nginx有着优秀的代理性能,很多情况下,nginx常常被充当反向代理服务器负载后端应用web构建起一个高性能高可用的web集群(淘宝tengix ,京东的nginx集群都使用到了nginx反向代理功能),接下来给大家讲解Linux平台部署nginx反向代理实例。
【本文档所介绍的内容适用于公司测试/生产等常见的nginx反向代理应用】
一. 场景需求
现有两台server 需要通过nginx的反向代理功能实现后端web server(已安装好http服务)提供对外访问,即客户通过访问nginx进而访问到后端web server http应用
二 .应用拓扑架构
二. 部署步骤
【nginx 反向代理部署步骤】
1. nginx环境部署前准备:
1.1相关软件以及系统
系统要求:Centos 6.0以上 (64位)
相关中间件:Nginx: 1.6.0 以上(包含1.6.0)
1.2相关系统依赖包安装检查准备
1.2.1 检查系统自带httpd,mysql是否安装
# rpm -qa | grep nginx
如有安装,请使用以下命令卸载相关程序
# yum remove nginx
2. 编译安装Nginx
在正式编译httpd时,首先需要下载Nginx以及安装编译nginx需要的依赖包
这里版本以1.6.3为例
2.1安装编译nginx需要的依赖包(默认包放在/root目录下,包统一解压到/usr/local/src)
# yum install gcc openssl-devel pcre-devel zlib-devel -y
2.2下载nginx并添加运行nginx服务账号(默认包放在/root目录下,包统一解压到/usr/local/src)
# wget http://nginx.org/download/nginx-1.6.3.tar.gz # groupadd -r nginx # useradd -r -g nginx -s /bin/false -M nginx
2.3 编译安装nginx
# cd ~
# tar -zxf /root/nginx-1.6.3.tar.gz -C /usr/local/src
# cd /usr/local/src/nginx-1.6.3
# ./configure \
--prefix=/usr/local/nginx \
--sbin-path=/usr/local/nginx/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=nignx \
--group=nginx \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--http-client-body-temp-path=/var/tmp/nginx/client/ \
--http-proxy-temp-path=/var/tmp/nginx/proxy/ \
--http-fastcgi-temp-path=/var/tmp/nginx/fastcgi/ \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi/ \
--http-scgi-temp-path=/var/tmp/nginx/scgi/ \
--with-pcre
# make && make install
2.4 创建nginx相关缓存存放的目录以及启动服务脚本
2.4.1 创建nginx相关缓存存放的目录
mkdir -p /var/tmp/nginx
2.4.2 创建nginx服务启动脚本并赋予执行权限
vim /etc/init.d/nginx
内容如下:
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
lockfile=/var/lock/nginx.lock
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-
reload|configtest}"
exit 2
esac2.5 参考以下模板修改nginx主配置文件nginx.conf,如下所示
#user nobody;
user nginx ;
worker_processes auto;
#worker_cpu_affinity 00000001 00000010 00000100 00001000
worker_rlimit_nofile 65535;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
use epoll;
worker_connections 65535;
multi_accept on
}
http {
include mime.types;
include /etc/nginx/web.conf;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
# {nginx global setting}
charset utf-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 1M;
# client_body_timeout 15;
# client_header_timeout 15;
# send_timeout 15;
large_client_header_buffers 4 128k;
client_max_body_size 2000m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60;
reset_timedout_connection on;
# {fastcgi setting}
fastcgi_cache_path /var/tmp/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10m
inactive=5m max_size=10g;
fastcgi_connect_timeout 90;
fastcgi_send_timeout 60;
fastcgi_read_timeout 60;
fastcgi_buffer_size 64k;
fastcgi_buffers 8 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
# fastcgi_temp_path /usr/local/nginx/ngx_fastcgi_tmp
# {file setting}
open_file_cache max=204800 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
# open_file_cache_errors on;
# {gzip setting}
gzip on;
# gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1k;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml
application/xml application/xml+rss text/javascript;
# {proxy setting}
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 200;
proxy_read_timeout 200;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
# 注:述上部分根据自己的需求来选择,如只需要nginx支持php解析,选择fastcgi那部分即可,如不需要对php解析支持,注释掉即可;如nginx单独作为反向代理server时,只选择proxy setting即可。 必要的部分有:gzip setting; file setting; nginx global setting 根据应用需求来选择就行
#access_log logs/access.log main;
# sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
# keepalive_timeout 65;
#gzip on;
# server {
# listen 80;
# server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
# location / {
# root html;
# index index.html index.htm;
# }
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root html;
# }
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
# }
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}2.6 新建一个web站点模板(vim /etc/nginx/web.conf)配置反向代理,内容如下:
server {
listen 80 default backlog=65535;
server_name localhost;
root /usr/local/www;
index index.php index.html ;
# {nginx proxy configure}
location / {
proxy_pass http://192.168.100.10 # //这里填写后端web server 访问地址(本文档中后 端web server应用访问URL信息为:http://192.168.100.10)
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503
http_504;
}
# {fastcgi configure}
# location ~ \.php$ {
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_split_path_info ^(.+\.php)(.*)$;
# fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# include fastcgi_params;
# fastcgi_cache cache;
# fastcgi_cache_valid 200 302 1h;
# fastcgi_cache_valid any 1m;
# fastcgi_cache_min_uses 1;
# fastcgi_cache_use_stale error timeout invalid_header http_500 http_503 http_404;
# fastcgi_cache_key "$request_method://$host$request_uri";
# }
}注:述上注释的部分根据自己的需求来选择,如需要nginx支持php解析,去掉注释即可
2.7 检查nginx配置是否正确并启动nginx服务
2.7.1检查nginx配置文件是否有问题
# /usr/local/nginx/sbin/nginx -t 如出现以下信息说明配置无误 nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
2.7.2 启动nginx服务并加入开机自启动服务中
# chmod o=rwx /etc/init.d/nginx //赋予ngin启动脚本执行权限 # service nginx start # chkconfig --add nginx # chkconfig --level 2345 nginx on
到这里nginx proxy server部署就完成了
3. 验证
首先要知道nginx侦听的是80端口,后端webserver业务应用访问主页为Apache主页,所以如果nginx代理成功的,输入:http://proxy server的IP 访问应该是后端web server(即Apache的页面),如下所示(本文档中serverIP为:192.168.100.11):
若代理失败应该nginx报502错误:“bad gateway”!
