四层负载均衡
1、四层+七层来做负载均衡,四层可以保证七层的负载均衡的高可用性;
2、负载均衡可以做端口转发
3.四层可以做:
mysql读从库的负载均衡
跳板机的端口映射
四层负载均衡特点
1> 、四层负载均衡仅能转发TCP/IP协议、UDP协议、通常用来转发端口,如:tcp/22、udp/53;
2> 、四层负载均衡可以用来解决七层负载均衡端口限制问题;(七层负载均衡最大使用65535个端口号)
3> 、四层负载均衡可以解决七层负载均衡高可用问题;(多台后端七层负载均衡能同事的使用)
4> 、四层的转发效率比七层的高得多,但仅支持tcp/ip协议,不支持http和https协议;
5> 、通常大并发场景通常会选择使用在七层负载前面增加四层负载均衡。
查看四层负载均衡语法
stream {
upstream backend {
server backend1.example.com:12345 weight= 5;
server 127.0.0.1:12345 max_fails= 3 fail_timeout= 30s;
}
server {
listen 12345;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass backend;
}
}
四层负载均衡配置
[ root@lb4 nginx]
events {
worker_connections 1024;
}
include /etc/nginx/conf.c/*.conf;
http { .. . }
[ root@lb4 nginx]
[ root@lb4 nginx]
stream {
upstream lbserver {
server 172.16.1.4:8080;
server 172.16.1.5:80;
}
server {
listen 80;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass lbserver;
}
}
[ root@lb4 nginx]
[ root@lb4 nginx]
优化配置文件
[ root@Nginx ~]
proxy_set_header Host $http_host ;
proxy_set_header X-Real-IP $remote_addr ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
四层负载均衡日志配置
[ root@lb4 nginx]
stream {
log_format main '$remote_addr $remote_port - [$time_local ] $status $protocol '
'"$upstream_addr " "$upstream_bytes_sent " "$upstream_connect_time "' ;
access_log /var/log/nginx/lb4_access.log main;
upstream lbserver {
server 172.16.1.4:80;
server 172.16.1.5:80;
}
server {
listen 80;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass lbserver;
}
}
nginx的TCP负载均衡—端口转发
stream {
upstream ssh_7 {
server 172.16.1.7:22;
}
server {
listen 5555;
proxy_pass ssh_7;
}
}
stream {
upstream mysql_51 {
server 172.16.1.51:3306;
server 172.16.1.52:3306;
server 172.16.1.53:3306;
server 172.16.1.54:3306;
server 172.16.1.55:3306;
server 172.16.1.56:3306;
server 172.16.1.57:3306;
}
server {
listen 6666;
proxy_pass mysql_51;
}
}
mkdir /etc/nginx/stream.d
[ root@lb01 stream.d]
stream {
upstream mysql_conn {
server 172.16.1.51:3306;
}
server {
listen 33060;
proxy_pass mysql_conn;
}
}
[ root@lb01 stream.d]
[ root@db01 ~]
动静分离
动:动态页面(php、python)
静:静态页面(html、gif)CDN( 可以提高访问页面或者图片的速度)
动静分离,通过中间件将动静分离和静态请求进行分离;
通过中间件将动态请求和静态请求分离,可以建上不必要的请求消耗,同事能减少请求的延时。
通过中间件将动态请求和静态请求分离
单台的动静分离
[ root@web01 conf.d]
server {
listen 80;
server_name blog.linux.com;
location / {
root /code/wordpress;
index index.php;
}
location ~* \.jpg$ {
root /code/images;
}
location ~* \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root $fastcgi_script_name ;
include fastcgi_params;
}
}
[ root@web01 conf.d]
方式一:把文件挪到/code/images/
cp -r /code/wordpress/wp-content /code/images/
方式二:做软连接
cd /code
ln -s wordpress images
多台机器动静分离
[ root@web01 conf.d]
server {
listen 80;
server_name dj.linux.com;
location ~* \.( jpg| png| gif) ${
root /code/picture;
}
}
[ root@web01 conf.d]
[ root@web01 conf.d]
[ root@web01 conf.d]
[ root@web01 picture]
[ root@web02 code]
[ root@web02 code]
[ root@web02 webapps]
[ root@web02 webapps]
< %@ page language= "java" import= "java.util.*" pageEncoding= "utf-8" %>
< HTML>
< HEAD>
< TITLE> JSP Page< /TITLE>
< /HEAD>
< BODY>
< %
Random rand = new Random( ) ;
out.println( "<h1>随机数:<h1>" ) ;
out.println( rand.nextInt( 99) +100) ;
%>
< /BODY>
< /HTML>
[ root@web02 webapps]
http://10.0.0.8:8080/java_test.jsp
[ root@lb01 conf.d]
upstream jt {
server 172.16.1.7:80;
}
upstream dt {
server 172.16.1.9:8080;
}
server {
listen 80;
server_name dj.linux.com;
location / {
root /code/dj;
index index.html;
}
location ~* \.( jpg| gif| png) $ {
proxy_pass http://jt;
proxy_set_header HOST $http_host ;
}
location ~ \.jsp$ {
proxy_pass http://dt;
proxy_set_header HOST $http_host ;
}
}
[ root@lb01 conf.d]
http://dj.linux.com/java_test.jsp
http://dj.linux.com/1.jpg
[ root@lb01 conf.d]
[ root@lb01 conf.d]
< html lang= "en" >
< head>
< meta charset= "UTF-8" />
< title> 测试ajax和跨域访问< /title>
< script src= "http://libs.baidu.com/jquery/2.1.4/jquery.min.js" > < /script>
< /head>
< script type= "text/javascript" >
$( document) .ready( function( ) {
$.ajax( {
type: "GET" ,
url: "http://dj.linux.com/java_test.jsp" ,
success: function( data) {
$( "#get_data" ) .html( data)
} ,
error: function( ) {
alert( "哎呦喂,失败了,回去检查你服务去~" ) ;
}
} ) ;
} ) ;
< /script>
< body>
< h1> 测试动静分离< /h1>
< img src= "http://dj.linux.com/1.gif" >
< div id= "get_data" > < /div>
< /body>
< /html>
[ root@lb01 conf.d]
做动静分离和资源隔离的网站。
一、动静分离的网站
0.准备环境
1)环境准备
主机 作用 服务 地址 lb01 负载均衡 nginx proxy 172.16.1.5 web01 静态资源 nginx static 172.16.1.7 web02 动态资源 tomcat server 172.16.1.8
1.静态资源
1.1.上传静态资源
[ root@web01 ~]
[ root@web01 ~]
[ root@web01 ~]
[ root@web01 picture]
-rw-r--r-- 1 www www 746368 May 6 16:51 1.jpg
1.2.配置静态资源网站
[ root@web01 conf.d]
server {
listen 80;
server_name linux12.dj.com;
location ~* \.( jpg| png| mp4| gif) $ {
root /yeg/picture;
}
}
[ root@web01 ~]
1.3.本地hosts访问
1.本地配置hosts
192.168.15.7 linux12.dj.com
2、访问静态资源
http://linux12.dj.com/1.jpg
2.配置动态资源
2.1.安装tomcat
[ root@web02 ~]
2.2.配置动态资源网站
[ root@web02 ~]
[ root@web02 webapps]
[ root@web02 webapps]
< %@ page language= "java" import= "java.util.*" pageEncoding= "utf-8" %>
< HTML>
< HEAD>
< TITLE> 测试动态的资源< /TITLE>
< /HEAD>
< BODY>
< %
Random rand = new Random( ) ;
out.println( "<h1>随机数:<h1>" ) ;
out.println( rand.nextInt( 99) +100) ;
%>
< /BODY>
< /HTML>
[ root@web01 ~]
2.3.本地hosts访问
1、配置本地hosts
192.168.15.8 linux12.dj.com
2、访问动态资源
http://linux12.dj.com:8080/java_test.jsp
3.负载均衡设置
3.1创建站点目录并授权
[ root@lb01 opt]
[ root@lb01 opt]
3.2.编辑html文件
[ root@lb01 ~]
< head>
< meta charset= "UTF-8" />
< title> 测试ajax和跨域访问< /title>
< script src= "http://libs.baidu.com/jquery/2.1.4/jquery.min.js" > < /script>
< /head>
< script type= "text/javascript" >
$( document) .ready( function( ) {
$.ajax( {
type: "GET" ,
url: "http://linux12.dj.com/java_test.jsp" ,
success: function( data) {
$( "#get_data" ) .html( data)
} ,
error: function( ) {
alert( "小姐姐,断网了,重新检查网络再来哦~" ) ;
}
} ) ;
} ) ;
< /script>
< body>
< h1> 测试动静分离---霉霉< /h1>
< img src= "http://linux12.dj.com/1.jpg" >
< div id= "get_data" > < /div>
< /body>
< /html>
3.3配置负载均衡文件
[ root@lb01 conf.d]
server {
listen 80;
server_name linux12.dj.com;
location / {
root /yeg/dj;
index index.html;
}
location ~* \.( jpg| png| gif) $ {
proxy_pass http://192.168.15.7;
include proxy_params;
}
location ~* \.( php| jsp) $ {
proxy_pass http://192.168.15.8:8080;
include proxy_params;
}
}
[ root@web01 ~]
3.4本地hosts访问
1、配置本地hosts
192.168.15.5 linux12.dj.com
二、资源分离的网站
1.准备环境
主机 IP 主机角色 条件 web01 192.168.15.7 Android页面 关闭防火墙和selinux web02 192.168.15.8 iPhone页面 关闭防火墙和selinux web03 192.168.15.9 PC端页面 关闭防火墙和selinux lb01 192.168.15.5 172.16.1.5 负载均衡 关闭防火墙和selinux
2.配置web01服务器
[ root@web01 conf.d]
server {
listen 80;
server_name linux12.dj.com;
charset utf8;
location / {
root /yang/android;
index index.html;
}
}
[ root@web01 ~]
2、创建站点目录
[ root@web01 ~]
[ root@web01 ~]
[ root@web01 ~]
3、访问测试
192.168.15.7 linux12.dj.com
3.配置web02服务器
1、配置nginx
[ root@web02 conf.d]
server {
listen 80;
server_name linux12.dj.com;
charset utf8;
location / {
root /yang/iphone;
index index.html;
}
}
[ root@web01 ~]
2、创建站点文件
[ root@web02 ~]
[ root@web02 ~]
[ root@web02 ~]
3、访问测试
192.168.15.8 linux12.dj.com
4.配置web03服务器
[ root@web03 conf.d]
server {
listen 80;
server_name linux12.dj.com;
charset utf8;
location / {
root /yang/pc;
index index.html;
}
}
[ root@web01 ~]
2、创建站点文件
[ root@web03 ~]
[ root@web03 ~]
[ root@web03 ~]
3、访问测试
192.168.15.9 linux12.dj.com
5.配置负载均衡
[ root@lb01 conf.d]
upstream android {
server 192.168.15.7:8081;
}
upstream iphone {
server 192.168.15.8:8082;
}
upstream pc {
server 192.168.15.9:8083;
}
server {
listen 80;
server_name linux12.dj.com;
location / {
if ( $http_user_agent ~* "Android" ) {
proxy_pass http://android;
}
if ( $http_user_agent ~* "iPhone" ) {
proxy_pass http://iphone;
}
if ( $http_user_agent ~* "Trident" ) {
return 403;
}
proxy_pass http://pc;
}
}
[ root@lb01 conf.d]
server {
listen 80;
server_name linux12.dj.com;
location / {
if ( $http_user_agent ~* "Android" ) {
proxy_pass http://192.168.15.7;
}
if ( $http_user_agent ~* "iPhone" ) {
proxy_pass http://192.168.15.8;
}
if ( $http_user_agent ~* "WOW64" ) {
return 403;
}
proxy_pass http://192.168.15.9;
include proxy_params;
}
}
[ root@web01 ~]
2、访问测试
192.168.15.5 yang.sj.com
Rewrite
rewrite概述
Rewrite主要实现url地址重写,以及重定向,就是把传入web的请求重定向到其他url的过程。
rewrite使用场景
1、地址跳转,用户访问www.drz.com这个URL是,将其定向至一个新的域名mobile.drz.com
2、协议跳转,用户通过http协议请求网站时,将其重新跳转至https协议方式
3、伪静态,将动态页面显示为静态页面方式的一种技术,便于搜索引擎的录入,同时建上动态URL地址对外暴露过多的参数,提升更高的安全性。
4、搜索引擎,SEO优化依赖于url路径,好记的url便于智齿搜索引擎录入
rewrite配置语法
Syntax: rewrite regex replacement [ flag] ;
Default: —
Context: server, location, if
rewrite ^( .*) $ /page/404.html last;
rewrite标记 flag
flag 作用 last 本条规则匹配完成后,停止匹配,不再匹配后面的规则 break 本条规则匹配完成后,停止匹配,不再匹配后面的规则 redirect 返回302临时重定向,地址栏会显示跳转后的地址 permanent 返回301永久重定向,地址栏会显示跳转后的地址
last和break的区别
[ root@web01 conf.d]
server {
listen 80;
server_name rw.linux.com;
root /code/rewrite;
location ~ ^/break {
rewrite ^/break /test/ break ;
}
location ~ ^/last {
rewrite ^/last /test/ last;
}
location /test/ {
default_type application/json;
return 200 "ok" ;
}
}
[ root@web01 conf.d]
break 只要匹配到规则,就回去本地路径目录中寻找请求的文件;
last 匹配到规则,跳转后没有内容,则带着跳转后的请求,重新的向server发起一次请求
break请求:
1.请求rw.linux.com/break;
2.首先,会去查找本地的/code/rewrite/test/index.html;
3.如果找到了,则返回/code/rewrite/test/index.html内容;
4.如果没有找到则返回404,找到目录却没有主页,则返回403;
last请求:
1.请求rw.linux.com/last;
2.首先,会去查找本地的/code/rewrite/test/index.html;
3.如果找到了,则返回/code/rewrite/test/index.html内容;
4.如果没找到,会带着新跳转的URI再向server发起一次请求,请求rw.linux.com/test;
5.如果匹配到新的location,则返回该location匹配的内容;
6.如果没有匹配到新的,则再返回404或403;
共同点:break和last匹配到之后,不再向下匹配
redirect和permanent的区别
[ root@web01 conf.d]
server {
listen 80;
server_name rw.linux.com;
root /code/rewrite;
location /test {
rewrite ^( .*) $ http://www.mumusir.com redirect;
}
}
redirect:
每次请求都会询问服务器,是否跳转,如果服务器不可用,则跳转失败
permanent:
请求一次后,会记录跳转的地址,以后不再询问,直接跳转,通过浏览器缓存记录
rewrite规则匹配实例
1、通过192.168.15.7/index/1/2/3/4/5/6.html 访问更目录下的index-1-2-3-4-5-6.html
server {
listen 80;
server_name _;
root /www/resources;
location / {
rewrite ^/index/( [ 0-9] ) /( [ 0-9] ) /( [ 0-9] ) /( [ 0-9] ) /( [ 0-9] ) /( [ 0-9] ) /index-$1 -$2 -$3 -$4 -$5 -$6 .html break ;
}
}
2、使用192.168.15.7/jd访问www.jd.com
server {
listen 80;
server_name _;
root /www/resources;
location / {
rewrite ^/( .*) http://www.$1 .com redirect;
}
}
3、根目录有index-test.html和xxx-abc.html, 怎样通过192.168.15.7/index/test访问index-test.html, 使用192.168.15.7/xxx/abc访问xxx-abc.html
server {
listen 80;
server_name _;
root /www/resources;
location / {
rewrite ^/( .*) /( .*) /$1 -$2 .html break ;
}
}
rewrite [ 匹配规则] [ 转发内容] flag
nginx只支持简单正则,高级正则不支持。
用户访问/abc/1.html
实际上真实访问的是/ccc/bbb/2.html
[ root@web01 conf.d]
server {
listen 80;
server_name rw.linux.com;
root /code;
location ~ /abc {
rewrite ^( .*) $ /ccc/bbb/2.html redirect;
}
}
location ~ /abc {
rewrite /abc/( .*) \.html /ccc/bbb/$1 .html redirect;
}
用户访问/2018/ccc/2.html
实际上真实访问的是 /2014/ccc/bbb/2.html
[ root@web01 conf.d]
[ root@web01 conf.d]
server {
listen 80;
server_name rw.linux.com;
root /code;
location ~ /2018 {
rewrite /2018/ccc/2.html /2014/ccc/bbb/2.html redirect;
}
}
location ~ /2018 {
rewrite /2018/( .*) /2014/$1 redirect;
}
用户访问/test
实际上真实访问的是www.baidu.com
server {
listen 80;
server_name rw.linux.com;
root /code;
location ~ /test {
rewrite ( .*) https://www.baidu.com redirect;
}
}
用户访问 couese-11-22-33.html 实际上真实访问的是 /course/11/22/33/course_33.html
[ root@web01 conf.d]
[ root@web01 conf.d]
[ root@web01 conf.d]
server {
listen 80;
server_name rw.linux.com;
root /code;
location / {
rewrite ^/( .*) -( .*) -( .*) -( .*) .html /$1 /$2 /$3 /$4 /$1_ $4 .html redirect;
}
}
将http请求跳转到https
server {
listen 80;
server_name www.mumusir.com;
return 302 https://www.mumusir.com;
}
http://www.mumusir.com --> https://www.mumusir.com
server {
listen 443;
server_name www.mumusir.com;
ssl on;
ssl.. .. .. *.key;
ssl.. .. . *.crt;
}
rewrite伪静态实例
搭建discuz论坛
[ root@web01 ~]
[ root@web01 code]
[ root@web01 code]
[ root@web01 code]
[ root@web01 conf.d]
server {
listen 80;
server_name discuz.linux.com;
location / {
root /code/discuz/upload;
index index.php;
}
location ~* \.php$ {
root /code/discuz/upload;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root $fastcgi_script_name ;
include fastcgi_params;
}
}
[ root@db02 ~]
。。。。。。
MariaDB [ ( none) ] > create database discuz charset utf8;
Query OK, 1 row affected ( 0.00 sec)
MariaDB [ ( none) ] > grant all on discuz.* to discuz@'172.16.1.%' identified by '123456' ;
Query OK, 0 rows affected ( 0.04 sec)
MariaDB [ ( none) ] >
配置hosts,访问论坛,发表帖子
配置rewrite伪静态
[ root@web01 conf.d]
server {
listen 80;
server_name discuz.linux.com;
location / {
root /code/discuz/upload;
index index.php;
rewrite ^( [ ^\.] *) /topic-( .+) \.html$ $1 /portal.php?mod= topic& topic= $2 last;
rewrite ^( [ ^\.] *) /article-( [ 0-9] +) -( [ 0-9] +) \.html$ $1 /portal.php?mod= view& aid= $2 & page= $3 last;
rewrite ^( [ ^\.] *) /forum-( \w+) -( [ 0-9] +) \.html$ $1 /forum.php?mod= forumdisplay& fid= $2 & page= $3 last;
rewrite ^( [ ^\.] *) /thread-( [ 0-9] +) -( [ 0-9] +) -( [ 0-9] +) \.html$ $1 /forum.php?mod= viewthread& tid= $2 & extra= page%3D$4 & page= $3 last;
rewrite ^( [ ^\.] *) /group-( [ 0-9] +) -( [ 0-9] +) \.html$ $1 /forum.php?mod= group& fid= $2 & page= $3 last;
rewrite ^( [ ^\.] *) /space-( username| uid) -( .+) \.html$ $1 /home.php?mod= space& $2 = $3 last;
rewrite ^( [ ^\.] *) /blog-( [ 0-9] +) -( [ 0-9] +) \.html$ $1 /home.php?mod= space& uid= $2 & do= blog& id= $3 last;
rewrite ^( [ ^\.] *) /( fid| tid) -( [ 0-9] +) \.html$ $1 /archiver/index.php?action= $2 & value= $3 last;
rewrite ^( [ ^\.] *) /( [ a-z] +[ a-z0-9_] *) -( [ a-z0-9_\-] +) \.html$ $1 /plugin.php?id= $2 : $3 last;
if ( ! -e $request_filename ) {
return 404;
}
}
location ~* \.php$ {
root /code/discuz/upload;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root $fastcgi_script_name ;
include fastcgi_params;
}
}
[ root@web01 conf.d]
http://discuz.linux.com/thread-1-1-1.html
rewrite ^( [ ^\.] *) /thread-( [ 0-9] +) -( [ 0-9] +) -( [ 0-9] +) \.html$ $1 /forum.php?mod= viewthread& tid= $2 & extra= page%3D$4 & page= $3 last;
discuz.linux.com/thread-1-1-1.html
discuz.linux.com/forum.php?mod= viewthread& tid= 1& extra= page%3D1& page= 1
rewrite全局变量
$server_name
server {
listen 80;
server_name rw.linux.com;
root /code;
rewrite ^( .*) $ https://$server_name ;
}
$request_filename
$request_uri
server {
listen 80;
server_name rw.linux.com;
root /code;
rewrite ^( .*) $ https://$server_name $request_uri ;
}
server {
listen 80;
server_name www.baidu.com baidu.com;
root /code;
if ( $http_host = baidu.com) {
rewrite ( .*) http://www.baidu.com;
}
}
server {
listen 80;
server_name baidu.com;
rewrite ( .*) http://www.baidu.com;
}
server {
listen 80;
server_name www.baidu.com;
root /code;
}
rewrite可以开启日志
error_log /var/log/nginx/error.log notice;
rewrite_log on;
rewrite规则补充
rewrite匹配的优先级
1.先执行server模块的rewrite指令
2.其次执行location匹配规则
3.最后执行location里面的rewrite
server {
listen 80;
server_name rw.linux.com;
location /test {
rewrite ^( .*) $ http://www.mumusir.com;
}
location = / {
rewrite ^( .*) $ http://www.baidu.com;
}
}
uri和url的区别
http://192.168.15.7/video-sousuo-117877-18-0-0-0-1-all-complex-0-0-0-0-0-0.html
url : http://192.168.15.7/video-sousuo-117877-18-0-0-0-1-all-complex-0-0-0-0-0-0.html
uri : /video-sousuo-117877-18-0-0-0-1-all-complex-0-0-0-0-0-0.html