美文网首页
架构师-反向代理学习笔记

架构师-反向代理学习笔记

作者: drfung | 来源:发表于2017-08-24 08:30 被阅读113次

基础知识学习

学习网络:ccietea.com

CCNA链接:http://pan.baidu.com/s/1c1Beq2k 密码:r1h4

CCNP链接:http://pan.baidu.com/s/1cissay 密码:ksb4

lvs视频

基于代理的负载均衡

  • 正向代理
  • 反向代理

unix网络编程:http://download.csdn.net/download/xumaojun/4680440

1.Apache反向代理

1.1 概述

代理模块 - mod_proxy

http://httpd.apache.org/

1.2 Apache源码安装

yum install -y apr-devel apr-util-devel pcre-devel openssl-devel
cd /usr/local/src
wget http://centos.ustc.edu.cn/apache/httpd/httpd-2.4.27.tar.gz
tar zxf httpd-2.4.27.tar.gz
cd httpd-2.4.27
./configure --prefix=/usr/local/httpd-2.4.27 --enable-so --enable-modules="all"
make && make install
ln -s /usr/local/httpd-2.4.27/ /usr/local/httpd

## 验证
/usr/local/httpd/bin/apachectl -t

## 启动
/usr/local/httpd/bin/apachectl -k start

1.3 用nginx配置backend

linux-node1(Listen 8080)

yum install nginx -y
echo linux-node1 > /usr/share/nginx/html/index.html
systemctl start nginx

linux-node2(Listen 8080)

yum install nginx -y
echo linux-node1 > /usr/share/nginx/html/index.html
systemctl start nginx

1.4 Apache反向代理配置

http://httpd.apache.org/docs/2.4/mod/mod_proxy.html

vim /usr/local/httpd/conf/extra/httpd-proxy.conf

#proxy demo
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
ProxyRequests off
<Proxy balancer://mycluster>
BalancerMember http://192.168.57.100:8080
BalancerMember http://192.168.57.200:8080
</Proxy>
ProxyPass /demo balancer://mycluster
ProxyPassReverse /demo balancer://mycluster 
<location /manager>
    SetHandler balancer-manager
    Order Deny,Allow
    Allow from all
</Location>

vim /usr/local/httpd/conf/httpd.conf

Include conf/extra/httpd-proxy.conf

1.5 虚拟主机配置

vim /usr/local/httpd/conf/httpd-proxy.conf

#proxy demo
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
ProxyRequests off
<Proxy balancer://mycluster>
BalancerMember http://192.168.57.100:8080
BalancerMember http://192.168.57.200:8080
</Porxy>
<location /manager>
    SetHandler balancer-manager
    Order Deny,Allow
    Allow from all
</Location>
<VirtualHost *:80>
    ServerAdmin webmaster@fbo.com
    DocumentRoot "/opt"
    ServerName www.fbo.com
    ServerAlias fbo.com
    ErrorLog "logs/www.fbo.com-error_log"
    CustomLog "logs/www.fbo.com-access_log" common
    ProxyPass / balancer://mycluster
    ProxyPassReverse / balancer://mycluster
</VirtualHost>

2. Nginx 反向代理

商业版: https://www.nginx.com/

官网: http://nginx.org/

流媒体:

  • red5 rtmp协议
  • wms fms

2.1 源码安装nginx

yum install pcre-devel openssl-devel -y
useradd -s /sbin/nologin -M www
wget http://nginx.org/download/nginx-1.9.12.tar.gz
tar zxf nginx-1.9.12.tar.gz
cd nginx-1.9.12
./configure --prefix=/usr/local/nginx-1.9.12 \
--usr=www --group=www --with-http_ssl_module \
--with-http_stub_status_module --with-file-aio
make && make install
ln -s /usr/local/nginx-1.9.12/ /usr/local/nginx

2.2 配置nginx反向代理

使用http upstream 模块
http://nginx.org/en/docs/http/ngx_http_upstream_module.html

vim /usr/local/nginx/conf/nginx.conf

  • 修改server_name
server_name  www.fbo.com;
  • 在httpd下添加
upstream backend {
    ip_hash;
    server 192.168.57.100:8080 weight=1 max_fails=3 fail_timeout=30s;
    server 192.168.57.200:8080 weight=2 max_fails=3 fail_timeout=30s;
}
  • 在server下location添加
proxy_pass http://backend;

2.3 nginx tcp反向代理

使用"ngx_stream_core_module"模块,需要在编译的时候加上'--with-stream'参数

参考配置http://nginx.org/en/docs/stream/ngx_stream_core_module.html

"vim /usr/local/nginx/conf/nginx.conf"

stream {
    upstream tcp_proxy {
        hash $remote_addr consistent;
        server 192.168.57.200:22;
    }
    server {
        listen 2222;
        proxy_connect_timeout 1s;
        proxy_timeout 3s;
        proxy_pass tcp_proxy;
    }
}

3. Haproxy 反向代理

www.haproxy.com

www.haproxy.org

  • 高性能tcp和http代理
  • 丰富的调度算法
  • 多种类的回话保持
  • 单进程5w-6w并发
  • 支持多平台

nginx:

  • 优点:
    1. Web服务器,比较广泛
    2. 7层,location设置复杂的基于HTTP的负载均衡
    3. 性能强大,网络依赖小。
    4. 安装配置简单
  • 缺点:
    1. 健康检查单一
    2. 负载均衡算法少
    3. 不能动态管理
    4. 没有upstream的转台页面

haproxy:

  • 优点:
    1. 专门做反向代理负载均衡
    2. 负载均衡算法 》= 8
    3. 性能 >= Nginx
    4. 支持动态管理 通过和haproxy的sock进行通信,可以进行管理
    5. 比较丰富的dashboard
    6. 比较强大的七层功能
  • 缺点:
    1. 配置没有Nginx简单

3.1 源码安装haproxy

cd /usr/local/src
wget http://www.haproxy.org/download/1.6/src/haproxy-1.6.3.tar.gz
tar zxf haproxy-1.6.3.tar.gz
cd haproxy-1.6.3
make TARGET=linux2628 PREFIX=/usr/local/haproxy-1.6.3
make install
cp /usr/local/sbin/haproxy /usr/sbin/
haproxy -v

## 启动脚本
cd /usr/local/src/haproxy-1.6.3
cp examples/haproxy.init /etc/init.d/haproxy
chmod 755 /etc/init.d/haproxy

## Haproxy配置文件
useradd -r haproxy
mkdir /etc/haproxy
mkdir /var/lib/haproxy
mkdir /var/run/haproxy

3.2 Haproxy配置

vim /etc/rsyslog.conf

$Modload imudp
$UDPServerRun 514

local3.*    /var/log/haproxy.log

systemctl restart rsyslog

配置文件“/etc/haproxy/haproxy.cfg”

global
    log 127.0.0.1 local3 info
    chroot /var/lib/haproxy
    user    haproxy
    group   haproxy
    daemon
    
defaults
    log global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 5000
    timeout client 50000
    timeout server  50000

frontend www_fbo_com
    bind *:80
    stats uri /haproxy?stats
    default_backend www_fbo_com_backend
    
backend www_fbo_com_backend
    # source cookie SERVERID
    option httpchk GET /index.html
    option httpchk GET hehe
    balance roundrobin
    server linux-node1 192.168.57.100:8080 check inter 2000 rise 3 fall 3 weight 1
    server linux-node2 192.168.57.200:8080 check inter 2000 rise 3 fall 3 weight 1

访问http://192.168.57.111/haproxy?stats(监控dashboard)

3.3 Haproxy配置虚拟主机

通过acl来实现虚拟主机配置“vim /etc/haproxy/haproxy.cfg”

global
    log 127.0.0.1 local3 info
    chroot /var/lib/haproxy
    user    haproxy
    group   haproxy
    daemon
    
defaults
    log global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 5000
    timeout client 50000
    timeout server  50000

frontend www_fbo_com
    bind *:80
    stats uri /haproxy?stats
    default_backend www_fbo_com_backend
    acl is_other_fbo_com_backend(host) other.fbo.com
    use_backend other_fbo_com_backend if is_other_fbo_com_backend
    
backend www_fbo_com_backend
    # source cookie SERVERID
    option httpchk GET /index.html
    option httpchk GET hehe
    balance roundrobin
    server linux-node1 192.168.57.100:8080 check inter 2000 rise 3 fall 3 weight 1

backend other_fbo_com_backend
    # source cookie SERVERID
    option httpchk GET /index.html
    option httpchk GET hehe
    balance roundrobin
    server linux-node2 192.168.57.200:8080 check inter 2000 rise 3 fall 3 weight 1

3.4 Haproxy 在线维护

打开在线管理功能

“vim /etc/haproxy/haproxy.cfg”,在global下添加

stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
stats timeout 2m

安装socat工具yum install socat -y

echo "help" | socat stdio /var/lib/haproxy/haproxy.sock
echo "show info" | socat stdio /var/lib/haproxy/haproxy.sock
echo "disable server www_fbo_com_backend/linux-node1" | socat stdio /var/lib/haproxy/haproxy.sock
echo "enable server www_fbo_com_backend/linux-node1" | socat stdio /var/lib/haproxy/haproxy.sock

调优

cat /proc/sys/net/ipv4/ip_local_port_range
cat /proc/sys/net/ipv4/tcp_tw_reuse
cat /proc/sys/net/ipv4/tcp_fin_timeout

4. 常见面试知识点

  1. apache mpm模块 http://httpd.apache.org/docs/2.4/mpm.html
  2. nginx 指南 http://vdisk.weibo.com/s/toebebjFlW
  3. nginx 优化 http://blog.csdn.net/moxiaomomo/article/details/19442737
  4. nginx 对后端长连接

5. 压力测试

  1. apache打开状态监控 https://www.unixhot.com/article/17
  2. 吞吐率 reqs/s 响应时间
  3. 压力测试: ab
  4. 前置条件: 支持多少用户,支持多少访问,支持多少并发
  5. 约定: 用户-请求,测试多次的平均值,LR(场景 资源), 请求多少次, 并发多少
  6. 安装ab工具,yum install httpd-tools -y
  7. ab -n 1000 -c100 http://192.168.57.100:8080/
  8. webbench工具
  9. io测试yum install sysstat -y
  10. strace -p <pid>

相关文章

网友评论

      本文标题:架构师-反向代理学习笔记

      本文链接:https://www.haomeiwen.com/subject/agssdxtx.html