一、作用
- 提高服务器处理能力
- 降低成本
- 提供冗余能力
二、分类
集群:一群完成相同工作的服务器。
- 负载均衡集群(Load Balance)
- 实现用户访问请求进行调度处理
- 实现访问压力负载分担
- 高可用集群
- 高性能运算集群
三、部署流程
step1 web服务器进行环境配置
[root@web01 /etc/nginx/conf.d]# vim bbs.conf
server {
listen 80;
server_name bbs.aspen.com;
location / {
root /var/html/bbs;
index index.html index.htm;
}
}
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# vim /var/html/bbs/index.html
Welcome to Nginx Provided by Web01.
Default Page.
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web02 /etc/nginx/conf.d]# vim bbs.conf
server {
listen 80;
server_name bbs.aspen.com;
location / {
root /var/html/bbs;
index index.html index.htm;
}
}
[root@web02 /etc/nginx/conf.d]# systemctl restart nginx.service
[root@web02 /etc/nginx/conf.d]# vim /var/html/bbs/index.html
Welcome to Nginx Provided by Web02.
Default Page.
[root@web03 ~]# vim /application/nginx-1.16.0/conf/conf.d/bbs.conf
server {
listen 80;
server_name bbs.aspen.com;
location / {
root /var/html/bbs;
index index.html index.htm;
}
}
[root@web03 ~]# vim /var/html/bbs/index.html
Welcome to Nginx Provided by Web03.
Default Page.
[root@web03 ~]# nginx -t
nginx: the configuration file /application/nginx-1.16.0/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.16.0/conf/nginx.conf test is successful
[root@web03 ~]# nginx -s reload
step2 测试负载均衡与web服务器间内网访问
[root@lb01 ~]# curl -H host:bbs.aspen.com 172.16.1.17
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 ~]# curl -H host:bbs.aspen.com 172.16.1.18
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 ~]# curl -H host:bbs.aspen.com 172.16.1.19
Welcome to Nginx Provided by Web03.
Default Page.
step3负载均衡部署配置
- 负载均衡模块(upstream)
负载均衡模块官方说明
upstream只能在http模块下使用;默认是轮询分配资源
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#proxy_next_upstream error timeout http_404;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web03.
Default Page.
示例
upstream backend {
server backend1.example.com weight=5;
server 127.0.0.1:8080 max_fails=3 fail_timeout=30s;
server unix:/tmp/backend3;server backup1.example.com backup;
}
1.weight(权重参数)
weight-按照权重值轮询分配资源
upstream aspen {
server 172.16.1.17:80 weight=3;
server 172.16.1.18:80 weight=2;
server 172.16.1.19:80 weight=1;
}
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
server 172.16.1.17:80 weight=3;
server 172.16.1.18:80 weight=2;
server 172.16.1.19:80 weight=1;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#proxy_next_upstream error timeout http_404;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
2.least_conn(按照节点连接数分配资源)
当存在大量并发访问时,才能测试该参数效果;
upstream aspen {
least_conn;
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80;
}
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
least_conn;
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#proxy_next_upstream error timeout http_404;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
3.ip hash(ip哈希)
IP哈希功能可以确保一个用户多次访问,负载均衡都负责分配给同一个Web结点,但是分配策略无法人工干预;
upstream aspen {
ip_hash;
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80;
}
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
ip_hash;
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#proxy_next_upstream error timeout http_404;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
4.max_fails && fail_timeout(健康检查功能)
健康检查功能服务默认开启
尝试连接最大失败次数
max_fails=次数
失败后超时时间
fail_timeout=时间upstream aspen {
server 172.16.1.17:80 max_fails=3 fail_timeout=60s;
server 172.16.1.18:80 max_fails=3 fail_timeout=60s;
server 172.16.1.19:80 max_fails=3 fail_timeout=60s;
}
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
server 172.16.1.17:80 max_fails=3 fail_timeout=60s;
server 172.16.1.18:80 max_fails=3 fail_timeout=60s;
server 172.16.1.19:80 max_fails=3 fail_timeout=60s;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#proxy_next_upstream error timeout http_404;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 ~]# systemctl stop nginx.service
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web03.
Default Page.
[root@web01 ~]# systemctl start nginx.service
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
5.backup(备份功能)
设为backup的web结点不会再被分发请求,只有该集群仅剩backup的web结点工作时,才向backup结点分配服务请求;
upstream aspen {
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80 backup;
}
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80 backup;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#proxy_next_upstream error timeout http_404;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
[root@web01 ~]# systemctl stop nginx.service
[root@web02 ~]# systemctl stop nginx.service
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web03.
Default Page.
6.down(关闭集群结点)
设为down的结点将不会再被分发请求,直到该结点被取消down;设为down的模块相当于被注释;
upstream aspen {
server 172.16.1.17:80;
#server 172.16.1.18:80;
server 172.16.1.19:80 down;
}
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
server 172.16.1.17:80;
#server 172.16.1.18:80;
server 172.16.1.19:80 down;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#proxy_next_upstream error timeout http_404;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 ~]# systemctl start nginx
[root@web02 ~]# systemctl start nginx.service
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web01.
Default Page.
- 反向代理模块(proxy_pass)
反向代理模块官方说明
反向代理指令
proxy_pass http://集群站点名称
设置请求头信息
proxy_set_header Host $host
检查网站页面是否正确
proxy_next_upstream 错误类型location / {
proxy_pass http://aspen;
proxy_set_header Host $host; #访问负载均衡可以根据请求url显示不同网站页面
proxy_set_header X-Forwarded-For $remote_addr; #使Web服务结点访问日志记录真实IP地址
proxy_next_upstream error timeout http_404; #web请求返回页面错误时,将请求发往其他web结点
}
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host; #访问负载均衡可以根据请求url显示不同网站页面
proxy_set_header X-Forwarded-For $remote_addr; #使Web服务结点访问日志记录真实IP地址
proxy_next_upstream error timeout http_404;
}
}
1. proxy_set_header Host $host;
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
server 10.0.0.17:80;
server 10.0.0.18:80;
server 10.0.0.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
WireShark抓取截图-HTTP.jpg
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
server 10.0.0.17:80;
server 10.0.0.18:80;
server 10.0.0.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
#proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
WireShark抓取截图-HTTP.jpg
2.proxy_set_header X-Forwarded-For $remote_addr;
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#proxy_next_upstream error timeout http_404;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 ~]# tail -f /var/log/nginx/access.log
172.16.1.15 - - [06/Aug/2019:20:41:54 +0800] "GET / HTTP/1.0" 200 50 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
#proxy_next_upstream error timeout http_404;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 ~]# tail -f /var/log/nginx/access.log
172.16.1.15 - - [06/Aug/2019:20:45:36 +0800] "GET / HTTP/1.0" 200 50 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" "10.0.0.1
3.proxy_next_upstream error timeout http_404;
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
#proxy_next_upstream error timeout http_404 http_403;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 ~]# mv /var/html/bbs/index.html{,.bak}
[root@web01 ~]# ls /var/html/bbs/
index.html.bak
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.16.0</center>
</body>
</html>
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.16.0</center>
</body>
</html>
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream aspen {
server 172.16.1.17:80;
server 172.16.1.18:80;
server 172.16.1.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_403;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web03.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web02.
Default Page.
[root@lb01 /etc/nginx/conf.d]# curl -H host:bbs.aspen.com 10.0.0.15
Welcome to Nginx Provided by Web03.
Default Page.
172.16.1.15 - - [06/Aug/2019:20:50:24 +0800] "GET / HTTP/1.0" 403 153 "-" "curl/7.29.0" "10.0.0.15"
172.16.1.15 - - [06/Aug/2019:20:50:30 +0800] "GET / HTTP/1.0" 403 153 "-" "curl/7.29.0" "10.0.0.15"
172.16.1.15 - - [06/Aug/2019:20:52:29 +0800] "GET / HTTP/1.0" 403 153 "-" "curl/7.29.0" "10.0.0.15"
step4 访问测试
四、企业应用
- 网站服务的动静分离
动静分离网站架构.jpg
step1 部署Web集群服务
[root@web01 ~]# cd /var/html/bbs/
[root@web01 /var/html/bbs]# ls
index.html
[root@web01 /var/html/bbs]# cat index.html
Welcome to Nginx Provided by Web01.
Default Page.
[root@web02 ~]# cd /var/html/bbs/
[root@web02 /var/html/bbs]# mkdir static
[root@web02 /var/html/bbs]# cp index.html ./static/
[root@web02 /var/html/bbs]# vim ./static/index.html
Welcome to Nginx Provided by Web02.
Static Page.
[root@web03 ~]# cd /var/html/bbs/
[root@web03 /var/html/bbs]# mkdir upload
[root@web03 /var/html/bbs]# cp ./index.html ./upload/
[root@web03 /var/html/bbs]# vim ./upload/index.html
Welcome to Nginx Provided by Web03.
Upload Page.
step2 编写负载均衡配置
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream default {
server 172.16.1.17:80;
}
upstream static{
server 172.16.1.18:80;
}
upstream upload {
server 172.16.1.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_403;
location / {
proxy_pass http://default;
}
location /static/ {
proxy_pass http://static;
}
location /upload/{
proxy_pass http://upload;
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
step3 验证
结果.jpg
-
根据客户端显示不同界面
基于客户端实现不同页面访问.jpg
step1 部署Web集群服务
[root@web01 /var/html/bbs]# cat index.html
Welcome to Nginx Provided by Web01.
Default Page.
[root@web02 /var/html/bbs]# vim ./index.html
Welcome to Nginx Provided by Web02.
Firefox Page.
[root@web03 /var/html/bbs]# vim ./index.html
Welcome to Nginx Provided by Web03.
Iphone Page.
step2 编写负载均衡配置
- 负载均衡模块详细说明
[root@lb01 /etc/nginx/conf.d]# vim bbs.conf
upstream default {
server 172.16.1.17:80;
}
upstream firefox {
server 172.16.1.18:80;
}
upstream iphone {
server 172.16.1.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404 http_403;
location / {
proxy_pass http://default;
if ($http_user_agent ~* Firefox) {
proxy_pass http://firefox;
}
if ($http_user_agent ~* iphone) {
proxy_pass http://iphone;
}
}
}
[root@lb01 /etc/nginx/conf.d]# systemctl restart nginx
step3 验证
结果.jpg
五、负载均衡HTTPs访问
step1 部署Web集群服务
[root@web01 ~]# vim /var/html/bbs/index.html
Welcome to Nginx Provided by Web01.
Default Page.
[root@web01 ~]# vim /etc/nginx/conf.d/bbs.conf
server {
listen 80;
server_name bbs.aspen.com;
location / {
root /var/html/bbs;
index index.html index.htm;
}
}
[root@web02 ~]# vim /var/html/bbs/index.html
Welcome to Nginx Provided by Web02.
Firefox Page.
[root@web02 ~]# vim /etc/nginx/conf.d/bbs.conf
server {
listen 80;
server_name bbs.aspen.com;
location / {
root /var/html/bbs;
index index.html index.htm;
}
}
[root@web03 ~]# vim /var/html/bbs/index.html
Welcome to Nginx Provided by Web03.
Iphone Page.
[root@web03 ~]# vim /application/nginx-1.16.0/conf/conf.d/bbs.conf
server {
listen 80;
server_name bbs.aspen.com;
location / {
root /var/html/bbs;
index index.html index.htm;
}
}
step2 模拟生成nginx负载均衡证书
[root@lb01 /etc/nginx/conf]# openssl genrsa -idea -out server.key 2048
Generating RSA private key, 2048 bit long modulus
...+++
........+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@lb01 /etc/nginx/conf]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Generating a 2048 bit RSA private key
.........................+++
.......+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:FT
Organization Name (eg, company) [Default Company Ltd]:Personal
Organizational Unit Name (eg, section) []:Aspen
Common Name (eg, your name or your server's hostname) []:Load_Balance01
Email Address []:34567@qq.com
step3 编写虚拟主机配置文件
[root@lb01 /etc/nginx/conf]# vim ../conf.d/bbs.conf
upstream aspen {
server 10.0.0.17:80;
server 10.0.0.18:80;
server 10.0.0.19:80;
}
server {
listen 80;
server_name bbs.aspen.com;
#return 301 https://$server_name/;
rewrite (.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name bbs.aspen.com;
ssl_certificate /etc/nginx/conf/server.crt;
ssl_certificate_key /etc/nginx/conf/server.key;
location / {
proxy_pass http://aspen;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_next_upstream error timeout http_404;
}
}
[root@lb01 /etc/nginx/conf]#
[root@lb01 /etc/nginx/conf]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 /etc/nginx/conf]# systemctl restart nginx
step4 验证
结果.jpg
附:思维导图
Nginx 负载均衡与反向代理.jpg
网友评论