首页 > 系统相关 >Nginx配置反向代理实例及Keepalived主从切换

Nginx配置反向代理实例及Keepalived主从切换

时间:2024-01-19 10:33:27浏览次数:29  
标签:http 144144.168 nginx xxx Keepalived Nginx conf 主从 log

概述

工作中经常需要帮同事配置反向代理,反向代理的使用场景一般为办公网跨网访问生产网应用资源。今天简单记录下操作步骤,以备之后查阅。

NGX配置

nginx的配置一般放置在 /etc/nginx/nginx.conf下,可以使用whereis nginx查看nginx的具体位置

 [root@NGXapp01 ~]# whereis nginx
nginx: /usr/sbin/nginx /usr/lib64/nginx /etc/nginx /usr/local/nginx.bak /usr/share/nginx /usr/share/man/man3/nginx.3pm.gz /usr/share/man/man8/nginx.8.gz

sbin下代表nginx可执行程序
etc/nginx下有nginx.conf配置文件
usr/share下有html文件夹,可配置nginx的静态资源/页面

简单 查看下nginx.conf文件配置

144144.163: [root@NGXapp01 ~]# cat /etc/nginx/nginx.conf
144144.168: # For more information on configuration, see:
144144.168: #   * Official English Documentation: http://nginx.org/en/docs/
144144.168: #   * Official Russian Documentation: http://nginx.org/ru/docs/
144144.168: 
144144.168: user nginx;
144144.168: worker_processes auto;
144144.168: error_log /var/log/nginx/error.log;
144144.168: pid /run/nginx.pid;
144144.168: 
144144.168: # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
144144.168: include /usr/share/nginx/modules/*.conf;
144144.168: worker_rlimit_nofile 50000;
144144.168: events {
144144.168:     worker_connections 50000;
144144.168: }
144144.168: stream {
144144.168:         log_format  stream  '$remote_addr - [$time_local] $status $bytes_received $bytes_received $hostname $msec';
144144.168:         include /app/xxxxx/conf.d/stream/*.conf;
144144.168: }
144144.168: http {
144144.168:     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
144144.168:                       '$status $body_bytes_sent "$http_referer" '
144144.168:                       '"$http_user_agent" "$http_x_forwarded_for"';
144144.168: 
144144.168:     access_log  /var/log/nginx/access.log  main;
144144.168:     client_max_body_size 1024M; 
144144.168: 
144144.168:     sendfile            on;
144144.168:     tcp_nopush          on;
144144.168:     tcp_nodelay         on;
144144.168:     keepalive_timeout   65;
144144.168:     types_hash_max_size 2048;
144144.168:     server_names_hash_bucket_size 128;
144144.168:     underscores_in_headers on;
144144.168: 
144144.168: 
144144.168:     default_type        application/octet-stream;
144144.168:     include             /etc/nginx/mime.types;
144144.168: 
144144.173:     # Load modular configuration files from the /etc/nginx/conf.d directory.
144144.173:     # See http://nginx.org/en/docs/ngx_core_module.html#include
144144.173:     # for more information.
144144.173:     include /etc/nginx/conf.d/*.conf;
144144.173:     include /app/xxxxxx/xxx/conf.d/http/*.conf;
144144.173:     include /app/xxxxxx/xxx/conf.d/https/*.conf;
144144.173: 
144144.173: 
144144.173: }

从配置文件可以看出,关于http、https和Stream的反向代理配置主要放置在
/app/xxxxx/xxxx/conf.d/http/.conf;
/app/xxxxx/xxxx/conf.d/https/.conf;
/app/xxxxxx/xxxx/conf.d/stream/*.conf;
stream主要是用来对TCP/UDP进行反向代理和负载均衡的。

Http及Https反向代理配置

进入/app/ngx/xxx/conf.d/http/,可以看到有许多http配置,拿一个http配置举例供大家参考

144622.340: [root@NGXapp01 stream]# cat ../http/xxxxx.conf
144622.345: 
144622.345: upstream backserver {
144622.345:     ip_hash;   
144622.345:     server xxx.xxx.xxx.xxx:8080 ;
144622.345:     server xxx.xxx.xxx.xxx:8080 ;
144622.345: }
144622.345: server {
144622.345:     listen       80 ;
144622.345:     server_name  xxx. xxx.com;
144622.345:     access_log  /app/xxxx/xxx/log/http/xxx/access.log  main;
144622.345:     error_log /app/xxx/xxx/log/http/xxx/error.log;
144622.345:     
144622.345: 
144622.345:     location / {
144622.350:         proxy_pass http://backserver;
144622.350:         proxy_redirect     off;
144622.350:         proxy_set_header   Host $host:$server_port;
144622.350:         proxy_set_header X-Real-IP $remote_addr;
144622.350:         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
144622.350:     }
144622.350: }
  • upstream backserver 是用来做负载均衡 location这里引用了backupserver的两台服务器
  • server 用来注明NGX服务器监听的地址,Servername可以是域名也可以是具体的IP,这里是监听的域名80端口
144648.905: [root@NGXapp01 stream]# cat ../http/xxxxx.conf
144648.905: 
144648.905: server {
144648.905:     listen       80 ;
144648.905:     server_name  xxx.com;
144648.905:     access_log  /app/xxxx/xxx/log/http/xxxx/access.log  main;
144648.905:     error_log /app/xxxx/xxx/log/http/xxxx/error.log;
144648.905:     
144648.905: 
144648.905:     location / {
144648.905:         proxy_pass http://xxx.xxx.xxx.xxx:70;
144648.905:         proxy_redirect     off;
144648.910:         proxy_set_header   Host $host:$server_port;
144648.910:         proxy_set_header X-Real-IP $remote_addr;
144648.910:         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
144648.910:     }
144648.910: }
  • server是监听的地址 servername可以是ip地址或者域名
  • locattion是nginx转发的地址

修改配置

一般来说,以上配置对于简单的日常使用就够了,以ngx所在用户根据需求修改好自己的配置,保存后需要进行如下操作

su - root
nginx -t # 检测配置文件是否正常
nginx -s reload # 热刷新,不重启应用的情况下将配置读取到内存

keepalived主从切换,用来针对某节点配置是否正常

由于NGX是主从架构,因此 server 模块中的server name 最好使用keepalived的虚拟地址,申请域名解析的时候最好也将域名指向虚拟地址。
以下提供仅申请了一台NGX服务器的地址域名解析,或仅指向其中一台IP地址的情况下,用来测试配置是否成功的情况。

ip a  # 查看谁是keepalived的主节点,若申请的主节点的访问策略,无需对keepalived进行操作,仅测试这台主节点转发配置是否生效
# 如果配置的是从节点的反向代理,那么需要测试从节点反向代理配置是否生效
# 在主节点执行以下操作,主节点关闭后,虚拟地址自动漂移到从节点。
systemctl stop keepalived

标签:http,144144.168,nginx,xxx,Keepalived,Nginx,conf,主从,log
From: https://www.cnblogs.com/AllenWongFly/p/17974084

相关文章

  • Nginx基础配置详解(main、events、http、server、location)
    Nginx基础配置详解(main、events、http、server、location):https://blog.csdn.net/weixin_43834401/article/details/130562289?ops_request_misc=&request_id=&biz_id=102&utm_term=nginx%20server%20%E7%9A%84%E6%A0%B9%E7%9B%AE%E5%BD%95&utm_medium=distribute.pc_......
  • lvs+nginx
    参考:https://www.cnblogs.com/KL2016/p/16159864.html在流量抵达的最外层通常会选择使用LVS作为负载服务器,LVS是一种基于四层负载的高性能服务器,它的内部只会对外界的数据包进行分发处理,通常一台高性能的LVS机器就能支持百万的并发连接。为了保证LVS的高可用,通常LVS会部署多......
  • 安裝配置nginx所遇到的問題匯總;
    1安裝Yum安装Nginx1、配置Centos7NginxYum源仓库rpm-Uvhhttp://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm2、安装Nginxyuminstallnginx-y3、启动Nginx,并设置开启自启动systemctlstartnginxsystemctlenablenginx4......
  • 使用k8s部署nginx文件服务器
    需要使用nginx部署一个外网文件服务器使用k8s部署本次需要把一个apk文件映射到外网前提条件部署好的k8s集群部署好的存储集群(glusterfs,NFS)k8s的yaml配置文件deployment文件使用以下命令生成再修改#kubectlrunapk-nginx--image=192.168.3.61/foundation/nginx--......
  • nginx的几个默认路径
    nginx的几个默认路径:https://blog.csdn.net/Mrzhang567/article/details/122248988?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522170555854916800188566783%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fall.%2522%257D&request_id=17055585491680......
  • 19、nginx中location语法
    1.概述在实际应用中,权限控制的需求更加复杂。例如,对于网站下的img目录允许所有用户访问,但对于网站下的admin目录则仅允许管理员身份的用户访问。此时,仅靠deny和allow这两个权限指令不能满足用户的需求,还需要使用location块来完成相关需求的匹配。2.location语法location......
  • 18、nginx访问控制
    1.权限控制指令Nginx中提供了两个用于配置访问权限控制的指令,分别为allow和deny。allow用于设置允许访问的权限deny用于设置禁止访问的权限。在使用时,权限指令后只需跟上允许或禁止的IP、IP段或all即可。其中all表示所有的。单个IP指定作用范围最小,all指定作用范围最......
  • Nginx 限制url访问图片资源文件
    nginx配置 location^~/uploads/{//图片文件路径valid_referersblockedwww.baidu.com;//允许访问的域名if($invalid_referer){#rewrite^/http://www.hugwww.com/daolian.gif;retur......
  • 使用nginx代理emqx的TCP、WS、WSS连接请求
    项目代理关系: 注:主机上已存在名为:nginx-proxy的一级nginx的代理,将监听了主机的80、443端口docker-compose.ymlversion:"3.7"services:emqx:image:emqx/emqx:4.4.18restart:unless-stoppedcontainer_name:emqxenvironment:EMQX_ADMI......
  • Docker初级:Docker安装部署Nginx、Tomcat
    Docker初级:Docker安装部署Nginx、Tomcat:https://blog.csdn.net/Zp_insist/article/details/127636875?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522170548607116800188590783%2522%252C%2522scm%2522%253A%252220140713.130102334..%2522%257D&request_id=170548......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99