nginx有着优秀的代理性能,很多情况下,nginx常常被充当反向代理服务器负载后端应用web构建起一个高性能高可用的web集群(淘宝tengix ,京东的nginx集群都使用到了nginx反向代理功能),接下来给大家讲解Linux平台部署nginx反向代理实例。
【本文档所介绍的内容适用于公司测试/生产等常见的nginx反向代理应用】
一. 场景需求
现有两台server 需要通过nginx的反向代理功能实现后端web server(已安装好http服务)提供对外访问,即客户通过访问nginx进而访问到后端web server http应用
二 .应用拓扑架构
二. 部署步骤
【nginx 反向代理部署步骤】
1. nginx环境部署前准备:
1.1相关软件以及系统
系统要求:Centos 6.0以上 (64位)
相关中间件:Nginx: 1.6.0 以上(包含1.6.0)
1.2相关系统依赖包安装检查准备
1.2.1 检查系统自带httpd,mysql是否安装
# rpm -qa | grep nginx
如有安装,请使用以下命令卸载相关程序
# yum remove nginx
2. 编译安装Nginx
在正式编译httpd时,首先需要下载Nginx以及安装编译nginx需要的依赖包
这里版本以1.6.3为例
2.1安装编译nginx需要的依赖包(默认包放在/root目录下,包统一解压到/usr/local/src)
# yum install gcc openssl-devel pcre-devel zlib-devel -y
2.2下载nginx并添加运行nginx服务账号(默认包放在/root目录下,包统一解压到/usr/local/src)
# wget http://nginx.org/download/nginx-1.6.3.tar.gz # groupadd -r nginx # useradd -r -g nginx -s /bin/false -M nginx
2.3 编译安装nginx
# cd ~
# tar -zxf /root/nginx-1.6.3.tar.gz -C /usr/local/src
# cd /usr/local/src/nginx-1.6.3
# ./configure \
--prefix=/usr/local/nginx \
--sbin-path=/usr/local/nginx/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=nignx \
--group=nginx \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--http-client-body-temp-path=/var/tmp/nginx/client/ \
--http-proxy-temp-path=/var/tmp/nginx/proxy/ \
--http-fastcgi-temp-path=/var/tmp/nginx/fastcgi/ \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi/ \
--http-scgi-temp-path=/var/tmp/nginx/scgi/ \
--with-pcre
# make && make install
2.4 创建nginx相关缓存存放的目录以及启动服务脚本
2.4.1 创建nginx相关缓存存放的目录
mkdir -p /var/tmp/nginx
2.4.2 创建nginx服务启动脚本并赋予执行权限
vim /etc/init.d/nginx 内容如下: #!/bin/sh # # nginx - this script starts and stops the nginx daemin # # chkconfig: - 85 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # processname: nginx # config: /usr/local/nginx/conf/nginx.conf # pidfile: /usr/local/nginx/logs/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 nginx="/usr/local/nginx/sbin/nginx" prog=$(basename $nginx) NGINX_CONF_FILE="/etc/nginx/nginx.conf" lockfile=/var/lock/nginx.lock start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest || return $? stop start } reload() { configtest || return $? echo -n $"Reloading $prog: " killproc $nginx -HUP RETVAL=$? echo } force_reload() { restart } configtest() { $nginx -t -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force- reload|configtest}" exit 2 esac
2.5 参考以下模板修改nginx主配置文件nginx.conf,如下所示
#user nobody; user nginx ; worker_processes auto; #worker_cpu_affinity 00000001 00000010 00000100 00001000 worker_rlimit_nofile 65535; #error_log logs/error.log info; #pid logs/nginx.pid; events { use epoll; worker_connections 65535; multi_accept on } http { include mime.types; include /etc/nginx/web.conf; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; # {nginx global setting} charset utf-8; server_names_hash_bucket_size 128; client_header_buffer_size 1M; # client_body_timeout 15; # client_header_timeout 15; # send_timeout 15; large_client_header_buffers 4 128k; client_max_body_size 2000m; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 60; reset_timedout_connection on; # {fastcgi setting} fastcgi_cache_path /var/tmp/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m max_size=10g; fastcgi_connect_timeout 90; fastcgi_send_timeout 60; fastcgi_read_timeout 60; fastcgi_buffer_size 64k; fastcgi_buffers 8 128k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; # fastcgi_temp_path /usr/local/nginx/ngx_fastcgi_tmp # {file setting} open_file_cache max=204800 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; # open_file_cache_errors on; # {gzip setting} gzip on; # gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_min_length 1k; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; # {proxy setting} proxy_max_temp_file_size 0; proxy_connect_timeout 90; proxy_send_timeout 200; proxy_read_timeout 200; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; # 注:述上部分根据自己的需求来选择,如只需要nginx支持php解析,选择fastcgi那部分即可,如不需要对php解析支持,注释掉即可;如nginx单独作为反向代理server时,只选择proxy setting即可。 必要的部分有:gzip setting; file setting; nginx global setting 根据应用需求来选择就行 #access_log logs/access.log main; # sendfile on; #tcp_nopush on; #keepalive_timeout 0; # keepalive_timeout 65; #gzip on; # server { # listen 80; # server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; # location / { # root html; # index index.html index.htm; # } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # root html; # } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} # } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
2.6 新建一个web站点模板(vim /etc/nginx/web.conf)配置反向代理,内容如下:
server { listen 80 default backlog=65535; server_name localhost; root /usr/local/www; index index.php index.html ; # {nginx proxy configure} location / { proxy_pass http://192.168.100.10 # //这里填写后端web server 访问地址(本文档中后 端web server应用访问URL信息为:http://192.168.100.10) proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; } # {fastcgi configure} # location ~ \.php$ { # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_split_path_info ^(.+\.php)(.*)$; # fastcgi_param PATH_INFO $fastcgi_path_info; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # include fastcgi_params; # fastcgi_cache cache; # fastcgi_cache_valid 200 302 1h; # fastcgi_cache_valid any 1m; # fastcgi_cache_min_uses 1; # fastcgi_cache_use_stale error timeout invalid_header http_500 http_503 http_404; # fastcgi_cache_key "$request_method://$host$request_uri"; # } }
注:述上注释的部分根据自己的需求来选择,如需要nginx支持php解析,去掉注释即可
2.7 检查nginx配置是否正确并启动nginx服务
2.7.1检查nginx配置文件是否有问题
# /usr/local/nginx/sbin/nginx -t 如出现以下信息说明配置无误 nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
2.7.2 启动nginx服务并加入开机自启动服务中
# chmod o=rwx /etc/init.d/nginx //赋予ngin启动脚本执行权限 # service nginx start # chkconfig --add nginx # chkconfig --level 2345 nginx on
到这里nginx proxy server部署就完成了
3. 验证
首先要知道nginx侦听的是80端口,后端webserver业务应用访问主页为Apache主页,所以如果nginx代理成功的,输入:http://proxy server的IP 访问应该是后端web server(即Apache的页面),如下所示(本文档中serverIP为:192.168.100.11):
若代理失败应该nginx报502错误:“bad gateway”!