反向代理原理:
反向代理服务器架设在服务器端,通过缓冲经常被请求的页面来缓解服务器的工作量,将客户机请求 转发给内部网络上的目标服务器;并将从服务器上得到的结果返回给Internet上请求连接的客户端,此 时代理服务器与目标主机一起对外表现为一个服务器。
实验部分:Nginx反向代理实战
现在许多大型web网站都用到反向代理。除了可以防止外网对内网服务器的恶性攻击、缓存以减少服务 器的压力和访问安全控制之外,还可以进行负载均衡,将用户请求分配给多个服务器。
环境准备:4台Rockey Linux8.10,192.168.118.{129,131}提供nginx服务,192.168.118.130为代理,192.168.118.128(测试)
搭建负载均衡服务的需求如下:
1 ) 把单台计算机无法承受的大规模并发访问或数据流量分担到多台节点设备上,分别进行处理, 减少 用户等待响应的时间, 提升用户体验。
2 ) 单个重负载的运算分担到多台节点设备上做并行处理, 每个节点设备处理结束后, 将结果汇总, 返 回给用户, 系统处理能力得到大幅度提高。
3 ) 7 x 24 小时的服务保证, 任意一个或多个有限后面节点设备宕机, 不能影响业务。 在负载均衡集群中, 同组集群的所有计算机节点都应该提供相同的服务。 集群负载均衡器会截获所有对 该服务的入站请求。 然后将这些请求尽可能地平均地分配在所有集群节点上。
nginx配置部分
web配置
全部都要安装nginx
bash
yum install nginx -y配置用于测试的web服务(两台提供web服务的服务器)/etc/nginx/conf.d/vhost.conf
bash
server {
listen 80;
server_name bbs.test.com;
location / {
root /usr/share/nginx/html/bbs;
index index.html index.htm;
}
access_log /usr/share/nginx/html/bbs/logs/access_bbs.log main;
}
server {
listen 80;
server_name www.test.com;
location / {
root /usr/share/nginx/html/www;
index index.html index.htm;
}
access_log /usr/share/nginx/html/www/logs/access_www.log main;
}文件环境:日志可以加一个write权限,然后关掉selinux(setenforce 0)
bash
rm -rf /usr/share/nginx/html/*
mkdir -p /usr/share/nginx/html/{www,bbs}/logs
echo "bbs: This is a test page which from ip: $(hostname -I)" > /usr/share/nginx/html/bbs/index.html
echo "bbs: This is a test page which from ip: $(hostname -I)" > /usr/share/nginx/html/www/index.html
#--------------------
[root@localhost html]# tree /usr/share/nginx/html/
/usr/share/nginx/html/
├── bbs
│ ├── index.html
│ └── logs
│ └── access_bbs.log
└── www
├── index.html
└── logs
└── access_www.log检查语法:nginx -t
重启systemctl start nginx
然后先测试下本机是否可以正常访问:curl -H用于添加自定义的 HTTP 请求头
bash
[root@localhost html]# curl -H host:www.test.com 192.168.118.129
www: This is a test page which from 192.168.118.129
[root@localhost html]# curl -H host:bbs.test.com 192.168.118.129
bbs: This is a test page which from 192.168.118.129
[root@localhost html]# curl -H host:www.test.com 192.168.118.131
www: This is a test page which from 192.168.118.131
[root@localhost html]# curl -H host:bbs.test.com 192.168.118.131
bbs: This is a test page which from 192.168.118.131现在开始配置简单的负载均衡,为了减少麻烦先关闭所有实验主机的firewalld或者自己添加放行端口
配置代理服务
默认负载均衡逻辑为轮询,负载均衡算法在upstream中添加算法名称即可
bash
upstream www_server_pools {
server 192.168.118.129:80 weight=1;
server 192.168.118.131:80 weight=1;
}
server {
listen 80;
server_name www.test.com;
location / {
proxy_pass http://www_server_pools;
#传递原始的host头部信息
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name bbs.test.com;
location / {
proxy_pass http://www_server_pools;
#传递原始的host头部信息
proxy_set_header Host $host;
}
}上面逻辑是:当匹配到传入的server_name之后,访问location里面的内容,其中设置了一行proxy_set_header表示将传入的host头部信息给传递给upstream里面的主机,由于upstream中设置了权重比为1:1,所以会轮流访问129和131主机
配置测试主机的hosts文件(主机:192.168.118128)
bash
[root@localhost conf.d]# tail -1 /etc/hosts
192.168.118.130 www.test.com bbs.test.com效果:
bash
[root@localhost conf.d]# for ((i=1;i<=6;i++)); do curl www.test.com; done
www: This is a test page which from 192.168.118.129
www: This is a test page which from 192.168.118.131
www: This is a test page which from 192.168.118.129
www: This is a test page which from 192.168.118.131
www: This is a test page which from 192.168.118.129
www: This is a test page which from 192.168.118.131
[root@localhost conf.d]# for ((i=1;i<=6;i++)); do curl bbs.test.com; done
bbs: This is a test page which from 192.168.118.129
bbs: This is a test page which from 192.168.118.131
bbs: This is a test page which from 192.168.118.129
bbs: This is a test page which from 192.168.118.131
bbs: This is a test page which from 192.168.118.129
bbs: This is a test page which from 192.168.118.131此时我们查看后端的访问日志内容的话,会发现访问的内容的源IP都是从代理来的,我们不希望看到这一点:
我们需要在代理配置中添加这一行参数:
proxy_set_header X-Forwarded-For $remote_addr; #这是反向代理时,节点服务器获取用户真实IP的必要功能配置
然后nginx -s reload,看看后端日志,成功
