云原生(nginx实验(3))

匀泪2026-02-17 8:14

实验简介

一、网页重写实验

实验目的

掌握 Nginx 重写相关指令(if、set、return、rewrite)及标记(break/last/redirect/permanent)的使用场景与差异。

核心操作

  1. 基础指令验证
    • if:根据 User-Agent 匹配 firefox,返回指定内容;
    • set:自定义变量并输出;
    • return:直接返回指定状态码和内容。
  2. 重写标记验证
    • redirect:临时重定向(302)至百度;
    • permanent:永久重定向(301)至百度;
    • break/last:对比两种标记的重写终止逻辑(break 终止当前 location 内重写,last 重新匹配 location)。

验证效果

  • 携带 firefox User-Agent 访问时返回指定文本;
  • 访问站点时自动重定向至百度,301/302 状态码可通过curl -I验证;
  • break标记下重写仅执行第一步,last标记下重写后重新匹配 location,返回对应终结页面。

二、Nginx 利用网页重写实现全站加密实验

实验目的

通过重写规则实现 HTTP 请求自动跳转至 HTTPS,配置 SSL 证书实现全站 HTTPS 加密。

核心操作

  1. 证书制作 :用openssl生成自签名 RSA 证书(有效期 365 天)。
  2. Nginx 配置
    • 监听 80 和 443 端口,配置 SSL 证书路径;
    • 通过if ($scheme = http)判断协议,重写所有 HTTP 请求至 HTTPS。

验证效果

访问http://lee.timinglee.org时,自动跳转至https地址,curl -I可验证 302 重定向状态码。

三、防盗链实验

实验目的

配置 Nginx 防盗链规则,防止站点资源(如图片)被其他站点盗用,对非法引用返回 404 或替换为指定图片。

核心操作

  1. 防盗链配置
    • valid_referers定义合法引用来源(自身域名、百度等);
    • 非合法来源访问根路径返回 404,访问/img路径则重写至防盗链图片。
  2. 测试准备:在另一台 Web 服务器编写页面,引用目标站点的图片资源。

验证效果

  • 合法来源访问图片正常显示;
  • 其他站点引用该图片时,要么返回 404,要么显示指定的防盗链图片。

四、Nginx 反向代理实验

实验目的

掌握 Nginx 基础反向代理配置,实现不同路径代理至不同后端服务器,同时了解代理层对响应头的隐藏 / 透传、客户端真实 IP 透传等进阶配置。

核心操作

  1. 基础代理配置 :部署两台后端 Web 服务器(172.25.254.10/20),在 Nginx 配置中通过location指令,将根路径/代理至 10 服务器,/web路径代理至 20 服务器。
  2. 响应头控制
    • proxy_hide_header ETag隐藏后端返回的 ETag 响应头;
    • proxy_pass_header Server透传后端 Apache 的 Server 响应头(默认 Nginx 会替换为自身标识)。
  3. 真实 IP 透传 :通过proxy_set_header X-Forwarded-For $remote_addr将客户端真实 IP 传递给后端 Apache,同时修改 Apache 日志格式记录该字段。

验证效果

  • 访问lee.timinglee.org返回 10 服务器内容,访问lee.timinglee.org/web返回 20 服务器内容;
  • 隐藏 ETag 后响应头无该字段,透传 Server 后可见 Apache 版本;
  • Apache 日志中可记录客户端真实 IP(而非 Nginx 代理服务器 IP)。

五、利用反向代理实现动静分离实验

实验目的

通过 Nginx 反向代理将动态请求(PHP)和静态请求拆分至不同后端服务器,提升服务性能。

核心操作

  1. 后端准备 :在 10 服务器部署 PHP 环境,编写index.php动态页面;20 服务器保留静态页面。
  2. Nginx 配置
    • 根路径/代理至 20 服务器(处理静态请求);
    • 正则匹配.php/.js后缀的请求,代理至 10 服务器(处理动态请求)。

验证效果

访问lee.timinglee.org时,静态资源从 20 服务器返回,PHP 动态页面从 10 服务器返回,实现动静请求分离。

六、缓存加速实验

实验目的

配置 Nginx 代理缓存,降低后端服务器压力,提升请求响应速度。

核心操作

  1. 压测基准 :未配置缓存时,用ab -n 10000 -c 50压测 PHP 页面,记录 QPS、失败请求数等指标。
  2. 缓存配置
    • proxy_cache_path定义缓存路径、内存区、过期时间、最大容量;
    • 对 PHP/JS 请求启用缓存,设置不同状态码的缓存有效期(200/302/301 缓存 10 分钟,其他 1 分钟)。

验证效果

  • 启用缓存后压测,QPS 从 731 提升至 2290,失败请求数降为 0,响应时间显著缩短;
  • 缓存目录生成缓存文件,验证缓存生效。

七、反向代理负载均衡实验

实验目的

基于反向代理实现后端 Web 服务器的负载均衡,配置故障检测与备用节点,验证负载分发和故障转移效果。

核心操作

  1. 负载均衡配置
    • 创建upstream模块定义后端服务器池webserver,包含 10、20 两台服务器,设置权重(weight=1)、故障重试(max_fails=3)、超时(fail_timeout=15s);
    • 添加 172.25.254.100:8888 作为备用节点(backup),配置 80 端口虚拟主机将请求代理至webserver池。
  2. 备用节点验证:创建备用节点的错误页面目录,配置 8888 端口返回错误页面。

验证效果

  • 多次访问www.timinglee.org,请求轮询分发至 10、20 服务器;
  • 停止两台后端 Apache 服务后,请求自动转发至备用节点,返回错误页面。

八、Nginx 负载均衡算法实验

实验目的

了解 Nginx 常用负载均衡算法,掌握 ip_hash、hash(一致性哈希)、least_conn 等算法的配置与效果。

核心操作

修改upstream配置,注释 / 启用不同算法:

  • ip_hash:基于客户端 IP 哈希,固定 IP 请求转发至同一后端;
  • hash $request_uri consistent:基于请求 URI 一致性哈希,适用于缓存场景;
  • least_conn:转发至当前连接数最少的后端;
  • hash $cookie_lee:基于客户端 Cookie 哈希,固定 Cookie 请求至同一后端。

验证效果

  • 携带指定 Cookie(lee=20)访问时,请求固定分发至某一台后端服务器;
  • 切换不同算法,可观察请求分发策略的差异。

网页重写

网页重写中的指令

复制代码 
#if
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    root /webdir/timinglee.org/lee/html;
    location /vars {
        echo $remote_user;
        echo $request_method;
        echo $request_filename;
        echo $request_uri;
        echo $scheme;
    }

    location / {
        if ( $http_user_agent ~* firefox ) {
            return 200 "test if messages";
        }
    }
}
[root@nginx ~]# nginx -s reload
[root@Nginx ~]# curl  lee.timinglee.org
lee page
[root@nginx ~]# curl  -A "firefox" lee.timinglee.org
test if messages

#set
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    root /webdir/timinglee.org/lee/html;
    location /vars {
        echo $remote_user;
        echo $request_method;
        echo $request_filename;
        echo $request_uri;
        echo $scheme;
    }

    location / {
        set $testname timinglee;
        echo $testname;
    }
}
[root@nginx ~]# nginx -s reload
[root@nginx ~]# curl  lee.timinglee.org
timinglee

#return
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    root /webdir/timinglee.org/lee/html;
    location /vars {
        echo $remote_user;
        echo $request_method;
        echo $request_filename;
        echo $request_uri;
        echo $scheme;
    }

    location / {
        return 200 "hello world";
    }
}
[root@nginx ~]# nginx -s reload
[root@nginx ~]# curl  lee.timinglee.org
hello world

#break
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    root /webdir/timinglee.org/lee/html;
    location /vars {
        echo $remote_user;
        echo $request_method;
        echo $request_filename;
        echo $request_uri;
        echo $scheme;
    }

    location / {
        set $test1 lee1;
        set $test2 lee2;
        if ($http_user_agent = firefox){
            break;
        }
        set $test3 lee3;
        echo $test1 $test2 $test3;
    }
}
[root@nginx ~]# nginx -s reload
[root@nginx ~]# curl  lee.timinglee.org
lee1 lee2 lee3
[root@nginx ~]# curl -A "firefox" lee.timinglee.org
lee1 lee2

flag

复制代码 
#redirect
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
[root@nginx ~]# nginx -s reload
[root@nginx ~]# curl -I lee.timinglee.org
HTTP/1.1 302 Moved Temporarily          #定向方式返回值
Server: nginx/1.28.1
Date: Tue, 10 Feb 2026 11:24:55 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: http://www.baidu.com          #定向效果

#permanent
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    root /webdir/timinglee.org/lee/html;
    location /vars {
        echo $remote_user;
        echo $request_method;
        echo $request_filename;
        echo $request_uri;
        echo $scheme;
    }

    location / {
        rewrite / http://www.baidu.com permanent;
    }
}
[root@nginx ~]# nginx -s reload
[root@nginx ~]# curl  -I lee.timinglee.org
HTTP/1.1 301 Moved Permanently
Server: nginx/1.28.1
Date: Tue, 10 Feb 2026 11:26:00 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://www.baidu.com

#break 和 last
[root@nginx ~]# mkdir -p /webdir/timinglee.org/lee/html/{break,last,test1,test2}
[root@nginx ~]# echo break > /webdir/timinglee.org/lee/html/break/index.html
[root@nginx ~]# echo last > /webdir/timinglee.org/lee/html/last/index.html
[root@nginx ~]# echo test1 > /webdir/timinglee.org/lee/html/test1/index.html
[root@nginx ~]# echo test2 > /webdir/timinglee.org/lee/html/test2/index.html
#break
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    root /webdir/timinglee.org/lee/html;
    location /vars {
        echo $remote_user;
        echo $request_method;
        echo $request_filename;
        echo $request_uri;
        echo $scheme;
    }

    location /break {
        rewrite /break/(.*) /test1/$1 break;
        rewrite /test1 /test2;
    }
    location /test1 {
        return 200 "test1 end page";
    }
    location /test2 {
        return 200 "TEST2 END PAGE";
    }

}
[root@nginx ~]# nginx -s reload
[root@nginx ~]# curl  -L lee.timinglee.org/break/index.html
test1
#last
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    root /webdir/timinglee.org/lee/html;
    location /vars {
        echo $remote_user;
        echo $request_method;
        echo $request_filename;
        echo $request_uri;
        echo $scheme;
    }

    location /break {
        rewrite /break/(.*) /test1/$1 last;
        rewrite /test1 /test2;
    }
    location /test1 {
        return 200 "test1 end page";
    }
    location /test2 {
        return 200 "TEST2 END PAGE";
    }

}
[root@nginx ~]# nginx -s reload
[root@nginx ~]# curl  -L lee.timinglee.org/break/index.html
test1 end page

Nginx利用网页重写实现全站加密

制作key

复制代码 
[root@nginx ~]# openssl req -newkey rsa:2048 -nodes  -sha256  -keyout  /usr/local/nginx/certs/timinglee.org.key -x509 -days 365 -out /usr/local/nginx/certs/timinglee.org.crt
..+.....+...+.+.....+..........+...........+...+.........+.......+...+..+....+++++++++++++++++++++++++++++++++++++++*.+.+++++++++++++++++++++++++++++++++++++++*..+..+.+..+.....................+.+........+...............+......+......+....+..+...+............+....+...+........++++++
.+........+.+............+..+...............+++++++++++++++++++++++++++++++++++++++*..+.......+..+....+...........+...+...+++++++++++++++++++++++++++++++++++++++*...+......+.+......+...............+........+.+..................+..+.+.................+.+.........+...........+......+...+......+.........+.......+......+.....+...+....+..+....+...............+..+....+..............+....+.....+.+..+.........+.+..............+.........+.+...+...+..+......+......+.............+...+........................+......+.....+....+...+............+.....+..........+.....+......+...+....+......+..+.......+......+......+...+........+.......+.....+......+....+...+........+.......+.........+.....+...+...+.............+..+............+...+....+........+......+.+......+.....+............+.+.....+.+.....+.+........+.+......+............+..+....+.....+................+...+...........+..........+......+...+..+.+..+.+.....+.+...........+.......+.....+......+.+...+........+............+...............+.......+......+...+..............+.+............++++++
req: Can't open "/usr/local/nginx/certs/timinglee.org.key" for writing, No such file or directory

编辑加密配置文件

复制代码 
[root@nginx ~]# mkdir -p /usr/local/nginx/certs
[root@nginx ~]# openssl req -newkey rsa:2048 -nodes  -sha256  -keyout  /usr/local/nginx/certs/timinglee.org.key -x509 -days 365 -out /usr/local/nginx/certs/timinglee.org.crt
.+.....+....+..+....+...+...........+.+.........+..+...+......+.+..+..........+...........+....+...+.....+.......+...+........+......+.+..+...+...+......+.........+.+......+...+.....+......+...+.......+...+..+....+......+........+.+++++++++++++++++++++++++++++++++++++++*.+..+...+....+...+..+......+++++++++++++++++++++++++++++++++++++++*.+..........+...+..+................+..+.+.....+.+.........++++++
........+....+..............+...+++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++*......+....+.....+....+...+.....+.......+..+..........+...+...+.....+........................+.+..............+.+..+..........+...............+........+....++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:SiChuan
Locality Name (eg, city) [Default City]:LeShan
Organization Name (eg, company) [Default Company Ltd]:lee
Organizational Unit Name (eg, section) []:timinglee
Common Name (eg, your name or your server's hostname) []:admin
Email Address []:admin@qq.com
[root@Nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    listen 443 ssl;
    ssl_certificate /usr/local/nginx/certs/timinglee.org.crt;
    ssl_certificate_key /usr/local/nginx/certs/timinglee.org.key;
    ssl_session_cache shared:sslcache:20m;
    ssl_session_timeout 10m;
    server_name lee.timinglee.org;
    root /webdir/timinglee.org/lee/html;
    location / {
        if ($scheme = http ){
            rewrite /(.*) https://$host/$1 redirect;
        }
    }
}
[root@nginx ~]# systemctl restart nginx.service

#测试
[root@nginx ~]# curl  -I  http://lee.timinglee.org/test1/
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.28.1
Date: Tue, 10 Feb 2026 11:34:49 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: https://lee.timinglee.org/test1/

防盗链

复制代码 
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    root /webdir/timinglee.org/lee/html;
    location / {
        valid_referers none blocked server_names *.timinglee.org ~/.baidu/.;
        if ($invalid_referer){
            return 404;
        }
    }
    location /img {
        valid_referers none blocked server_names *.timinglee.org ~/.baidu/.;
        if ($invalid_referer){
            rewrite ^/ http://lee.timinglee.org/daolian/daolian.png;
        }
    }
}
[root@nginx ~]# nginx -s reload

测试

复制代码 
#另外的web服务器
[root@test ~]# vim /var/www/html/index.html
<html>

  <head>
    <meta http-equiv=Content-Type content="text/html;charset=utf-8">
    <title>盗链</title>
</head>

  <body>
    <img src="http://lee.timinglee.org/img/lee.png" >
    <h1 style="color:red">欢迎大家</h1>
    <p><a href=http://lee.timinglee.org>lee</a>yxs</p>
  </body>

</html>
#在浏览器中访问看效果

Nginx反向代理

实验环境

复制代码 
#172.25.254.10 RS1	172.25.254.20 RS2
[root@RS1 ~]# dnf install httpd -y
[root@RS2 ~]# dnf install httpd -y
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS1 ~]# echo 172.25.254.10 > /var/www/html/index.html
[root@RS2 ~]# echo 172.25.254.20 > /var/www/html/index.html

#测试 在Nginx主机中
[root@nginx ~]# curl  172.25.254.10
172.25.254.10
[root@nginx ~]# curl  172.25.254.20
172.25.254.20

简单的代理方法

复制代码 
[root@RS2 ~]# mkdir /var/www/html/web
[root@RS2 ~]# echo 172.25.254.20 web > /var/www/html/web/index.html
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    location / {
        proxy_pass http://172.25.254.10:80;
    }

    location /web {
        proxy_pass http://172.25.254.20:80;
    }
}
[root@nginx ~]# nginx -s reload
[root@nginx ~]# curl  172.25.254.20/web/
172.25.254.20 web
[root@nginx ~]# curl  172.25.254.10
172.25.254.10

proxy_hide_header filed

复制代码 
[root@test ~]# curl -v lee.timinglee.org
*   Trying 172.25.254.100:80...
* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)
> GET / HTTP/1.1
> Host: lee.timinglee.org
> User-Agent: curl/7.76.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.28.1
< Date: Tue, 10 Feb 2026 11:48:11 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 14
< Connection: keep-alive
< Last-Modified: Tue, 10 Feb 2026 11:44:39 GMT
< ETag: "e-64a76c7d0746d"          #可以看到ETAG信息
< Accept-Ranges: bytes
< 
172.25.254.10
* Connection #0 to host lee.timinglee.org left intact
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    location / {
        proxy_pass http://172.25.254.10:80;
        proxy_hide_header ETag;
    }

    location /web {
        proxy_pass http://172.25.254.20:80;
    }
}
[root@nginx ~]# nginx -s reload

#测试
[root@test ~]# curl -v lee.timinglee.org
*   Trying 172.25.254.100:80...
* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)
> GET / HTTP/1.1
> Host: lee.timinglee.org
> User-Agent: curl/7.76.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.28.1
< Date: Tue, 10 Feb 2026 11:50:01 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 14
< Connection: keep-alive
< Last-Modified: Tue, 10 Feb 2026 11:44:39 GMT
< Accept-Ranges: bytes
< 
172.25.254.10
* Connection #0 to host lee.timinglee.org left intact

proxy_pass_header

复制代码 
[root@test ~]# curl -v lee.timinglee.org
*   Trying 172.25.254.100:80...
* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)
> GET / HTTP/1.1
> Host: lee.timinglee.org
> User-Agent: curl/7.76.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.28.1
< Date: Tue, 10 Feb 2026 11:50:38 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 14
< Connection: keep-alive
< Last-Modified: Tue, 10 Feb 2026 11:44:39 GMT
< Accept-Ranges: bytes
< 
172.25.254.10
* Connection #0 to host lee.timinglee.org left intact
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    location / {
        proxy_pass http://172.25.254.10:80;
        proxy_pass_header Server;
    }

    location /web {
        proxy_pass http://172.25.254.20:80;
    }
}
[root@nginx ~]# nginx -s reload
[root@test ~]# curl -v lee.timinglee.org
*   Trying 172.25.254.100:80...
* Connected to lee.timinglee.org (172.25.254.100) port 80 (#0)
> GET / HTTP/1.1
> Host: lee.timinglee.org
> User-Agent: curl/7.76.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Tue, 10 Feb 2026 11:51:43 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 14
< Connection: keep-alive
< Server: Apache/2.4.62 (Red Hat Enterprise Linux)
< Last-Modified: Tue, 10 Feb 2026 11:44:39 GMT
< ETag: "e-64a76c7d0746d"
< Accept-Ranges: bytes
< 
172.25.254.10
* Connection #0 to host lee.timinglee.org left intact

透传信息

复制代码 
[root@RS1 ~]# vim /etc/httpd/conf/httpd.conf
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Forwarded-For}i\"" combined
[root@RS1 ~]# systemctl restart httpd
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    location / {
        proxy_pass http://172.25.254.10:80;
        proxy_set_header X-Forwarded-For $remote_addr;

    }

    location /web {
        proxy_pass http://172.25.254.20:80;
    }
}
[root@nginx ~]# nginx -s reload
[root@test ~]# curl  lee.timinglee.org
172.25.254.10
[root@RS1 ~]# cat /etc/httpd/logs/access_log
172.25.254.100 - - [10/Feb/2026:19:54:17 +0800] "GET / HTTP/1.0" 200 14 "-" "curl/7.76.1" "172.25.254.10"

利用反向代理实现动静分离

试验机环境

复制代码 
#在10中
[root@RS1 ~]# dnf install php -y
[root@RS1 ~]# systemctl restart httpd
[root@RS1 ~]# vim /var/www/html/index.php
<?php
    echo "<h2>172.25.254.10</h2>";
    phpinfo();
?>

动静分离的实现

复制代码 
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 80;
    server_name lee.timinglee.org;
    location / {
        proxy_pass http://172.25.254.20:80;

    }

    location ~* \.(php|js)$ {
        proxy_pass http://172.25.254.10:80;
    }
}
[root@nginx ~]# nginx -s reload

缓存加速

当未启用缓存时进行压测

复制代码 
[root@test ~]# ab -n 10000 -c 50 lee.timinglee.org/index.php
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking lee.timinglee.org (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Completed 10000 requests
Finished 10000 requests


Server Software:        nginx/1.28.1
Server Hostname:        lee.timinglee.org
Server Port:            80

Document Path:          /index.php
Document Length:        72921 bytes

Concurrency Level:      50
Time taken for tests:   13.678 seconds
Complete requests:      10000
Failed requests:        9963				#失败的
   (Connect: 0, Receive: 0, Length: 9963, Exceptions: 0)
Total transferred:      731097819 bytes
HTML transferred:       729237819 bytes
Requests per second:    731.10 [#/sec] (mean)
Time per request:       68.390 [ms] (mean)
Time per request:       1.368 [ms] (mean, across all concurrent requests)
Transfer rate:          52197.72 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    7   4.0      6      26
Processing:     4   61 168.8     44    3405
Waiting:        2   38 129.9     26    3316
Total:          5   68 168.7     51    3405

Percentage of the requests served within a certain time (ms)
  50%     51
  66%     61
  75%     68
  80%     71
  90%     83
  95%     92
  98%    105
  99%    506
 100%   3405 (longest request)

设定缓存加速

复制代码 
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g;

server {
    listen 80;
    server_name lee.timinglee.org;
    location / {
        proxy_pass http://172.25.254.20:80;

    }

    location ~* \.(php|js)$ {
        proxy_pass http://172.25.254.10:80;
        proxy_cache proxycache;
        proxy_cache_key $request_uri;
        proxy_cache_valid 200 302 301 10m;
        proxy_cache_valid any 1m;
    }
}
[root@nginx ~]# systemctl restart nginx.service
[root@nginx ~]# tree  /usr/local/nginx/proxy_cache/
/usr/local/nginx/proxy_cache/

0 directories, 0 files

#测试
[root@test ~]# ab -n 10000 -c 50 lee.timinglee.org/index.php
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking lee.timinglee.org (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Completed 10000 requests
Finished 10000 requests


Server Software:        nginx/1.28.1
Server Hostname:        lee.timinglee.org
Server Port:            80

Document Path:          /index.php
Document Length:        72925 bytes

Concurrency Level:      50
Time taken for tests:   4.365 seconds
Complete requests:      10000
Failed requests:        0
Total transferred:      731110000 bytes
HTML transferred:       729250000 bytes
Requests per second:    2290.76 [#/sec] (mean)
Time per request:       21.827 [ms] (mean)
Time per request:       0.437 [ms] (mean, across all concurrent requests)
Transfer rate:          163554.31 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    4   1.8      4      11
Processing:     4   18  31.3     15     734
Waiting:        1    9  30.7      5     726
Total:          6   22  31.2     20     734

Percentage of the requests served within a certain time (ms)
  50%     20
  66%     21
  75%     21
  80%     22
  90%     27
  95%     32
  98%     41
  99%     46
 100%    734 (longest request)
[root@nginx ~]# tree  /usr/local/nginx/proxy_cache/
/usr/local/nginx/proxy_cache/
└── 1
    └── af
        └── 15
            └── e251273eb74a8ee3f661a7af00915af1

3 directories, 1 file

反向代理负载均衡

实验环境

复制代码 
172.25.254.100  #Nginx 代理服务器
172.25.254.10  #后端web A,Apache部署
172.25.254.20  #后端web B,Apache部署

实现负载均衡

复制代码 
[root@nginx ~]# mkdir  /usr/local/nginx/conf/upstream/
[root@nginx ~]# vim /usr/local/nginx/conf/nginx.conf
events {
    worker_connections  10000;
    use epoll;
    accept_mutex on;
    multi_accept on;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
	include "/usr/local/nginx/conf/upstream/*.conf";		#子配置目录
[root@nginx ~]# vim /usr/local/nginx/conf/upstream/loadbalance.conf
upstream webserver {
    server 172.25.254.10:80 weight=1 fail_timeout=15s max_fails=3;
    server 172.25.254.20:80 weight=1 fail_timeout=15s max_fails=3;
    server 172.25.254.100:8888 backup;

}
server {
    listen 80;
    server_name www.timinglee.org;

    location ~ / {
        proxy_pass http://webserver;
    }
}
[root@nginx ~]# mkdir  /webdir/timinglee.org/error/html -p
[root@nginx ~]# echo error > /webdir/timinglee.org/error/html/index.html
[root@nginx ~]# vim /usr/local/nginx/conf/conf.d/vhosts.conf
server {
    listen 8888;
    root /webdir/timinglee.org/error/html;
}

#测试
[root@nginx ~]# curl www.timinglee.org
172.25.254.10
[root@nginx ~]# curl www.timinglee.org
172.25.254.20
[root@nginx ~]# curl www.timinglee.org
172.25.254.10
[root@nginx ~]# curl www.timinglee.org
172.25.254.20
[root@nginx ~]# curl www.timinglee.org
172.25.254.20
[root@nginx ~]# curl www.timinglee.org
172.25.254.20
[root@RS1 ~]# systemctl stop httpd
[root@RS2 ~]# systemctl stop httpd
[root@nginx ~]# curl www.timinglee.org
error

Nginx负载均衡算法

复制代码 
[root@nginx ~]# vim /usr/local/nginx/conf/upstream/loadbalance.conf
[root@nginx ~]# curl  -b lee=20 www.timinglee.org
172.25.254.20
[root@nginx ~]# curl   www.timinglee.org/web1/index.html
172.25.254.20
[root@nginx ~]# curl   www.timinglee.org/
172.25.254.20
相关推荐
only_Klein2 小时前
Kubernetes-StatefulSet控制器
云原生·容器·kubernetes
RFG201210 小时前
20、详解Dubbo框架:消费方如何动态获取服务提供方地址?【微服务架构入门】
java·人工智能·后端·微服务·云原生·架构·dubbo
CCPC不拿奖不改名10 小时前
虚拟机基础:在VMware WorkStation上安装Linux为容器化部署打基础
linux·运维·服务器·人工智能·milvus·知识库搭建·容器化部署
fjh199711 小时前
记一次奇怪的ssh公钥登录失败的情况
运维·ssh
dinga1985102614 小时前
linux上redis升级
linux·运维·redis
hzc098765432114 小时前
Linux系统下安装配置 Nginx 超详细图文教程_linux安装nginx
linux·服务器·nginx
一条闲鱼_mytube14 小时前
Kubernetes Operator 原理与实践:从入门到实战
云原生·容器·kubernetes
匀泪14 小时前
云原生(nginx实验(2))
运维·nginx·云原生
RisunJan15 小时前
Linux命令-ltrace(用来跟踪进程调用库函数的情况)
linux·运维·服务器
热门推荐
01从零搭建一个 PHP 登录注册系统(含完整源码)02使用 1panel面板 部署 php网站03如何将 TRAE IDE 的插件市场源切换至 VS Code 官方市场04PHP Error: 常见错误及其解决方法05openClaw安装飞书插件|核心踩坑:spawn EINVAL 错误终极解决指南06GitHub 镜像站点07Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services08Android Studio Panda 1 正式版来了:JDK 终于不用手动配了,内存泄漏也有原生方案了09全面体验 Grok API 中转站(2025 · Grok 4 系列最新版)10HTB 赛季10 - Pterodactyl - user