进阶学习
一、静态资源WEB服务
二、代理服务
三、负载均衡调度器SLB
四、动态缓存
静态资源WEB服务
3.配置语法-文件读取
Syntax: sendfile on | off;
Default: sendfile off;
Context:http, server, location, if in location
引读: --with-file-aio 异步文件读取
3、配置语法-tcp_nopush
Syntax: tcp_nopush on | off;
Default: tcp_nopush off;
Context:http, server, location
作用: sendfile开启的情况下, 提高网络包的传输效率
tcp_nodelay
Syntax: tcp_nodelay on | off;
Default: tcp_nodelay on;
Context:http,server, location
作用:keepalive连接下,提高网络包的传输实时性
压缩
Synatx: gzip on | off;
Default: gzip off;
Context: http, server, location, if in locatiion
作用:压缩传输
压缩比
Syntax: gzip_comp_level level;
Default: gzip_comp_level 1;
Context: http, server, location
扩展Nginx压缩模块
http_gzip_static_module - 预读gzip功能(节省cpu的压缩时间,减少cpu性能的损耗,但硬盘的io会消耗的多,原文件和压缩文件两份,所以用得少)
http_gunzip_module - 应用支持gunzip的压缩方式(用得很少)
配置nginx.conf
location ~ .*\.(jpg|gif|png)$ {
gzip on;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
root /opt/app/code/images;
}
location ~ .*\.(txt|xml)$ {
gzip on;
gzip_http_version 1.1;
gzip_comp_level 1;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
root /opt/app/code/doc;
}
location ~ ^/download {
gzip_static on;
tcp_nopush on;
root /opt/app/code;
}防盗链
目的:防止资源被盗用
防盗链设置思路
首要方式:区别哪些是非正常的访问请求
基于http_refer防盗链配置模块(当http_refer信息为空时,此模块不作用)
添加test_refer.html网页文件
里面有图片链接信息 <img src="http://116.62.103.228/my.jpeg">,准备好相应的图片信息
修改nginx.conf
server_name 116.62.103.228 jeson.imoocc.com;
location ~ .*\.(jpg|gif|png)$ {
gzip on;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
#只允许ip为116.62.103.228的请求过来访问
valid_referers none blocked 116.62.103.228;
#判断是否非零,非零的话跳转到403
if($invalid_referer) {
return 403;
}
root /opt/app/code/images;
}
二、代理服务
代理一代为办理(代理理财、代理收货等等)
RTMP是流媒体格式
举例:1.一个公司所有的电脑没法上网,但有一台机器可以上网的时候,配置其为代理服务器的地址,通过代理服务器去上公网。
2.翻墙,搜索我们想要看的信息。
代理的区别:在于代理的对象不一样
正向代理代理的对象是客户端
反向代理代理的对象是服务端
配置语法
Syntax: proxy_pass URL;
Default: --
Context: location, if in location, limit_except
URL的格式,一般为http://localhost:8000/uri/,也支持https://192.168.1.1:8000/uri/
也支持socket的方式:http://unix:/tmp/backend:socket:/uri/;
只提供80端口对外访问的linux服务器,公网只能访问80端口,用80端口访问其他端口时就需要用到反向代理了。
在/nginx/html/目录下配置两个网页测试文件 test_proxy.html
两台虚拟主机
fx_proxy.conf realserver.conf
首先配置realserver.conf,监听的端口号为8080,公网无法访问到的8080端口号
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8080;
server_name localhost jeson.t.imooc.io;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
fx_proxy.conf 的监听端口号改为80,遇到test_proxy.html结尾的请求,会转换为8080的端口号去请求。
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost jeson.t.imooc.io;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
location ~ /test_proxy.html$ {
proxy_pass http://127.0.0.1:8080;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
测试配置文件的正确性
重启nginx
浏览器输入:
jeson.t.imooc.io:8080/test_proxy.html 无法获取界面数据
jeson.t.imooc.io:80/test_proxy.html 正确访问
正向代理实例
新建jesonc.html, 随便填写点内容
修改nginx.conf
server_name localhost jeson.t.imooc.io;
location / {
#只允许116.62.103.228的主机进行访问
if( $http_x_forwarded_for !~* "^116\.62\.103\.228") {
return 403;
}
root html;
index index.html index.htm;
}打开客户端输入 jeson.t.imooc.io/jesonc.html 进行访问,结果是403 Forbidden
只有ip为116.62.103.228的服务器才能访问到它,这时可以使用正向代理了
所以登录ip为116.62.103.228的服务器,在这台服务器进行正向代理,修改nginx.conf
server_name localhost jeson.t.imooc.io;
#这里用了goole的免费公共域名解析服务
resolver 8.8.8.8;
location / {
proxy_pass http://$http_host$request_uri;
}在浏览器中选择ip为116.62.103.228的服务器做为代理,然后进行访问即能得到想要的界面。
缓冲区(减少io的损耗)
Syntax: proxy_buffering on | off;
Default: proxy_buffering on;
Context: http, server, location
扩展: proxy_buffer_size、 proxy_buffers、 proxy_busy_buffers_size
跳转重定向
Syntax: proxy_redirect default;
proxy_redirect off; proxy_redirect redirect replacement;
Default: proxy_redirect default;
Context: http, server, location
头信息
Syntax: proxy_set_header field value;
Default: proxy_set_header Host $proxy_host;
proxy_set_header Connection close;
Context: http, server, location
扩展:proxy_hide_header、proxy_set_body
超时
Syntax: proxy_connect_timeout time;
Default: proxy_connect_timeout 60s;
Context: http, server, location
扩展: proxy_read_timeout、proxy_send_timeout
企业常用配置,配置公用模块:
先vim proxy_params创建一个文件
proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Real_IP $remote_addr;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffer_size 32k;
proxy_buffering on;
proxy_buffers 4 128k;
proxy_busy_buffers_size 256k;
proxy_max_temp_file_size 256k;修改nginx.conf
location / {
proxy_pass http://127.0.0.1:8080;
include proxy_params;
}
Layer 4 基于tcp/ip进行底层传输,只要进行包的转发
nginx是典型的七层
Syntax: upstream name{...}
Default: --
Context: http
准备两台服务器,一台是后端服务器,一台是nginx代理服务器
nginx的nginx.conf包含server1.conf, server2.conf, server3.conf,监听三个不同的端口8001,8002,8003
具体原理见博文:https://blog.csdn.net/xiao__jia__jia/article/details/84927632
server1.conf的配置,其他两个类同
#监听的端口号
server {
listen 8001
location / {
#映射的文件地址,这里准备三个目录code1,code2, code3,里面包含不同样式的代码
root /opt/app/code1;
index index.html index.htm;
}
}继续添加包含upstream_test.conf
upstream imooc {
server 116.62.103.228:8001;
server 116.62.103.228:8002;
server 116.62.103.228:8003;
}
server {
listen 80;
server_name localhost jeson.t.imooc.io;
location / {
proxy_pass http://imooc;
include proxy_params;
}
}验证配置好的格式是否正确
重启nginx服务
成功测试完效果后,利用iptables规则关闭其中一个端口
iptables -I INPUT -p tcp --dport 8002 -j DROPnginx能检测到8002的节点已经无法连接,把它下线掉了
backup表示备份,weight 表示权重,权重越大,被使用的机会更大。
ip_hash的缺点:当请求也使用了代理服务器的话,就无法获取真正的ip了。
upstream imooc {
ip_hash;
server 116.62.103.228:8001;
server 116.62.103.228:8002;
server 116.62.103.228:8003;
}
server {
listen 80;
server_name localhost jeson.t.imooc.io;
location / {
proxy_pass http://imooc;
include proxy_params;
}
}url_hash
Syntax: hash key[consistent];
Default: --
Context: upstream
This directive appeared in version 1.7.2
用例:
之前在/opt/app目录有三个子目录code1,code2,code3
在每个code*目录里都添加上 url1.html, url2.html, url3.html.内容大体相同,修改各自的特征
url2.html内容可以为
<html>
<head>
<meta charset="utf-8">
<title>server2</title>
</head>
<body style="background-color:red;">
<h1>Server 2 url 2 </h1>
</body>
</html>配置hash请求路径,重复的请求都能定位到同一台服务器上。
upstream imooc {
hash $request_uri;
server 116.62.103.228:8001;
server 116.62.103.228:8002;
server 116.62.103.228:8003;
}
server {
listen 80;
server_name localhost jeson.t.imooc.io;
location / {
proxy_pass http://imooc;
include proxy_params;
}
}
缓存服务
proxy_cache配置语法
Syntax: proxy_cache_path path [levels=levels]
[use_temp_path=on|off] keys_zone=name:size [inactive=time]
[max_size=size] [manager_files=number] [manager_sleep=time]
[manager_threshold=time] [loader_files=number]
[loader_sleep=time] [loader_threshold=time] [purger=on|off]
[purger_files=number] [purger_sleep=time]
[purger_threshold=time];
Default: --
Context: http
定义好path后再设置下面的
Syntax: proxy_cache zone | off;
Default: proxy_cache off;
Context: http, server, location
缓存的维度
Syntax: proxy_cache_key string;
Default: proxy_cache_key $scheme$proxy_host$request_uri;
Context: http, server, location
对于后端服务的缓存的实例:
cache_test.conf
upstream imooc {
server 116.62.103.228:8001;
server 116.62.103.228:8002;
server 116.62.103.228:8003;
}
proxy_cache_path /opt/app/cache levels=1:2 keys_zone=imooc_cache:10m max_size=10g inactive=60m use_temp_path=off;
server {
listen 80;
server_name localhost jeson.t.imooc.io;
location / {
proxy_cache imooc_cache;
proxy_pass http://imooc;
proxy_cache_valid 200 304 12h;
proxy_cache_valid any 10m;
proxy_cache_key $host$uri$is_args$args;
add_header Nginx-Cache "$upstream_cache_status";
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
include proxy_params;
}
}
upstream imooc {
server 116.62.103.228:8001;
server 116.62.103.228:8002;
server 116.62.103.228:8003;
}
proxy_cache_path /opt/app/cache levels=1:2 keys_zone=imooc_cache:10m max_size=10g inactive=60m use_temp_path=off;
server {
listen 80;
server_name localhost jeson.t.imooc.io;
if ($request_uri ~ ^/(url3|login|register|password\/reset)) {
set $cookie_nocache 1;
}
location / {
proxy_cache imooc_cache;
proxy_pass http://imooc;
proxy_cache_valid 200 304 12h;
proxy_cache_valid any 10m;
proxy_cache_key $host$uri$is_args$args;
proxy_no_cache $cookie_nocache $arg_nocache $arg_comment;
proxy_no_cache $http_pragma $http_authorization;
add_header Nginx-Cache "$upstream_cache_status";
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
include proxy_params;
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
