0-9]).*/\1/p'`
ln -s /usr/local/$MYSQL_DIR /usr/local/mysql
chown -R root.root /usr/local/mysql/
id mysql &> /dev/null || { useradd -s /sbin/nologin -r mysql ; action "创建mysql用户"; }
echo 'PATH=/usr/local/mysql/bin/:$PATH' > /etc/profile.d/mysql.sh
. /etc/profile.d/mysql.sh
ln -s /usr/local/mysql/bin/* /usr/bin/
cat > /etc/my.cnf <<EOF
[mysqld]
server-id=`hostname -I|cut -d. -f4`
log-bin
datadir=/data/mysql
socket=/data/mysql/mysql.sock
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
[client]
socket=/data/mysql/mysql.sock
EOF
mysqld --initialize --user=mysql --datadir=/data/mysql
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
chkconfig --add mysqld
chkconfig mysqld on
service mysqld on
service mysqld start
[ $? -ne 0 ] && { $COLOR"数据库启动失败,退出!"$END;exit; }
MYSQL_OLDPASSWORD=`awk '/A temporary password/{print $NF}' /data/mysql/mysql.log`
mysqladmin -uroot -p$MYSQL_OLDPASSWORD password $MYSQL_ROOT_PASSWORD &> /dev/null
action "数据库安装完成"
}
check
install_mysql
[root@centos17 ~]#bash install_offline_mysql8.0_for_centos7.sh
2、创建wordpress数据库和用户并授权
mysql> create database wordpress;
mysql> create user wordpress@'10.0.0.%' identified by '123456';
mysql> grant all on wordpress.* to wordpress@'10.0.0.%';
3、验证MySQL账户权限
[root@centos7 ~]#mysql -uwordpress -p123456 -h10.0.0.17
mysql> show databases;
部署PHP
在10.0.0.7主机部署php-fpm服务
1、 编译安装 php
[root@centos7 ~]#yum install -y gcc openssl-devel libxml2-devel bzip2-devel libmcrypt-devel sqlite-devel oniguruma-devel
[root@centos7 ~]#cd /usr/local/src/
[root@centos7 src]#wget https://www.php.net/distributions/php-7.4.28.tar.xz
[root@centos7 src]#tar xf php-7.4.28.tar.xz
[root@centos7 src]#cd php-7.4.28/
[root@centos7 php-7.4.28]#./configure --prefix=/apps/php74 --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-openssl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --enable-mbstring --enable-xml --enable-sockets --enable-fpm --enable-maintainer-zts --disable-fileinfo
[root@centos7 php-7.4.28]#make -j 8 && make install
2、准备 php 配置文件
[root@centos7 php-7.4.28]#cp /usr/local/src/php-7.4.28/php.ini-production /etc/php.ini
[root@centos7 php-7.4.28]#cd /apps/php74/etc/
[root@centos7 etc]#cp php-fpm.conf.default php-fpm.conf
[root@centos7 etc]#cd php-fpm.d/
[root@centos7 php-fpm.d]#cp www.conf.default www.conf
[root@centos7 php-fpm.d]#grep '^[^;]' www.conf
[www]
user = www
group = www
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.status_path = /status
ping.path = /ping
access.log = log/$pool.access.log
slowlog = log/$pool.log.slow
[root@centos7 php-fpm.d]#useradd -r -s /sbin/nologin www
[root@centos7 php-fpm.d]#mkdir /apps/php74/log
3、启动并验证 php-fpm 服务
[root@centos7 ~]#/apps/php74/sbin/php-fpm -t
[27-Apr-2022 18:14:49] NOTICE: configuration file /apps/php74/etc/php-fpm.conf test is successful
[root@centos7 ~]#cp /usr/local/src/php-7.4.28/sapi/fpm/php-fpm.service /usr/lib/systemd/system/
[root@centos7 ~]#systemctl daemon-reload
[root@centos7 ~]#systemctl enable --now php-fpm
[root@centos7 ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@centos7 ~]#pstree -p |grep php
|-php-fpm(121583)-+-php-fpm(121584)
| `-php-fpm(121585)
[root@centos7 ~]#ps -ef|grep php
部署 Nginx
在10.0.0.7主机部署nginx服务
1、编译安装 nginx
[root@centos7 ~]#yum install -y gcc pcre-devel openssl-devel zlib-devel
[root@centos7 ~]#cd /usr/local/src/
[root@centos7 src]#wget http://nginx.org/download/nginx-1.18.0.tar.gz
[root@centos7 src]#tar xf nginx-1.18.0.tar.gz
[root@centos7 src]#cd nginx-1.18.0/
[root@centos7 nginx-1.18.0]#./configure --prefix=/apps/nginx --user=www --group=www --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
[root@centos7 nginx-1.18.0]#make -j 8 && make install
[root@centos7 nginx-1.18.0]#ln -s /apps/nginx/sbin/nginx /usr/sbin/
2、准备服务文件并启动 nginx
[root@centos7 ~]#vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFILE=/apps/nginx/run/nginx.pid
ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
[Install]
WantedBy=multi-user.target
[root@centos7 ~]#mkdir /apps/nginx/run/
[root@centos7 ~]#vim /apps/nginx/conf/nginx.conf
pid /apps/nginx/run/nginx.pid;
[root@centos7 ~]#ss -ntl
3、配置 Nginx 支持 fastcgi
[root@centos7 ~]#vim /apps/nginx/conf/nginx.conf
pid /apps/nginx/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name www.magedu.org;
client_max_body_size 10m;
server_tokens off;
location / {
root /data/nginx/wordpress;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /data/nginx/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_hide_header X-Powered-By;
}
location ~ ^/(ping|status)$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
}
[root@centos7 ~]#nginx -t
[root@centos7 ~]#nginx -s reload
4、准备 php 测试页
[root@centos7 ~]#mkdir -p /data/nginx/wordpress
[root@centos7 ~]#vim /data/nginx/wordpress/test.php
<?php phpinfo(); ?>
5、验证 php 测试页
http://www.magedu.org/ping
http://www.magedu.org/status
http://www.magedu.org/test.php
部署 WordPress
在10.0.0.7主机部署 wordpress
1、准备 WordPress 文件
[root@centos7 ~]#wget -O wordpress-5.9.3-zh_CN.tar.gz https://cn.wordpress.org/latest-zh_CN.tar.gz
[root@centos7 ~]#tar xf wordpress-5.9.3-zh_CN.tar.gz
[root@centos7 ~]#cp -r wordpress/* /data/nginx/wordpress/
[root@centos7 ~]#chown -R www.www /data/nginx/wordpress/
2、初始化web页面
http://www.magedu.org/
数据库名: wordpress
用户名: wordpress
密码: 123456
数据库主机: 10.0.0.17
表前缀: 默认
3、登录后台管理界面并发表文章
用户名:admin
密码:123456
4、配置允许上传大文件
[root@centos7 ~]#vim /etc/php.ini
post_max_size = 30M #默认值为8M
upload_max_filesize = 20M #默认值为2M
[root@centos7 ~]#systemctl restart nginx php-fpm
6、配置 php 开启 opcache 加速
[root@centos7 ~]#vim /etc/php.ini
[opcache]
zend_extension=opcache.so
opcache.enable=1
[root@centos7 ~]#systemctl restart php-fpm
访问:http://www.magedu.org/test.php,确保Zend OPcache为Up and Running状态!
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
